Threat Intelligence

Threat Intelligence (TI) fetches information and insights about existing or potential cyber threats and risks from various sources. It then assembles, processes, and analyzes the fetched information and uses it to predict data breaches, vulnerable attacks, and any evidence of pre-planned attacks or threats, and notifies about it in real-time. You can also link custom threat data sources and fetch and analyze their logs.

Package Details

Threat Intelligence Components:

Enrichment Source
- ThreatIntelligence
Process Command
- ti
Dashboard Package
- LP_Threat Intelligence
Alert Packages
- LP_Threat Intel Internal Machine Connecting to Multiple IOCs
- LP_Threat Intel Excessive Denied Connections Attempt from IOC
- LP_Threat Intel Connections with Suspicious Domains
- LP_Threat Intel Allowed Connections from Suspicious Sources
- LP_Threat Intel IOC Connecting to Multiple Internal Machines

Release Details

Version:6.4.3

Release date:April 22, 2026

Supported On:Logpoint v7.8.0 or later, Director v2.9.0 and later

SHA 256:ca06219dc5e47f4445bb4c9d00a5bcb4997e92fb95ee0d5b01667806fcc65d65

Threat Intelligence Guide

Download

Enhancement

PLUG-17265

For threat intelligence ingested from MISP, the score field values is set to 1 by default when MISP does not provide a risk score, ensuring consistent results in searches, dashboards, and correlation rules.

Bug Fix

PLUG-17551

Non-admin users were unable to view plugins, under Configurations >> Enrichment Sources, including threat Intelligence even when assigned to permission groups that previously allowed this access.

Past Releases

Threat Intelligence v6.4.2▾

Version:6.4.2

Release date:16th December, 2025

Supported On:Logpoint v7.8.0 and Director v2.9.0

SHA 256:93f370b86b53e10a7c4c23bda322783401e18c091da503425d84b193da7d44ef

Download

Bug Fixes

PLUG-16516

Custom CSV sources failed to fetch data via proxy if HTTPS was selected, preventing users from retrieving data through a proxy server.

PLUG-15689

MISP did not fetch logs because it did not support the new dom-hash attribute.

PLUG-13304

Threat Intelligence UI was stuck on pending when fetching large datasets from MISP, making results inaccessible.

Threat Intelligence v6.4.1▾

Version:6.4.1

Release date:July 15, 2025

Supported On:Logpoint v7.7.0 or later

SHA 256:646e3ee28311b82fd3aeec6e0a0397b7f1ea7b49d16679b1f158a32b3ce45eea

Download

Enhancement

Updated packages to address identified vulnerabilities.

Threat Intelligence v6.4.0▾

Version:6.4.0

Release date:1st January, 2025

Supported On:Logpoint v7.5.0, v7.5.1, v.7.6.0, and v.7.6.1

Download

Enhancement

PLUG-15718

The following columns are added to the threat intelligence table:

- Confidence: indicates reliability, helping prioritize high-confidence threats for quicker action while reducing false positives.

- ASN: provides insight into the source, enabling more accurate threat attribution and proactive defense measures.

- Tag: facilitates threat categorization, allowing for better organization, filtering, and retrieval of relevant threat data during investigations.

Threat Intelligence v6.3.1▾

Version:6.3.1

Release date:30th October, 2024

Supported On:Logpoint v7.5.0, v7.5.1, v.7.6.0, and v.7.6.1

SHA 256:393ffa83255f0a99341f3dce0793ec7801b7878124ddd96ff9e331826de8db99

Download

Bug Fix

PLUG-13247

With the MongoDB update, the database commands that Threat Intelligence used to fetch logs were discontinued, preventing it from fetching logs.

Threat Intelligence v6.3.0▾

Version:6.3.0

Release date:30th October, 2024

Supported On:Logpoint v7.5.0 and later

SHA 256:93da8a5becd67467709f5e7ce4e4c85a793d5906afec8ddeb659ea0a54647d3c

Download

Enhancement

Threat Intelligence is now compatible with Logpoint v7.5.0 and later.

Support

If you have any questions or require assistance, create a support ticket.

Threat Intelligence

Package Details

Release Details

Enhancement

Bug Fix

Past Releases

Bug Fixes

Enhancement

Enhancement

Bug Fix

Enhancement

Support

Comments

Related articles