How To Set Up Threat Intelligence Director

Note	If you encounter an issue during threat intelligence director configuration or operation, see Troubleshoot Threat Intelligence Director.

Procedure

Step 1	Ensure that your installation meets the requirements for running threat intelligence director. See Platform, Element, and License Requirements
Step 2	For each managed device, configure the policies required to support threat intelligence director and deploy those policies to the devices. See Configure Policies to Support Threat Intelligence Director. You can configure elements before or after you ingest intelligence data sources.
Step 3	Configure the intelligence sources that you want threat intelligence director to ingest. See Source Requirements and the topics under Options for Ingesting Data Sources.
Step 4	Publish data to the elements if you have not yet done so. See Pause or Publish Threat Intelligence Director Data at the Source, Indicator, or Observable Level.

Include threat intelligence director in your regularly scheduled backups. See About Backing Up and Restoring Threat Intelligence Director Data.

If your Secure Firewall Management Center deployment is a high availability configuration, see also Management Center High Availability Disaster Recovery.
(Optional) Grant administrative access to threat intelligence director functionality as desired. See User Roles with Threat Intelligence Director Access and Users for the Management Center .
As needed during operation, fine-tune your configuration. For example, add observables that produce false-positive incidents to the Do Not Block list. See View and Change Threat Intelligence Director Configurations.