diff --git a/common/constants.ts b/common/constants.ts
index 059fb806d..85daac89d 100644
--- a/common/constants.ts
+++ b/common/constants.ts
@@ -4,3 +4,15 @@
  */
 
 export const DEFAULT_RULE_UUID = '25b9c01c-350d-4b95-bed1-836d04a4f324';
+
+export enum ThreatIntelIocType {
+  IPAddress = 'ip',
+  Domain = 'domain',
+  FileHash = 'hash',
+}
+
+export const IocLabel: { [k in ThreatIntelIocType]: string } = {
+  [ThreatIntelIocType.IPAddress]: 'IP-Address',
+  [ThreatIntelIocType.Domain]: 'Domains',
+  [ThreatIntelIocType.FileHash]: 'File hash',
+};
diff --git a/cypress/integration/3_alerts.spec.js b/cypress/integration/3_alerts.spec.js
index dc40577d6..88a42235a 100644
--- a/cypress/integration/3_alerts.spec.js
+++ b/cypress/integration/3_alerts.spec.js
@@ -60,8 +60,10 @@ describe('Alerts', () => {
   });
 
   it('are generated', () => {
+    setupIntercept(cy, '/_security_analytics/alerts', 'getAlerts', 'GET');
     // Refresh the table
     cy.get('[data-test-subj="superDatePickerApplyTimeButton"]').click({ force: true });
+    cy.wait('@getAlerts').should('have.property', 'state', 'Complete');
 
     cy.wait(10000);
 
diff --git a/public/components/Notifications/NotificationForm.tsx b/public/components/Notifications/NotificationForm.tsx
new file mode 100644
index 000000000..5d01da2f5
--- /dev/null
+++ b/public/components/Notifications/NotificationForm.tsx
@@ -0,0 +1,185 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiAccordion,
+  EuiButton,
+  EuiComboBox,
+  EuiComboBoxOptionOption,
+  EuiFieldText,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormRow,
+  EuiSpacer,
+  EuiSwitch,
+  EuiText,
+  EuiTextArea,
+} from '@elastic/eui';
+import React, { useState } from 'react';
+import { NOTIFICATIONS_HREF } from '../../utils/constants';
+import { NotificationsCallOut } from '../NotificationsCallOut';
+import {
+  NotificationChannelOption,
+  NotificationChannelTypeOptions,
+  TriggerAction,
+} from '../../../types';
+import { getIsNotificationPluginInstalled } from '../../utils/helpers';
+
+export interface NotificationFormProps {
+  allNotificationChannels: NotificationChannelTypeOptions[];
+  loadingNotifications: boolean;
+  action: TriggerAction;
+  prepareMessage: (updateMessage?: boolean, onMount?: boolean) => void;
+  refreshNotificationChannels: () => void;
+  onChannelsChange: (selectedOptions: EuiComboBoxOptionOption<string>[]) => void;
+  onMessageBodyChange: (message: string) => void;
+  onMessageSubjectChange: (subject: string) => void;
+}
+
+export const NotificationForm: React.FC<NotificationFormProps> = ({
+  action,
+  allNotificationChannels,
+  loadingNotifications,
+  prepareMessage,
+  refreshNotificationChannels,
+  onChannelsChange,
+  onMessageBodyChange,
+  onMessageSubjectChange,
+}) => {
+  const hasNotificationPlugin = getIsNotificationPluginInstalled();
+  const [showNotificationDetails, setShowNotificationDetails] = useState(true);
+  const selectedNotificationChannelOption: NotificationChannelOption[] = [];
+  if (action.destination_id) {
+    allNotificationChannels.forEach((typeOption) => {
+      const matchingChannel = typeOption.options.find(
+        (option) => option.value === action.destination_id
+      );
+      if (matchingChannel) selectedNotificationChannelOption.push(matchingChannel);
+    });
+  }
+
+  return (
+    <>
+      <EuiSwitch
+        label="Send notification"
+        checked={showNotificationDetails}
+        onChange={(e) => setShowNotificationDetails(e.target.checked)}
+      />
+      <EuiSpacer />
+      {showNotificationDetails && (
+        <>
+          <EuiFlexGroup alignItems={'flexEnd'}>
+            <EuiFlexItem style={{ maxWidth: 400 }}>
+              <EuiFormRow
+                label={
+                  <EuiText size="m">
+                    <p>Notification channel</p>
+                  </EuiText>
+                }
+              >
+                <EuiComboBox
+                  placeholder={'Select notification channel.'}
+                  async={true}
+                  isLoading={loadingNotifications}
+                  options={allNotificationChannels as EuiComboBoxOptionOption<string>[]}
+                  selectedOptions={
+                    selectedNotificationChannelOption as EuiComboBoxOptionOption<string>[]
+                  }
+                  onChange={onChannelsChange}
+                  singleSelection={{ asPlainText: true }}
+                  onFocus={refreshNotificationChannels}
+                  isDisabled={!hasNotificationPlugin}
+                />
+              </EuiFormRow>
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                href={NOTIFICATIONS_HREF}
+                iconType={'popout'}
+                target={'_blank'}
+                isDisabled={!hasNotificationPlugin}
+              >
+                Manage channels
+              </EuiButton>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+
+          {!hasNotificationPlugin && (
+            <>
+              <EuiSpacer size="m" />
+              <NotificationsCallOut />
+            </>
+          )}
+
+          <EuiSpacer size={'l'} />
+
+          <EuiAccordion
+            id={`alert-condition-notify-msg-${action.id ?? 'draft'}`}
+            buttonContent={
+              <EuiText size="m">
+                <p>Notification message</p>
+              </EuiText>
+            }
+            paddingSize={'l'}
+            initialIsOpen={false}
+          >
+            <EuiFlexGroup direction={'column'} style={{ width: '75%' }}>
+              <EuiFlexItem>
+                <EuiFormRow
+                  label={
+                    <EuiText size={'s'}>
+                      <p>Message subject</p>
+                    </EuiText>
+                  }
+                  fullWidth={true}
+                >
+                  <EuiFieldText
+                    placeholder={'Enter a subject for the notification message.'}
+                    value={action?.subject_template.source}
+                    onChange={(e) => onMessageSubjectChange(e.target.value)}
+                    required={true}
+                    fullWidth={true}
+                  />
+                </EuiFormRow>
+              </EuiFlexItem>
+
+              <EuiFlexItem>
+                <EuiFormRow
+                  label={
+                    <EuiText size="s">
+                      <p>Message body</p>
+                    </EuiText>
+                  }
+                  fullWidth={true}
+                >
+                  <EuiTextArea
+                    placeholder={'Enter the content of the notification message.'}
+                    value={action?.message_template.source}
+                    onChange={(e) => onMessageBodyChange(e.target.value)}
+                    required={true}
+                    fullWidth={true}
+                  />
+                </EuiFormRow>
+              </EuiFlexItem>
+
+              <EuiFlexItem>
+                <EuiFormRow>
+                  <EuiButton
+                    fullWidth={false}
+                    onClick={() => prepareMessage(true /* updateMessage */)}
+                  >
+                    Generate message
+                  </EuiButton>
+                </EuiFormRow>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiAccordion>
+
+          <EuiSpacer size="xl" />
+        </>
+      )}
+    </>
+  );
+};
diff --git a/public/components/Utility/DescriptionGroup.tsx b/public/components/Utility/DescriptionGroup.tsx
new file mode 100644
index 000000000..ef5a71875
--- /dev/null
+++ b/public/components/Utility/DescriptionGroup.tsx
@@ -0,0 +1,35 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiDescriptionList,
+  EuiFlexGroup,
+  EuiFlexGroupProps,
+  EuiFlexItem,
+  EuiFlexItemProps,
+} from '@elastic/eui';
+import React from 'react';
+
+export interface DescriptionGroupProps {
+  listItems: { title: NonNullable<React.ReactNode>; description: NonNullable<React.ReactNode> }[];
+  itemProps?: Pick<EuiFlexItemProps, 'grow'>;
+  groupProps?: Pick<EuiFlexGroupProps, 'justifyContent'>;
+}
+
+export const DescriptionGroup: React.FC<DescriptionGroupProps> = ({
+  listItems,
+  itemProps,
+  groupProps,
+}) => {
+  return (
+    <EuiFlexGroup gutterSize="s" {...groupProps}>
+      {listItems.map((item, idx) => (
+        <EuiFlexItem {...itemProps} key={`item-${idx}`}>
+          <EuiDescriptionList listItems={[item]} />
+        </EuiFlexItem>
+      ))}
+    </EuiFlexGroup>
+  );
+};
diff --git a/public/components/Utility/StatusWithIndicator.tsx b/public/components/Utility/StatusWithIndicator.tsx
new file mode 100644
index 000000000..4883c815d
--- /dev/null
+++ b/public/components/Utility/StatusWithIndicator.tsx
@@ -0,0 +1,23 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { EuiIcon } from '@elastic/eui';
+import React from 'react';
+
+export interface StatusWithIndicatorProps {
+  text: string;
+  indicatorColor: 'success' | 'text';
+}
+
+export const StatusWithIndicator: React.FC<StatusWithIndicatorProps> = ({
+  text,
+  indicatorColor,
+}) => {
+  return (
+    <span>
+      <EuiIcon type={'dot'} color={indicatorColor} style={{ marginBottom: 4 }} /> {text}
+    </span>
+  );
+};
diff --git a/public/models/interfaces.ts b/public/models/interfaces.ts
index 0601efe44..70ce57263 100644
--- a/public/models/interfaces.ts
+++ b/public/models/interfaces.ts
@@ -18,6 +18,7 @@ import {
 } from '../services';
 import CorrelationService from '../services/CorrelationService';
 import MetricsService from '../services/MetricsService';
+import ThreatIntelService from '../services/ThreatIntelService';
 
