hello team
could you please help me with below
If I run the search below, I was expecting to see all malicious user emails reported by GTI. However, I’m not seeing any results, even when querying data from the past year.
I am able to retrieve some malicious IPs when using entity_type = "IP_ADDRESS", but the count is relatively low (around 50). I was expecting a significantly larger number of results.
while working on an another secops instance i was not even about to query globalcontext on search
Has anyone experienced something similar or can confirm whether this behavior is
could you please help me here as i am looking to match for email artifacts with gcti like ip , domain , sender email , hash etc
if i need to match all user email from proofpoint on demand with gcti reported malicious emails is this the correct way