Automating IOC Enrichment When to Use Use this skill when: - Building a SOAR playbook that automatically enriches SIEM alerts with threat intelligence context before routing to analysts - Creating a Python pipeline for bulk IOC enrichment from phishing email submissions - Reducing analyst mean time to triage (MTTT) by pre-populating alert context with VT, Shodan, and MISP data Do not use this skill for fully automated blocking decisions without human review — enrichment automation should inform decisions, not execute blocks autonomously for high-impact actions. Prerequisites - SOAR platform (…