Question & Answer
Question
Can a case hit a custom TII Threat, when it is added manually as an artifact?
Answer
The logic behind getting hits on IOCs is when TII runs an “Am I Affected scan” on a threat, if those indicators are found, they are added to a case. Once in cases, those indicators are enriched with third parties like VirusTotal, Cisco ThreatGrid or other TII Sources. A hit occurs only if the indicator is considered “risky” enough, it has no connection with what indicators were actually found on the cluster.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001h8pAAA","label":"Cases"},{"code":"a8m0z0000001jrwAAA","label":"Threat Intelligence Insights"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
30 June 2022
UID
ibm16600051