 export interface BrowserServices {
   detectorsService: DetectorsService;
@@ -33,6 +34,7 @@ export interface BrowserServices {
   indexPatternsService: IndexPatternsService;
   logTypeService: LogTypeService;
   metricsService: MetricsService;
+  threatIntelService: ThreatIntelService;
 }
 
 export interface RuleOptions {
diff --git a/public/pages/Alerts/containers/Alerts/__snapshots__/Alerts.test.tsx.snap b/public/pages/Alerts/containers/Alerts/__snapshots__/Alerts.test.tsx.snap
index a8526e78b..1d122df44 100644
--- a/public/pages/Alerts/containers/Alerts/__snapshots__/Alerts.test.tsx.snap
+++ b/public/pages/Alerts/containers/Alerts/__snapshots__/Alerts.test.tsx.snap
@@ -43,6 +43,7 @@ exports[`<Alerts /> spec renders the component 1`] = `
   findingService={
     FindingsService {
       "getFindings": [Function],
+      "getThreatIntelFindings": [Function],
       "httpClient": [MockFunction],
     }
   }
@@ -124,6 +125,7 @@ exports[`<Alerts /> spec renders the component 1`] = `
     findingService={
       FindingsService {
         "getFindings": [Function],
+        "getThreatIntelFindings": [Function],
         "httpClient": [MockFunction],
       }
     }
diff --git a/public/pages/Correlations/containers/CreateCorrelationRule.tsx b/public/pages/Correlations/containers/CreateCorrelationRule.tsx
index 17e5f1556..4b3cfe273 100644
--- a/public/pages/Correlations/containers/CreateCorrelationRule.tsx
+++ b/public/pages/Correlations/containers/CreateCorrelationRule.tsx
@@ -47,7 +47,7 @@ import { CoreServicesContext } from '../../../components/core_services';
 import { RouteComponentProps, useParams } from 'react-router-dom';
 import { validateName } from '../../../utils/validation';
 import { FieldMappingService, IndexService, OpenSearchService, NotificationsService } from '../../../services';
-import { errorNotificationToast, getDataSources, getLogTypeOptions, getPlugins } from '../../../utils/helpers';
+import { errorNotificationToast, getDataSources, getFieldsForIndex, getLogTypeOptions, getPlugins } from '../../../utils/helpers';
 import { severityOptions } from '../../../pages/Alerts/utils/constants';
 import _ from 'lodash';
 import { NotificationChannelOption, NotificationChannelTypeOptions } from '../../CreateDetector/components/ConfigureAlerts/models/interfaces';
@@ -402,24 +402,7 @@ export const CreateCorrelationRule: React.FC<CreateCorrelationRuleProps> = (
 
   const getLogFields = useCallback(
     async (indexName: string) => {
-      let fields: {
-        label: string;
-        value: string;
-      }[] = [];
-
-      if (indexName) {
-        const result = await props.indexService.getIndexFields(indexName);
-        if (result?.ok) {
-          fields = result.response?.map((field) => ({
-            label: field,
-            value: field,
-          }));
-        }
-
-        return fields;
-      }
-
-      return fields;
+      return getFieldsForIndex(props.indexService, indexName);
     },
     [props.indexService.getIndexFields]
   );
diff --git a/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.tsx b/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.tsx
index 22608e617..e7192d92d 100644
--- a/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.tsx
+++ b/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.tsx
@@ -7,18 +7,13 @@ import React, { ChangeEvent, Component } from 'react';
 import { RouteComponentProps } from 'react-router-dom';
 import {
   EuiAccordion,
-  EuiButton,
   EuiCheckbox,
   EuiComboBox,
   EuiComboBoxOptionOption,
   EuiFieldText,
-  EuiFlexGroup,
-  EuiFlexItem,
   EuiFormRow,
   EuiSpacer,
-  EuiSwitch,
   EuiText,
-  EuiTextArea,
   EuiTitle,
 } from '@elastic/eui';
 import { AlertCondition } from '../../../../../../../models/interfaces';
@@ -29,11 +24,13 @@ import {
 } from '../../utils/helpers';
 import { ALERT_SEVERITY_OPTIONS } from '../../utils/constants';
 import { CreateDetectorRulesOptions } from '../../../../../../models/types';
-import { NotificationChannelOption, NotificationChannelTypeOptions } from '../../models/interfaces';
-import { NOTIFICATIONS_HREF } from '../../../../../../utils/constants';
 import { getNameErrorMessage, validateName } from '../../../../../../utils/validation';
-import { NotificationsCallOut } from '../../../../../../components/NotificationsCallOut';
-import { Detector } from '../../../../../../../types';
+import {
+  Detector,
+  NotificationChannelOption,
+  NotificationChannelTypeOptions,
+} from '../../../../../../../types';
+import { NotificationForm } from '../../../../../../components/Notifications/NotificationForm';
 
