The Dark Web Matrix • Room 1

Threat Intelligence Framework

The **Threat Intelligence Framework** automatically downloads, parses, and consumes threat feeds (IPs, domains, hashes) from external providers (e.g., STIX/TAXII, malicious domains lists).

These indicators are stored in Splunk lookups and KV stores. ES automatically cross-references every network, web, and endpoint event against these lists.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 1

How does ES use Threat Intelligence feeds?

AIt builds predictive ML models

BIt cross-references ingested events against known malicious indicators

CIt shares your data with the government

DIt encrypts local databases