Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


About the Threat Intelligence Page


To access this page, select Administration > Insights Management > Threat Intelligence.

Look up your trusted threat intelligence providers for indicators of compromise to confirm the maliciousness of the reported event. Indicators of compromise include IP addresses, URLs, and file hash observed in the log data. What is considered malicious is based on available knowledge about the threat intelligence provider’s output.

Security Director Insights supports the following threat intelligence sources:



IBM X-Force

IP lookup and file hash


File hash and URL lookup


File hash, URL lookup, and IP lookup

Tasks You Can Perform

You can perform the following tasks from the Threat Intelligence page:

Field Descriptions

Table 1 provides guidelines on using the fields on the Threat Intelligence page.

Table 1: Fields on the Threat Intelligence Page




Specifies the threat intelligence source.


Specifies the corresponding API details configured for the threat intelligence source.