2 Replies Latest reply on Jan 20, 2016 11:08 AM by diogenes

    How does the "IsThreat" value determined?

    diogenes

      Hey guys,

       

      I was curious to see if we can have the "IsThreat" boolean value signal true when an IP in a custom made group appears in an event. The problem is, I don't know how LEM sets the "IsThreat" value in the first place. Is it tied to rules or a default group?

       

      Thanks

      -Diogenes