---
title: Threat Intel Processor
description: Evaluate logs against Threat Intelligence data
breadcrumbs: >-
  Docs > Log Management > Log Configuration > Processors > Threat Intel
  Processor
---

# Threat Intel Processor

## Overview{% #overview %}

Add the Threat Intel Processor to evaluate logs against the table using a specific Indicator of Compromise (IoC) key, such as an IP address. If a match is found, the log is enriched with relevant Threat Intelligence (TI) attributes from the table, which enhances detection, investigation, and response.

For more information, see [Threat Intelligence](https://docs.datadoghq.com/security/threat_intelligence.md).

## Further reading{% #further-reading %}

- [Discover Datadog Pipelines](https://docs.datadoghq.com/logs/log_configuration/pipelines.md)
- [Learn about Threat Intelligence](https://docs.datadoghq.com/security/threat_intelligence.md)