Threat Intelligence App allows feeds of IOCs via STIX/TAXII to be placed on Reference sets for rules to use. RFSI are mostly a set of smart rules.

what are the relations between Threat Intelligence app and Reference Set and the Package (RFISI) ?

Jose - where is the best place to get the logs to replay as you have shown. Do you have any that can be used or is there a repository somewhere you van point us to?

Mr Jose Bravo, Your videos are quite usefull. Can u share related "data-sets" etc to allow us to complete the tutorial.

Heyy, i am looking for a way to cater spaces in my command, For example, i am testing a rule WMIC to execute local process. The command to do this is. Cmd>wmic process call create notepad.exe Now, it can be any process in my rule i say, command contains any of wmic process call create but it do not works due to spaces b/w args. How would you cater cases like these in which an offense should be generated based on the part of command available in event. Thanks

Hi Jose Bravo, Thanks for the video. I'm unable create Authorized Service Token, saying application error. Could u please help me out.