Talos Advisory Blog Incidents

Incidents are automatically created if there are sightings in the last 30 days in the organization's environment based on indicators of compromise (IOCs) from the Talos Threat Advisory blog article. Every Sunday evening, if a new Talos Threat Advisory Blog article has been published, a threat hunting process runs to determine if there are any sightings with affected assets in your organization's environment within the past 30 days for the IOCs reported in the Talos blog article.

If any sightings are found, a new incident is created that contains the sightings; the source for the incident is listed as Talos. If no sightings are found, no incident is created.