UTMStack
Change in threat intel source from v10 -> v11? #1430
Unanswered
jay-oconnor
asked this question in
Q&A
Replies: 1 comment
-
|
This feature has been temporarily disabled due to a high number of false positives. We are migrating to a v2 list that has three levels of accuracy and exclusions for known entities such as Office 365, GitHub, etc., which are being reported incorrectly too often. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Can anybody confirm if there was a change in threat intel providers in v11? I was getting a substantial number of threat intel alerts (mostly "A blocklisted element has been identified in the logs. Further investigation is recommended.") in v10 that have completely stopped in v11.
It's left me unsure if threat intel is still a part of the system, or if there's just a different and less zealous intel provider in play with v11.
Beta Was this translation helpful? Give feedback.
All reactions