Threat Import

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Threat Import

Threat import lets you import threat feed data into EventLog Analyzer from CSV files. This will help users to add any third-party threat data easily, and EventLog Analyzer processes the threat feed data present in the files for threat alerting.

Note: The CSV files should contain the list of threat sources in the first column.

How to add files for Threat Import

If you need to add Threat Sources for threat alerting, place the files in the <Dir>\EventLog Analyzer\data\za\threatfeeds\ThreatImport\Import folder.

Files in the ThreatImport directory will be deleted once it is processed. If any files are not deleted, this may indicate that an exception has occurred. Check the log file for details and contact support at eventloganalyzer-support@manageengine.com for further assistance.

Note: If you need to remove any Threat Sources from flagging threat alerts, place the file containing the Threat Feeds to be removed in <Dir>\EventLog Analyzer\data\za\threatfeeds\ThreatImport\Delete folder.

Scheduling Threat Import

Scheduling helps users import Threat data from files at the specified location automatically on a daily basis. This ensures that threat feeds are consistently updated and stay current. A threat Import schedule can be enabled by changing the dae.threat.import.schedule.enable property in <dir>\EventLog Analyzer\conf\EventLogAnalyzer\threat folder\threatstore.properties file from "false" to "true".

A schedule will run everyday at 8:00 AM to process the files placed under respective ThreatImport folder.

Users can disable the threat schedule by changing the value of dae.threat.import.schedule.enable property key from <dir>\EventLog Analyzer\conf\EventLogAnalyzer\threat folder\threatstore.properties file back to "false".

If the dae.threat.import.schedule.enable property key value changes from "false" to "true", the product must be restarted.

Restarting the product will trigger the threat import operation immediately instead of waiting for the 8.00 AM schedule.

You can find entries related to the threat Import feature in the product log file by searching for FileImportTask.

Help Document

How to add files for Threat Import

Scheduling Threat Import

On this page

Don't see what you're looking for?

Visit our community

Request additional resources

Need implementation assistance?