InSights Threat Intelligence

Overview of InSights TI and the conditions required for it to function

MetaDefender InSights Threat Intelligence (InSights TI) detects known malicious domains and IP addresses in documents and enables real-time blocking of files based on malicious indicator detections. It applies high-quality, curated threat intelligence to extracted indicators, aggregating data from hundreds of sources to ensure the highest quality threat detections and strengthen your threat detection and response capabilities.

To enable the engine: Workflows > [Workflow name] > InSights Threat Intelligence

The InSights TI module processes IPs and domains extracted from Deep CDR and Adaptive Sandbox results.

To enable Deep CDR to provide IPs and domains to InSights TI, the following configurations must be enabled:

  • Enable Deep CDR in the workflow.
  • Enable these options in the Deep CDR Advanced Configuration

For Adaptive Sandbox, you just need to enable it in the workflow and adjust the filters according to your needs. Once a file is processed by Adaptive Sandbox, it can provide IPs and domains to InSights TI if any are detected within the processed file.

Process a file with malicious IPs/Domains

Scan result detail

Note: By default, MetaDefender Core doesn't block the file if the InSights TI detects it; if you want to block it, please go to the General tab in the workflow, remove "InSights Indicator Matches"
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
On This Page
InSights Threat IntelligenceOverview of InSights TI and the conditions required for it to functionProcess a file with malicious IPs/DomainsScan result detail