We keep an eye on this question to see what we can integrate with natively, but so far haven't heard much of it.
I guess my question would be; what options do you provide for Threat Intelligence Feeds to integrate into LEM? If you are waiting to see what you can integrate with natively, what native options do you support?
We have had some people import feed info via CSVs to User-Defined Groups to use in correlation rules or filters, but so far that's about it (and it's somewhat infrequent or vague).
How do you import CSV into a user defined group? If I was able to get CSV data from some other source I would love to import a list of IP's into a group that LEM would then use as a watch list.