Threat Intel for AWS - AWS Elastic Load Balancing - Classic


1 comment

  • Avatar
    Matt Sullivan

    when you say it's not working, do you mean you get no results?  if so, that's pretty common since the where clause in 2nd to last line filters out all but high confidence rogue IPs. the threat intel FAQ topic contains test IPs (and other test values for different IOC types) that are very useful in creating/debugging threat intel queries. the other thing to verify in above is that the _sourceCategory exists for your org, e.g. if you just run first line of query, do you get results?  generally speaking I'd use comment and work that query in stages until known working.

    Comment actions Permalink

Please sign in to leave a comment.