 interface AlertConditionPanelProps extends RouteComponentProps {
   alertCondition: AlertCondition;
@@ -42,7 +39,6 @@ interface AlertConditionPanelProps extends RouteComponentProps {
   detector: Detector;
   indexNum: number;
   isEdit: boolean;
-  hasNotificationPlugin: boolean;
   loadingNotifications: boolean;
   onAlertTriggerChanged: (newDetector: Detector, emitMetrics?: boolean) => void;
   refreshNotificationChannels: () => void;
@@ -53,7 +49,6 @@ interface AlertConditionPanelState {
   nameIsInvalid: boolean;
   previewToggle: boolean;
   selectedNames: EuiComboBoxOptionOption<string>[];
-  showNotificationDetails: boolean;
   detectionRulesTriggerEnabled: boolean;
   threatIntelTriggerEnabled: boolean;
 }
@@ -69,7 +64,6 @@ export default class AlertConditionPanel extends Component<
       nameIsInvalid: false,
       previewToggle: false,
       selectedNames: [],
-      showNotificationDetails: true,
       detectionRulesTriggerEnabled: props.alertCondition.detection_types.includes('rules'),
       threatIntelTriggerEnabled: props.alertCondition.detection_types.includes('threat_intel'),
     };
@@ -200,7 +194,7 @@ export default class AlertConditionPanel extends Component<
     this.updateTrigger({ tags });
   };
 
-  onNotificationChannelsChange = (selectedOptions: EuiComboBoxOptionOption<string>[]) => {
+  private onNotificationChannelsChange = (selectedOptions: EuiComboBoxOptionOption<string>[]) => {
     const {
       alertCondition,
       onAlertTriggerChanged,
@@ -282,13 +276,11 @@ export default class AlertConditionPanel extends Component<
       loadingNotifications,
       refreshNotificationChannels,
       rulesOptions,
-      hasNotificationPlugin,
     } = this.props;
     const {
       nameFieldTouched,
       nameIsInvalid,
       selectedNames,
-      showNotificationDetails,
       detectionRulesTriggerEnabled,
       threatIntelTriggerEnabled,
     } = this.state;
@@ -525,123 +517,16 @@ export default class AlertConditionPanel extends Component<
 
