I have set up the threat intel plugin and have subscribed to the official Alien Vault threat feed. I have been getting 90k+ positive matches with 900k messages per hour. I can’t even begin to properly sort through them due to the insane volume of matches. A good example is the destination IP of 8.8.8.8 being flagged up by multiple pulses which are “RiskDiscovery Twitter feeds - 2017-12-24, My Case, Test de indicadores de Google, dont subscribe”. As I stated before I have only subscribed to the Alien Vault official threat feed and have no idea why these pulses are being checked against my logs.
I have asked on the Alien Vault forum a few days ago and had no reply so thought it would be worth asking here.
Cheers,
G