How are the threat gen reports/alerts in the DA-ESS Application collected on the threat_activity index? I would like to craft my own alert. I don't always want to generate a notable event, so a standard correlation search is not appropriate.
These are written using various HTTP calls to online threat lists. You could populate any index with collect or lookup with outputlookup