Talos Advisory Blog Incidents
Incidents are automatically created if there are events in the last 30 days in the organization's environment based on indicators of compromise (IOCs) from the Talos Threat Advisory blog article. Every Sunday evening, if a new Talos Threat Advisory Blog article has been published, a threat hunting process runs to determine if there are any events with affected assets in your organization's environment within the past 30 days for the IOCs reported in the Talos blog article.
If any events are found, a new incident is created that contains the events; the source for the incident is listed as Talos. If no events are found, no incident is created.