Hi Everyone,
I'd appreciate any help on this:
I'm ingesting a TI feed from Anomali into the SIEM. The IOCs from that feed show up in the Alerts & IOCs - IOC Matches screen. Those raw logs won't parse because the raw log has too many UDM events.
How can I match those IOCs to to trigger alerts if they're not parsed to UDM?
TIA
Sam