EclecticIQ Platform produces events coming from Threat Intelligence.
All of the related observables reported in the event are related to threat intelligence entities, such as ‘Indicators’, ‘Threat Actors’, and ‘TTPs’.
Each entity can be related to one or more extracts, such as ‘ipv4’, ‘domain’, etc.
Each CEF event reports one extract. This means for one entity there can be multiple CEF events sent.