How do I tell if the Threat Intelligence feed is working? The All threat Events has never showed anything (perhaps I don't have any threats for it to catch).
Is there anything to check to make sure that the LEM is getting the feeds correctly?.
The only thing I have done is click the check on Allow Log & Event Manager to detect threats, It never uncheck's itself if that helps.
Daily on update there will be a LEM internal even that states wether the threat feed was updated successfully, if your receive this even then threat feeds are working and you just aren't being attacked by a known threat