         <EuiSpacer size={'l'} />
 
-        <EuiSwitch
-          label="Send notification"
-          checked={showNotificationDetails}
-          onChange={(e) => this.setState({ showNotificationDetails: e.target.checked })}
+        <NotificationForm
+          action={alertCondition.actions[0]}
+          allNotificationChannels={allNotificationChannels}
+          loadingNotifications={loadingNotifications}
+          prepareMessage={this.prepareMessage}
+          refreshNotificationChannels={refreshNotificationChannels}
+          onChannelsChange={this.onNotificationChannelsChange}
+          onMessageBodyChange={this.onMessageBodyChange}
+          onMessageSubjectChange={this.onMessageSubjectChange}
         />
-
-        <EuiSpacer />
-
-        {showNotificationDetails && (
-          <>
-            <EuiFlexGroup alignItems={'flexEnd'}>
-              <EuiFlexItem style={{ maxWidth: 400 }}>
-                <EuiFormRow
-                  label={
-                    <EuiText size="m">
-                      <p>Notification channel</p>
-                    </EuiText>
-                  }
-                >
-                  <EuiComboBox
-                    placeholder={'Select notification channel.'}
-                    async={true}
-                    isLoading={loadingNotifications}
-                    options={allNotificationChannels as EuiComboBoxOptionOption<string>[]}
-                    selectedOptions={
-                      selectedNotificationChannelOption as EuiComboBoxOptionOption<string>[]
-                    }
-                    onChange={this.onNotificationChannelsChange}
-                    singleSelection={{ asPlainText: true }}
-                    onFocus={refreshNotificationChannels}
-                    isDisabled={!hasNotificationPlugin}
-                  />
-                </EuiFormRow>
-              </EuiFlexItem>
-              <EuiFlexItem grow={false}>
-                <EuiButton
-                  href={NOTIFICATIONS_HREF}
-                  iconType={'popout'}
-                  target={'_blank'}
-                  isDisabled={!hasNotificationPlugin}
-                >
-                  Manage channels
-                </EuiButton>
-              </EuiFlexItem>
-            </EuiFlexGroup>
-
-            {!hasNotificationPlugin && (
-              <>
-                <EuiSpacer size="m" />
-                <NotificationsCallOut />
-              </>
-            )}
-
-            <EuiSpacer size={'l'} />
-
-            <EuiAccordion
-              id={`alert-condition-notify-msg-${indexNum}`}
-              buttonContent={
-                <EuiText size="m">
-                  <p>Notification message</p>
-                </EuiText>
-              }
-              paddingSize={'l'}
-              initialIsOpen={false}
-            >
-              <EuiFlexGroup direction={'column'} style={{ width: '75%' }}>
-                <EuiFlexItem>
-                  <EuiFormRow
-                    label={
-                      <EuiText size={'s'}>
-                        <p>Message subject</p>
-                      </EuiText>
-                    }
-                    fullWidth={true}
-                  >
-                    <EuiFieldText
-                      placeholder={'Enter a subject for the notification message.'}
-                      value={alertCondition.actions[0]?.subject_template.source}
-                      onChange={(e) => this.onMessageSubjectChange(e.target.value)}
-                      required={true}
-                      fullWidth={true}
-                    />
-                  </EuiFormRow>
-                </EuiFlexItem>
-
-                <EuiFlexItem>
-                  <EuiFormRow
-                    label={
-                      <EuiText size="s">
-                        <p>Message body</p>
-                      </EuiText>
-                    }
-                    fullWidth={true}
-                  >
-                    <EuiTextArea
-                      placeholder={'Enter the content of the notification message.'}
-                      value={alertCondition.actions[0]?.message_template.source}
-                      onChange={(e) => this.onMessageBodyChange(e.target.value)}
-                      required={true}
-                      fullWidth={true}
-                    />
-                  </EuiFormRow>
-                </EuiFlexItem>
-
-                <EuiFlexItem>
-                  <EuiFormRow>
-                    <EuiButton fullWidth={false} onClick={() => this.prepareMessage(true)}>
-                      Generate message
-                    </EuiButton>
-                  </EuiFormRow>
-                </EuiFlexItem>
-              </EuiFlexGroup>
-            </EuiAccordion>
-
-            <EuiSpacer size="xl" />
-          </>
-        )}
       </div>
     );
   }
diff --git a/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/__snapshots__/AlertConditionPanel.test.tsx.snap b/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/__snapshots__/AlertConditionPanel.test.tsx.snap
index ba7edfb3a..773a5f95c 100644
--- a/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/__snapshots__/AlertConditionPanel.test.tsx.snap
+++ b/public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition/__snapshots__/AlertConditionPanel.test.tsx.snap
@@ -588,7 +588,7 @@ Object {
                 <div
                   aria-expanded="false"
                   aria-haspopup="listbox"
-                  class="euiComboBox"
+                  class="euiComboBox euiComboBox-isDisabled"
                   role="combobox"
                 >
                   <div
@@ -598,7 +598,7 @@ Object {
                       class="euiFormControlLayout__childrenWrapper"
                     >
                       <div
-                        class="euiComboBox__inputWrap euiComboBox__inputWrap--noWrap euiComboBox__inputWrap-isClearable"
+                        class="euiComboBox__inputWrap euiComboBox__inputWrap--noWrap"
                         data-test-subj="comboBoxInput"
                         tabindex="-1"
                       >
@@ -614,6 +614,7 @@ Object {
                           <input
                             aria-controls=""
                             data-test-subj="comboBoxSearchInput"
+                            disabled=""
                             id="some_html_id"
                             role="textbox"
                             style="box-sizing: content-box; width: 2px;"
@@ -631,6 +632,7 @@ Object {
                           aria-label="Open list of options"
                           class="euiFormControlLayoutCustomIcon euiFormControlLayoutCustomIcon--clickable"
                           data-test-subj="comboBoxToggleListButton"
+                          disabled=""
                           type="button"
                         >
                           EuiIconMock
@@ -645,11 +647,10 @@ Object {
           <div
             class="euiFlexItem euiFlexItem--flexGrowZero"
           >
-            <a
-              class="euiButton euiButton--primary"
-              href="notifications-dashboards#/channels"
-              rel="noopener noreferrer"
-              target="_blank"
+            <button
+              class="euiButton euiButton--primary euiButton-isDisabled"
+              disabled=""
+              type="button"
             >
               <span
                 class="euiButtonContent euiButton__content"
@@ -661,9 +662,49 @@ Object {
                   Manage channels
                 </span>
               </span>
-            </a>
+            </button>
           </div>
         </div>
+        <div
+          class="euiSpacer euiSpacer--m"
+        />
+        <div
+          class="euiCallOut euiCallOut--danger"
+        >
+          <div
+            class="euiCallOutHeader"
+          >
+            EuiIconMock
+            <span
+              class="euiCallOutHeader__title"
+            >
+              Notifications plugin is not installed
+            </span>
+          </div>
+          <div
+            class="euiText euiText--small"
+          >
+            <div
+              class="euiTextColor euiTextColor--default"
+            >
+              <p>
+                Install the notifications plugin in order to create and select channels to send out notifications. 
+                <a
+                  class="euiLink euiLink--primary"
+                  href="https://opensearch.org/docs/latest/notifications-plugin/index/"
+                  rel="noreferrer"
+                >
+                  Learn more
+                  EuiIconMock
+                </a>
+                .
+              </p>
+            </div>
+          </div>
+        </div>
+        <div
+          class="euiSpacer euiSpacer--m"
+        />
         <div
           class="euiSpacer euiSpacer--l"
         />
@@ -674,7 +715,7 @@ Object {
             class="euiAccordion__triggerWrapper"
           >
             <button
-              aria-controls="alert-condition-notify-msg-0"
+              aria-controls="alert-condition-notify-msg-trigger_id_1_0"
               aria-expanded="false"
               class="euiAccordion__button"
               id="some_html_id"
@@ -701,7 +742,7 @@ Object {
           <div
             aria-labelledby="some_html_id"
             class="euiAccordion__childWrapper"
-            id="alert-condition-notify-msg-0"
+            id="alert-condition-notify-msg-trigger_id_1_0"
             role="region"
             tabindex="-1"
           >
@@ -1419,7 +1460,7 @@ Object {
               <div
                 aria-expanded="false"
                 aria-haspopup="listbox"
-                class="euiComboBox"
+                class="euiComboBox euiComboBox-isDisabled"
                 role="combobox"
               >
                 <div
@@ -1429,7 +1470,7 @@ Object {
                     class="euiFormControlLayout__childrenWrapper"
                   >
                     <div
-                      class="euiComboBox__inputWrap euiComboBox__inputWrap--noWrap euiComboBox__inputWrap-isClearable"
+                      class="euiComboBox__inputWrap euiComboBox__inputWrap--noWrap"
                       data-test-subj="comboBoxInput"
                       tabindex="-1"
                     >
@@ -1445,6 +1486,7 @@ Object {
                         <input
                           aria-controls=""
                           data-test-subj="comboBoxSearchInput"
+                          disabled=""
                           id="some_html_id"
                           role="textbox"
                           style="box-sizing: content-box; width: 2px;"
@@ -1462,6 +1504,7 @@ Object {
                         aria-label="Open list of options"
                         class="euiFormControlLayoutCustomIcon euiFormControlLayoutCustomIcon--clickable"
                         data-test-subj="comboBoxToggleListButton"
+                        disabled=""
                         type="button"
                       >
                         EuiIconMock
@@ -1476,11 +1519,10 @@ Object {
         <div
           class="euiFlexItem euiFlexItem--flexGrowZero"
         >
-          <a
-            class="euiButton euiButton--primary"
-            href="notifications-dashboards#/channels"
-            rel="noopener noreferrer"
-            target="_blank"
+          <button
+            class="euiButton euiButton--primary euiButton-isDisabled"
+            disabled=""
+            type="button"
           >
             <span
               class="euiButtonContent euiButton__content"
@@ -1492,9 +1534,49 @@ Object {
                 Manage channels
               </span>
             </span>
-          </a>
+          </button>
+        </div>
+      </div>
+      <div
+        class="euiSpacer euiSpacer--m"
+      />
+      <div
+        class="euiCallOut euiCallOut--danger"
+      >
+        <div
+          class="euiCallOutHeader"
+        >
+          EuiIconMock
+          <span
+            class="euiCallOutHeader__title"
+          >
+            Notifications plugin is not installed
+          </span>
+        </div>
+        <div
+          class="euiText euiText--small"
+        >
+          <div
+            class="euiTextColor euiTextColor--default"
+          >
+            <p>
+              Install the notifications plugin in order to create and select channels to send out notifications. 
+              <a
+                class="euiLink euiLink--primary"
+                href="https://opensearch.org/docs/latest/notifications-plugin/index/"
+                rel="noreferrer"
+              >
+                Learn more
+                EuiIconMock
+              </a>
+              .
+            </p>
+          </div>
         </div>
       </div>
+      <div
+        class="euiSpacer euiSpacer--m"
+      />
       <div
         class="euiSpacer euiSpacer--l"
       />
@@ -1505,7 +1587,7 @@ Object {
           class="euiAccordion__triggerWrapper"
         >
           <button
-            aria-controls="alert-condition-notify-msg-0"
+            aria-controls="alert-condition-notify-msg-trigger_id_1_0"
             aria-expanded="false"
             class="euiAccordion__button"
             id="some_html_id"
@@ -1532,7 +1614,7 @@ Object {
         <div
           aria-labelledby="some_html_id"
           class="euiAccordion__childWrapper"
-          id="alert-condition-notify-msg-0"
+          id="alert-condition-notify-msg-trigger_id_1_0"
           role="region"
           tabindex="-1"
         >
diff --git a/public/pages/CreateDetector/components/ConfigureAlerts/containers/ConfigureAlerts.tsx b/public/pages/CreateDetector/components/ConfigureAlerts/containers/ConfigureAlerts.tsx
index 5f36a817e..e14e3b1f0 100644
--- a/public/pages/CreateDetector/components/ConfigureAlerts/containers/ConfigureAlerts.tsx
+++ b/public/pages/CreateDetector/components/ConfigureAlerts/containers/ConfigureAlerts.tsx
@@ -17,7 +17,6 @@ import {
 import { MAX_ALERT_CONDITIONS } from '../utils/constants';
 import AlertConditionPanel from '../components/AlertCondition';
 import { CreateDetectorRulesOptions } from '../../../../../models/types';
-import { NotificationChannelTypeOptions } from '../models/interfaces';
 import {
   getEmptyAlertCondition,
   getNotificationChannels,
@@ -32,6 +31,7 @@ import {
   CreateDetectorSteps,
   Detector,
   DetectorCreationStep,
+  NotificationChannelTypeOptions,
 } from '../../../../../../types';
 import { MetricsContext } from '../../../../../metrics/MetricsContext';
 
