Hi,
How does ThreatHub Feed enrich the IOCs data? Does it take IOCs from ingested events from ESM and then store the enriched data for those IOCs in Active Lists, or does it store generic data for all suspicious IOCs?
I appreciate any insights you can provide. Thank you!