I am subscribed to a 3rd party threat intelligence called Threatconnect. I have the Threatconnect app for splunk installed on my search head.
My question is in regards to tuning as I have done very little to none. Should I expect that the threat intelligence that is streaming in is being ran against the events in my environment automatically? Assuming the threat intelligence is CIM compliant, should I expect that my Enterprise Security will make a notable event if there is a match?