@@ -42,7 +42,6 @@ interface ConfigureAlertsProps extends RouteComponentProps {
   changeDetector: (detector: Detector) => void;
   updateDataValidState: (step: DetectorCreationStep, isValid: boolean) => void;
   notificationsService: NotificationsService;
-  hasNotificationPlugin: boolean;
   getTriggerName: () => string;
   metricsContext?: MetricsContext;
 }
@@ -52,7 +51,7 @@ interface ConfigureAlertsState {
   notificationChannels: NotificationChannelTypeOptions[];
 }
 
-const isTriggerValid = (triggers: AlertCondition[], hasNotificationPlugin: boolean) => {
+const isTriggerValid = (triggers: AlertCondition[]) => {
   return (
     !triggers.length ||
     triggers.every((trigger) => {
@@ -105,7 +104,7 @@ export default class ConfigureAlerts extends Component<ConfigureAlertsProps, Con
       this.addCondition();
       this.props.updateDataValidState(DetectorCreationStep.CONFIGURE_ALERTS, true);
     } else {
-      const isTriggerDataValid = isTriggerValid(triggers, this.props.hasNotificationPlugin);
+      const isTriggerDataValid = isTriggerValid(triggers);
       this.props.updateDataValidState(DetectorCreationStep.CONFIGURE_ALERTS, isTriggerDataValid);
     }
   };
@@ -143,10 +142,7 @@ export default class ConfigureAlerts extends Component<ConfigureAlertsProps, Con
   };
 
   onAlertTriggerChanged = (newDetector: Detector, emitMetrics: boolean = true): void => {
-    const isTriggerDataValid = isTriggerValid(
-      newDetector.triggers,
-      this.props.hasNotificationPlugin
-    );
+    const isTriggerDataValid = isTriggerValid(newDetector.triggers);
     this.props.changeDetector(newDetector);
     this.props.updateDataValidState(DetectorCreationStep.CONFIGURE_ALERTS, isTriggerDataValid);
     if (emitMetrics) {
@@ -223,7 +219,6 @@ export default class ConfigureAlerts extends Component<ConfigureAlertsProps, Con
                   loadingNotifications={loading}
                   onAlertTriggerChanged={this.onAlertTriggerChanged}
                   refreshNotificationChannels={this.getNotificationChannels}
-                  hasNotificationPlugin={this.props.hasNotificationPlugin}
                 />
               </EuiAccordion>
             </EuiPanel>
diff --git a/public/pages/CreateDetector/components/ConfigureAlerts/models/interfaces.ts b/public/pages/CreateDetector/components/ConfigureAlerts/models/interfaces.ts
deleted file mode 100644
index fda16e043..000000000
--- a/public/pages/CreateDetector/components/ConfigureAlerts/models/interfaces.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
- * Copyright OpenSearch Contributors
- * SPDX-License-Identifier: Apache-2.0
- */
-
-export interface NotificationChannelTypeOptions {
-  label: string;
-  options: NotificationChannelOption[];
-}
-
-export interface NotificationChannelOption {
-  label: string;
-  value: string;
-  type: string;
-  description: string;
-}
diff --git a/public/pages/CreateDetector/components/ConfigureAlerts/utils/helpers.ts b/public/pages/CreateDetector/components/ConfigureAlerts/utils/helpers.ts
index c579bab59..638ba7008 100644
--- a/public/pages/CreateDetector/components/ConfigureAlerts/utils/helpers.ts
+++ b/public/pages/CreateDetector/components/ConfigureAlerts/utils/helpers.ts
@@ -5,10 +5,9 @@
 
 import { EuiComboBoxOptionOption } from '@elastic/eui';
 import { ALERT_SEVERITY_OPTIONS, CHANNEL_TYPES } from './constants';
-import { NotificationChannelTypeOptions } from '../models/interfaces';
 import { NotificationsService } from '../../../../../services';
 import { AlertCondition, TriggerAction } from '../../../../../../models/interfaces';
-import { FeatureChannelList } from '../../../../../../types';
+import { FeatureChannelList, NotificationChannelTypeOptions } from '../../../../../../types';
 
 export const parseAlertSeverityToOption = (severity: string): EuiComboBoxOptionOption<string> => {
   return Object.values(ALERT_SEVERITY_OPTIONS).find(
diff --git a/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx b/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx
index 802e60a84..0bafe87ef 100644
--- a/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx
+++ b/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx
@@ -4,59 +4,34 @@
  */
 
 import React from 'react';
-import { EuiSelectOption, EuiSpacer, EuiTitle } from '@elastic/eui';
+import { EuiSpacer, EuiTitle } from '@elastic/eui';
 import { PeriodSchedule } from '../../../../../../../models/interfaces';
 import { Interval } from './Interval';
-import { CustomCron } from './CustomCron';
-import { Daily } from './Daily';
-import { Monthly } from './Monthly';
-import { Weekly } from './Weekly';
 import { Detector } from '../../../../../../../types';
-
-const frequencies: EuiSelectOption[] = [{ value: 'interval', text: 'By interval' }];
+import FormFieldHeader from '../../../../../../components/FormFieldHeader';
 
 export interface DetectorScheduleProps {
   detector: Detector;
   onDetectorScheduleChange(schedule: PeriodSchedule): void;
 }
 
-export interface DetectorScheduleState {
-  selectedFrequency: string;
-}
-
-const components: { [freq: string]: typeof React.Component } = {
-  daily: Daily,
-  weekly: Weekly,
-  monthly: Monthly,
-  cronExpression: CustomCron,
-  interval: Interval,
-};
-
-export class DetectorSchedule extends React.Component<
-  DetectorScheduleProps,
-  DetectorScheduleState
-> {
+export class DetectorSchedule extends React.Component<DetectorScheduleProps> {
   constructor(props: DetectorScheduleProps) {
     super(props);
-    this.state = {
-      selectedFrequency: frequencies[0].value as string,
-    };
   }
 
