Hi Everyone,

I'd appreciate any help on this:

I'm ingesting a TI feed from Anomali into the SIEM. The IOCs from that feed show up in the Alerts & IOCs - IOC Matches screen. Those raw logs won't parse because the raw log has too many UDM events. 

How can I match those IOCs to to trigger alerts if they're not parsed to UDM?

TIA

Sam