Thanks to ready correlation rules integrated with threat intelligence data, you can automatically block detected threats.
On the Logsign SIEM web interface, choose Alerts > Alert Rules and select Threat Intelligence Alerts on the page that opens. Here you can see the rules created according to threat types.
Let's open the configuration page by clicking the blue tab to the right of the rule we want to take action. At the bottom of this page you will see the Action and Notification area.
By choosing Security Automation and its integrated firewall, threat ip address is blocked.
NOTE: Custom Action Devices must be defined.