Table of Contents | ||||
---|---|---|---|---|
|
...
Rw ui steps macro | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Log in to the Anomali ThreatStream Integrator application.
Go to Destinations and create a new Anomali Integrator SDK Destination.
Select the SDK option and click Add.
Configure the following settings:
Save the Destination.
Choose one of the following available plugins:
|
...
Launch the Data Search menu.
Open the Devo table you want to query.
Compose your initial base query to isolate the data you would like to enrich.
Select the add column function from the toolbar in the data search screen.
Provide a Column Name.
Select custom as the operation type.
Select the Anomali lookup table and field you would like to use for the enrichment from the drop-down list:
Add a new argument to select the field to correlate on. The data type of the selected field must match the data type of the key value in the selected Lookup Table.
Click Create Column.
The new column is added to the data search workspace.
...