The Intelligence Reports app allows you to leverage valuable indicators of potential threats from both curated intelligence reports and your custom intelligence reports.
Threat Intelligence Sweeping is available as a predefined model in the Detection Model Management app. By default, this model is enabled. When enabled, Trend Vision One generates alerts for noteworthy events after parsing your event logs and matching the data against intelligence reports. To further check the alerts triggered by Threat Intelligence Sweeping, go to Workbench.
Trend Vision One supports auto and manual sweeping based on curated and custom intelligence to search your environment for indicators of compromise. If there are indicator matches, you can check the sweeping results for further investigation and analysis.
Moreover, Trend Vision One allows you to leverage curated intelligence to search third-party data sources using STIX-Shifter if you have configured the required connection settings.