You're viewing version 2.17 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.
Threat intelligence
Threat intelligence in Security Analytics offers the capability to integrate your threat intelligence feeds. Feeds comprise indicators of compromise (IOCs), which search for malicious indicators in your data by setting up threat intelligence monitors. These monitors generate findings and can send notifications when malicious IPs, domains, or hashes from the threat intelligence feeds match your data.
You can interact with threat intelligence in the following ways:
- Threat intelligence APsI: To configure threat intelligence using API operations, see Threat Intelligence APIs.
- OpenSearch Dashboards: To configure and use threat intelligence through the OpenSearch Dashboards interface, see Getting started.