2.I would like to register some Threatlists. How can I do this? If there is the answer in the user manual, please let me know where I can find.
Hello,
I'm not sure what you mean by "using Threat List", anyway, threat lists are lookup based. So if, you might use the wizard to create correlation searches (or just help you to create searches), like | inputlookup append=T threatintel_by_cidr (it's in Configure, General, Custom searches).
For adding Threat lists, it's easy, just go to Configure, Data enrichment, Threat intelligence downloads (in v3.3).
Hello,
I'm not sure what you mean by "using Threat List", anyway, threat lists are lookup based. So if, you might use the wizard to create correlation searches (or just help you to create searches), like | inputlookup append=T threatintel_by_cidr (it's in Configure, General, Custom searches).
For adding Threat lists, it's easy, just go to Configure, Data enrichment, Threat intelligence downloads (in v3.3).