-  onFrequencySelected = (event: React.ChangeEvent<HTMLSelectElement>) => {
-    this.setState({ selectedFrequency: event.target.value });
-  };
-
   render() {
-    const FrequencyPicker = components[this.state.selectedFrequency];
-
     return (
       <>
         <EuiTitle size="m">
           <h3>Detector schedule</h3>
         </EuiTitle>
         <EuiSpacer />
-        <FrequencyPicker {...this.props} />
+        <Interval
+          schedule={this.props.detector.schedule}
+          label={<FormFieldHeader headerTitle={'Run every'} />}
+          onScheduleChange={this.props.onDetectorScheduleChange}
+        />
       </>
     );
   }
diff --git a/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval.tsx b/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval.tsx
index 1d1f7e296..c3fb3930d 100644
--- a/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval.tsx
+++ b/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval.tsx
@@ -11,26 +11,22 @@ import {
   EuiSelect,
   EuiSelectOption,
 } from '@elastic/eui';
-import FormFieldHeader from '../../../../../../components/FormFieldHeader';
 import React from 'react';
 import { PeriodSchedule } from '../../../../../../../models/interfaces';
-import { Detector } from '../../../../../../../types';
+import { defaultIntervalUnitOptions } from '../../../../../../utils/constants';
 
 export interface IntervalProps {
-  detector: Detector;
-  onDetectorScheduleChange(schedule: PeriodSchedule): void;
+  schedule: PeriodSchedule;
+  label?: string | React.ReactNode;
+  readonly?: boolean;
+  scheduleUnitOptions?: EuiSelectOption[];
+  onScheduleChange(schedule: PeriodSchedule): void;
 }
 
 export interface IntervalState {
   isIntervalValid: boolean;
 }
 
-const unitOptions: EuiSelectOption[] = [
-  { value: 'MINUTES', text: 'Minutes' },
-  { value: 'HOURS', text: 'Hours' },
-  { value: 'DAYS', text: 'Days' },
-];
-
 export class Interval extends React.Component<IntervalProps, IntervalState> {
   state = {
     isIntervalValid: true,
@@ -40,18 +36,18 @@ export class Interval extends React.Component<IntervalProps, IntervalState> {
     this.setState({
       isIntervalValid: !!event.target.value,
     });
-    this.props.onDetectorScheduleChange({
+    this.props.onScheduleChange({
       period: {
-        ...this.props.detector.schedule.period,
+        ...this.props.schedule.period,
         interval: parseInt(event.target.value),
       },
     });
   };
 
   onUnitChange = (event: React.ChangeEvent<HTMLSelectElement>) => {
-    this.props.onDetectorScheduleChange({
+    this.props.onScheduleChange({
       period: {
-        ...this.props.detector.schedule.period,
+        ...this.props.schedule.period,
         unit: event.target.value,
       },
     });
@@ -59,10 +55,10 @@ export class Interval extends React.Component<IntervalProps, IntervalState> {
 
   render() {
     const { isIntervalValid } = this.state;
-    const { period } = this.props.detector.schedule;
+    const { period } = this.props.schedule;
     return (
       <EuiFormRow
-        label={<FormFieldHeader headerTitle={'Run every'} />}
+        label={this.props.label}
         isInvalid={!isIntervalValid}
         error={'Enter schedule interval.'}
       >
@@ -76,14 +72,16 @@ export class Interval extends React.Component<IntervalProps, IntervalState> {
               data-test-subj={'detector-schedule-number-select'}
               required={true}
               isInvalid={!isIntervalValid}
+              readOnly={this.props.readonly}
             />
           </EuiFlexItem>
           <EuiFlexItem>
             <EuiSelect
-              options={unitOptions}
+              options={this.props.scheduleUnitOptions ?? Object.values(defaultIntervalUnitOptions)}
               onChange={this.onUnitChange}
               value={period.unit}
               data-test-subj={'detector-schedule-unit-select'}
+              disabled={this.props.readonly}
             />
           </EuiFlexItem>
         </EuiFlexGroup>
diff --git a/public/pages/CreateDetector/containers/CreateDetector.tsx b/public/pages/CreateDetector/containers/CreateDetector.tsx
index d009c0a9b..47e7abe41 100644
--- a/public/pages/CreateDetector/containers/CreateDetector.tsx
+++ b/public/pages/CreateDetector/containers/CreateDetector.tsx
@@ -16,13 +16,7 @@ import {
 } from '@elastic/eui';
 import DefineDetector from '../components/DefineDetector/containers/DefineDetector';
 import { createDetectorSteps, PENDING_DETECTOR_ID } from '../utils/constants';
-import {
-  BREADCRUMBS,
-  EMPTY_DEFAULT_DETECTOR,
-  OS_NOTIFICATION_PLUGIN,
-  PLUGIN_NAME,
-  ROUTES,
-} from '../../../utils/constants';
+import { BREADCRUMBS, EMPTY_DEFAULT_DETECTOR, PLUGIN_NAME, ROUTES } from '../../../utils/constants';
 import ConfigureAlerts from '../components/ConfigureAlerts';
 import { FieldMapping } from '../../../../models/interfaces';
 import { EuiContainedStepProps } from '@elastic/eui/src/components/steps/steps';
@@ -35,7 +29,6 @@ import {
   RuleItemInfo,
 } from '../components/DefineDetector/components/DetectionRules/types/interfaces';
 import { NotificationsStart } from 'opensearch-dashboards/public';
-import { getPlugins } from '../../../utils/helpers';
 import {
   CreateDetectorSteps,
   DataSourceManagerProps,
@@ -62,7 +55,6 @@ export interface CreateDetectorState {
   stepDataValid: { [step in DetectorCreationStep | string]: boolean };
   creatingDetector: boolean;
   rulesState: CreateDetectorRulesState;
-  plugins: string[];
   loadingRules: boolean;
 }
 
@@ -94,7 +86,6 @@ export default class CreateDetector extends Component<CreateDetectorProps, Creat
       },
       creatingDetector: false,
       rulesState: { page: { index: 0 }, allRules: [] },
-      plugins: [],
       loadingRules: false,
       ...detectorInput,
     };
@@ -104,7 +95,6 @@ export default class CreateDetector extends Component<CreateDetectorProps, Creat
     this.setupRulesState();
     this.props.metrics.detectorMetricsManager.resetMetrics();
     this.props.metrics.detectorMetricsManager.sendMetrics(CreateDetectorSteps.started);
-    this.getPlugins();
   }
 
   componentDidMount(): void {
@@ -262,13 +252,6 @@ export default class CreateDetector extends Component<CreateDetectorProps, Creat
     });
   }
 
