Check Multiple IOC Reputation Value

Forum|Forum|8 months ago
September 18, 2025
1 reply
418 views

Hi guys,

When an Indicator is created, it extracts the existing enrich playbook data, but if there is one malicious IOC tool here, the indicator is flagged as malicious. We want to implement a check here to ensure there are at least two. How can we step this process? Has anyone done this before?

Thanks in advance

jankit6

Staff

Hello @adem_netsys

As discussed, the issue was resolved after updating the playbook IRI value in the global variable "IP_Enrichment_IRI," which determines the playbooks that need to be executed to enrich the IP address.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded