Event source IP address is listed on one of more blocklists as having an IOC - Indication of compromise.

Related Solution

AIS Managed SIEM

SIEM Events

Threat Intelligence Alert Source IP Threat Indicated

src_ip_threat_indicated:true AND threat_indicated:true NOT filter_action:block - updated