Third-party Integrations Settings¶
Third-party integrations provide support for a vendor-specific threat source, including source-based customizations and authentication.
Third-party integrations differ from Corelight-update Policy Sources, in that a Policy source must be pre-formatted content you can download using an unauthenticated, or token-authenticated URL.
See the following sections for more details on each integration:
Attention
Some integrations, such as Tenable.sc, Mandiant Threat Inteligence, and icannTLD require an additional Zeek script to be loaded on the sensors. See Zeek package management. If you enable the integration, Corelight-update will upload the input file to the sensor. But if the required script isn’t available on the sensor, the input data won’t be used.