-  async getPlugins() {
-    const { services } = this.props;
-    const plugins = await getPlugins(services.opensearchService);
-
-    this.setState({ plugins });
-  }
-
   onPageChange = (page: { index: number; size: number }) => {
     this.setState({
       rulesState: {
@@ -372,7 +355,6 @@ export default class CreateDetector extends Component<CreateDetectorProps, Creat
             changeDetector={this.changeDetector}
             updateDataValidState={this.updateDataValidState}
             notificationsService={services.notificationsService}
-            hasNotificationPlugin={this.state.plugins.includes(OS_NOTIFICATION_PLUGIN)}
             getTriggerName={this.getNextTriggerName}
             metricsContext={this.props.metrics}
           />
diff --git a/public/pages/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.tsx b/public/pages/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.tsx
index e5ad77c85..b26ee6cce 100644
--- a/public/pages/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.tsx
+++ b/public/pages/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.tsx
@@ -14,20 +14,12 @@ import {
 import ConfigureAlerts from '../../../CreateDetector/components/ConfigureAlerts';
 import { DetectorsService, NotificationsService, OpenSearchService } from '../../../../services';
 import { RuleOptions } from '../../../../models/interfaces';
-import {
-  ROUTES,
-  OS_NOTIFICATION_PLUGIN,
-  EMPTY_DEFAULT_DETECTOR,
-} from '../../../../utils/constants';
+import { ROUTES, EMPTY_DEFAULT_DETECTOR } from '../../../../utils/constants';
 import { NotificationsStart } from 'opensearch-dashboards/public';
-import {
-  errorNotificationToast,
-  getPlugins,
-  successNotificationToast,
-} from '../../../../utils/helpers';
+import { errorNotificationToast, successNotificationToast } from '../../../../utils/helpers';
 import { ServerResponse } from '../../../../../server/models/types';
 import { DataStore } from '../../../../store/DataStore';
-import { Detector, DetectorCreationStep } from '../../../../../types';
+import { Detector, DetectorCreationStep, DetectorResponse } from '../../../../../types';
 
 export interface UpdateAlertConditionsProps
   extends RouteComponentProps<any, any, { detectorHit: DetectorHit }> {
@@ -42,7 +34,6 @@ export interface UpdateAlertConditionsState {
   rules: object;
   rulesOptions: RuleOptions[];
   submitting: boolean;
-  plugins: string[];
   isTriggerNameValid: boolean;
 }
 
@@ -62,14 +53,12 @@ export default class UpdateAlertConditions extends Component<
       rules: {},
       rulesOptions: [],
       submitting: false,
-      plugins: [],
       isTriggerNameValid: true,
     };
   }
 
   componentDidMount() {
     this.getRules();
-    this.getPlugins();
   }
 
   changeDetector = (detector: Detector) => {
@@ -132,13 +121,6 @@ export default class UpdateAlertConditions extends Component<
     }
   };
 
-  async getPlugins() {
-    const { opensearchService } = this.props;
-    const plugins = await getPlugins(opensearchService);
-
-    this.setState({ plugins });
-  }
-
   onCancel = () => {
     this.props.history.replace({
       pathname: `${ROUTES.DETECTOR_DETAILS}/${this.props.location.state?.detectorHit._id}`,
@@ -159,6 +141,7 @@ export default class UpdateAlertConditions extends Component<
       detectorHit = {
         _source: detector,
         _id: detector.id || '',
+        _index: '',
       },
     } = state || {};
 
@@ -185,7 +168,10 @@ export default class UpdateAlertConditions extends Component<
     history.replace({
       pathname: `${ROUTES.DETECTOR_DETAILS}/${detectorHit._id}`,
       state: {
-        detectorHit: { ...detectorHit, _source: { ...detectorHit._source, ...detector } },
+        detectorHit: {
+          ...detectorHit,
+          _source: { ...(detectorHit._source as DetectorResponse), ...detector },
+        },
       },
     });
   };
@@ -208,7 +194,6 @@ export default class UpdateAlertConditions extends Component<
           rulesOptions={rulesOptions}
           changeDetector={this.changeDetector}
           updateDataValidState={this.updateDataValidState}
-          hasNotificationPlugin={this.state.plugins.includes(OS_NOTIFICATION_PLUGIN)}
           getTriggerName={() => ''}
         />
 
