Hello everyone, sorry to bother you. I would like to know what I’ve missed about Community Threats IOC.
I uploaded my list of IOC urls in InsightIDR but when I visit a website that is on my threat list I don’t have any alerts. I can find the website visited in my dns logs but no alert comming.
Do you have any idea why no alert comming ?
Best regards,
Cyrille.
Hi Cyrille, I’m also having the same issue. Added some domains to Community Threats and I have DNS logs matching these domains. But no investigations are ever created.
Interestingly, I did a DNS lookup for a Deep Panda malicious domain, and that created an investigation, so Rapid 7 is reading my DNS logs correctly, but not my Community Threats.