I’m not sure if this is doubling up on datasets that R7 might already have, but I’m interested to know if there’s a method of utilizing additional threat feed sources such as AlienvaultOTX.
The example I’m thinking of, is looking for endpoints that might be talking out to ransomware domains.
Perhaps there’s a better way to do this, that I’ve not yet discovered. Would be keen to learn how others do it.
Thanks in advance.