Hi,
We have recently integrated one of our firewall into LEM. We would like to have an email alert for the team if a single source IP produces 3 or more unique alerts/attacks. But when checking in LEM console, it seems that we are only receiving traffic logs and URL logs but not threat logs. Is there any specific configuration that we need to check for Palo Alto or LEM to receive threat logs? Would really appreciate if someone can confirm if this is possible.
Thanks in advance!
Neil