I have a list of IOC IPs and want to stand up a rule and alert. Does anyone know where I can find information on this process? I'm a VERY green n00b who starts training next month.
There are different ways to handle this, I suggest you to take a look at the following links
Alerting: Configure Context Hub List as an Enrichment Source
Context Hub: Configure Lists as a Data Source
Live: Manage Custom Feeds
I hope this helps.
Retrieving data ...