Hide this message
Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at firstname.lastname@example.org
This article describes how to enable or disable Threat Feeds. LEM 6.2 introduced the feature of Threat Feeds, which allow recognizing known and proven threats. Rules can make use of this data to automatically take action on Threat Feeds.
Log onto the LEM Web or Air Console.
Click Manage > Appliances.
Go to the Settings tab and select or deselect Allow Log & Event Manager to detect threats based on lists of known malicious IP addresses.
To verify that your Threat Feed is updating every morning, you can run the following nDepth search and look for this recurring event that comes in every morning at 3:14 AM:
InternalInfo.EventInfo = *threat*