View Threat Intelligence Exchange execution history and set up actions

The Threat Intelligence Exchange execution history page displays a list of systems that have executed the file associated with the event you selected.

Before you begin

An ePolicy Orchestrator device with an attached Threat Intelligence Exchange server on the ESM must exist.

Task

  1. On the system navigation tree of the ESM console, click the ePolicy Orchestrator device.
  2. On the views drop-down list, select Event ViewsEvent Analysis, then click the event.
  3. Click the menu icon , then select ActionsTIE Execution History.
  4. On the TIE Execution History page, view the systems that have executed the Threat Intelligence Exchange file.
  5. To add this data to your workflow, click a system, click the Actions drop-down menu, then select an option to open its ESM page.
  6. Set up the action you selected (see the online Help for instructions).