Run Book
Also available as:
PDF

Verify That the Threat Intel Events Are Enriched

After you finish enriching your new data source, you should verify that the output matches your enrichment information.

By convention, the index where the new messages are indexed is called squid_index_[timestamp] and the document type is squid_doc.

From the Alerts UI, search the source:type filter for squid messages. For more information about using the Alerts UI, see Triaging Alerts.