Enabling or disabling threat sources
When artifacts are added to incidents, the SOAR Platform can search for those artifacts in several cyberthreat sources that are integrated into the product. If the artifact is found in one or more of these threat sources, it is highlighted in red and additional information about the “hit” is displayed. You can enable and disable the threat sources as you see fit for your company. Threat sources are not enabled by default.
To enable or disable a threat source, go to Administrator Settings > Threat Sources and use On or Off for the threat source that you are enabling or disabling.
When you enable certain sources, you might need to agree to the terms and conditions of the third-party threat source, or in some cases, add your account information or API key.
You must enable the geolocation threat source if you want to include geo-location data for the IP address artifacts.