diff --git a/public/pages/Detectors/components/UpdateAlertConditions/__snapshots__/UpdateAlertConditions.test.tsx.snap b/public/pages/Detectors/components/UpdateAlertConditions/__snapshots__/UpdateAlertConditions.test.tsx.snap
index fb0953a61..6a9a9c582 100644
--- a/public/pages/Detectors/components/UpdateAlertConditions/__snapshots__/UpdateAlertConditions.test.tsx.snap
+++ b/public/pages/Detectors/components/UpdateAlertConditions/__snapshots__/UpdateAlertConditions.test.tsx.snap
@@ -190,27 +190,9 @@ exports[`<UpdateAlertConditions /> spec renders the component 1`] = `
       },
     }
   }
-  detectorService={
-    DetectorService {
-      "createDetector": [Function],
-      "dataSourceEnabled": undefined,
-      "deleteDetector": [Function],
-      "getDetector": [Function],
-      "getDetectors": [Function],
-      "osDriver": Object {
-        "delete": [MockFunction],
-        "get": [MockFunction],
-        "head": [MockFunction],
-        "post": [MockFunction],
-        "put": [MockFunction],
-      },
-      "searchDetectors": [Function],
-      "updateDetector": [Function],
-    }
-  }
   location={
     Object {
-      "pathname": "",
+      "pathname": "/edit-alert-triggers/detector_id_1",
       "state": Object {
         "detectorHit": Object {
           "_id": "detector_id_1",
@@ -419,20 +401,6 @@ exports[`<UpdateAlertConditions /> spec renders the component 1`] = `
       "httpClient": [MockFunction],
     }
   }
-  opensearchService={
-    OpenSearchService {
-      "getIndexPatterns": [Function],
-      "getPlugins": [Function],
-      "httpClient": [MockFunction],
-      "savedObjectsClient": Object {
-        "delete": [MockFunction],
-        "get": [MockFunction],
-        "head": [MockFunction],
-        "post": [MockFunction],
-        "put": [MockFunction],
-      },
-    }
-  }
   ruleService={
     RuleService {
       "createRule": [Function],
@@ -452,7 +420,7 @@ exports[`<UpdateAlertConditions /> spec renders the component 1`] = `
           "detector_type": "detector_type",
           "enabled": true,
           "enabled_time": 1,
-          "id": "",
+          "id": "detector_id_1",
           "inputs": Array [
             Object {
               "detector_input": Object {
@@ -818,30 +786,11 @@ exports[`<UpdateAlertConditions /> spec renders the component 1`] = `
           },
         }
       }
-      detectorService={
-        DetectorService {
-          "createDetector": [Function],
-          "dataSourceEnabled": undefined,
-          "deleteDetector": [Function],
-          "getDetector": [Function],
-          "getDetectors": [Function],
-          "osDriver": Object {
-            "delete": [MockFunction],
-            "get": [MockFunction],
-            "head": [MockFunction],
-            "post": [MockFunction],
-            "put": [MockFunction],
-          },
-          "searchDetectors": [Function],
-          "updateDetector": [Function],
-        }
-      }
       getTriggerName={[Function]}
-      hasNotificationPlugin={false}
       isEdit={true}
       location={
         Object {
-          "pathname": "",
+          "pathname": "/edit-alert-triggers/detector_id_1",
           "state": Object {
             "detectorHit": Object {
               "_id": "detector_id_1",
@@ -1050,20 +999,6 @@ exports[`<UpdateAlertConditions /> spec renders the component 1`] = `
           "httpClient": [MockFunction],
         }
       }
-      opensearchService={
-        OpenSearchService {
-          "getIndexPatterns": [Function],
-          "getPlugins": [Function],
-          "httpClient": [MockFunction],
-          "savedObjectsClient": Object {
-            "delete": [MockFunction],
-            "get": [MockFunction],
-            "head": [MockFunction],
-            "post": [MockFunction],
-            "put": [MockFunction],
-          },
-        }
-      }
       ruleService={
         RuleService {
           "createRule": [Function],
diff --git a/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap b/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap
index 158b0a7b4..d43c43ddb 100644
--- a/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap
+++ b/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap
@@ -1356,191 +1356,20 @@ exports[`<UpdateDetectorBasicDetails /> spec renders the component 1`] = `
           />
         </EuiSpacer>
         <Interval
-          detector={
+          label={
+            <FormFieldHeader
+              headerTitle="Run every"
+            />
+          }
+          onScheduleChange={[Function]}
+          schedule={
             Object {
-              "createdBy": "someone",
-              "detector_type": "detector_type",
-              "enabled": true,
-              "enabled_time": 1,
-              "id": "detector_id_1",
-              "inputs": Array [
-                Object {
-                  "detector_input": Object {
-                    "custom_rules": Array [
-                      Object {
-                        "_id": "rule_id_1",
-                        "_index": ".windows",
-                        "_primary_term": 1,
-                        "_source": Object {
-                          "last_update_time": "12/12/2022",
-                          "queries": Array [
-                            Object {
-                              "value": ".windows",
-                            },
-                          ],
-                          "rule": "rule_name",
-                        },
-                        "_version": 1,
-                        "id": "rule_id_1",
-                        "prePackaged": true,
-                      },
-                    ],
-                    "description": "detectorDescription",
-                    "indices": Array [
-                      ".windows",
-                    ],
-                    "pre_packaged_rules": Array [
-                      Object {
-                        "_id": "rule_id_1",
-                        "_index": ".windows",
-                        "_primary_term": 1,
-                        "_source": Object {
-                          "last_update_time": "12/12/2022",
-                          "queries": Array [
-                            Object {
-                              "value": ".windows",
-                            },
-                          ],
-                          "rule": "rule_name",
-                        },
-                        "_version": 1,
-                        "id": "rule_id_1",
-                        "prePackaged": true,
-                      },
-                    ],
-                  },
-                },
-              ],
-              "last_update_time": 1,
-              "name": "detector_name",
-              "schedule": Object {
-                "period": Object {
-                  "interval": 1,
-                  "unit": "MINUTES",
-                },
+              "period": Object {
+                "interval": 1,
+                "unit": "MINUTES",
               },
-              "triggers": Array [
-                Object {
-                  "actions": Array [
-                    Object {
-                      "destination_id": "some_destination_id_1",
-                      "id": "trigger_id_1_0",
-                      "message_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "name": "some_name",
-                      "subject_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "throttle": Object {
-                        "unit": "minutes",
-                        "value": 1,
-                      },
-                      "throttle_enabled": true,
-                    },
-                    Object {
-                      "destination_id": "some_destination_id_1",
-                      "id": "trigger_id_1_1",
-                      "message_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "name": "some_name",
-                      "subject_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "throttle": Object {
-                        "unit": "minutes",
-                        "value": 1,
-                      },
-                      "throttle_enabled": true,
-                    },
-                  ],
-                  "detection_types": Array [
-                    "rules",
-                  ],
-                  "id": "trigger_id_0",
-                  "ids": Array [
-                    "rule_id_1",
-                  ],
-                  "name": "alert_name",
-                  "sev_levels": Array [
-                    "severity_level_low",
-                  ],
-                  "severity": "1",
-                  "tags": Array [
-                    "any.tag",
-                  ],
-                  "types": Array [
-                    "detector_type_1",
-                  ],
-                },
-                Object {
-                  "actions": Array [
-                    Object {
-                      "destination_id": "some_destination_id_1",
-                      "id": "trigger_id_1_0",
-                      "message_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "name": "some_name",
-                      "subject_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "throttle": Object {
-                        "unit": "minutes",
-                        "value": 1,
-                      },
-                      "throttle_enabled": true,
-                    },
-                    Object {
-                      "destination_id": "some_destination_id_1",
-                      "id": "trigger_id_1_1",
-                      "message_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "name": "some_name",
-                      "subject_template": Object {
-                        "lang": "some_lang",
-                        "source": "some_source",
-                      },
-                      "throttle": Object {
-                        "unit": "minutes",
-                        "value": 1,
-                      },
-                      "throttle_enabled": true,
-                    },
-                  ],
-                  "detection_types": Array [
-                    "rules",
-                  ],
-                  "id": "trigger_id_1",
-                  "ids": Array [
-                    "rule_id_1",
-                  ],
-                  "name": "alert_name",
-                  "sev_levels": Array [
-                    "severity_level_low",
-                  ],
-                  "severity": "1",
-                  "tags": Array [
-                    "any.tag",
-                  ],
-                  "types": Array [
-                    "detector_type_1",
-                  ],
-                },
-              ],
-              "type": "detector",
             }
           }
-          onDetectorScheduleChange={[Function]}
         >
           <EuiFormRow
             describedByIds={Array []}
diff --git a/public/pages/Detectors/containers/Detectors/Detectors.tsx b/public/pages/Detectors/containers/Detectors/Detectors.tsx
index 5d0e3fe32..d0d3ad32f 100644
--- a/public/pages/Detectors/containers/Detectors/Detectors.tsx
+++ b/public/pages/Detectors/containers/Detectors/Detectors.tsx
@@ -359,9 +359,9 @@ export default class Detectors extends Component<DetectorsProps, DetectorsState>
             </EuiFlexItem>
             <EuiFlexItem>
               <EuiFlexGroup justifyContent="flexEnd">
-                <EuiFlexItem grow={false}>{actions[0]}</EuiFlexItem>
-                <EuiFlexItem grow={false}>{actions[1]}</EuiFlexItem>
-                <EuiFlexItem grow={false}>{actions[2]}</EuiFlexItem>
+                {actions.map((action) => {
+                  return <EuiFlexItem grow={false}>{action}</EuiFlexItem>;
+                })}
               </EuiFlexGroup>
             </EuiFlexItem>
           </EuiFlexGroup>
diff --git a/public/pages/Findings/components/CreateAlertFlyout.tsx b/public/pages/Findings/components/CreateAlertFlyout.tsx
index c84f8f27a..8de40f34c 100644
--- a/public/pages/Findings/components/CreateAlertFlyout.tsx
+++ b/public/pages/Findings/components/CreateAlertFlyout.tsx
@@ -22,17 +22,16 @@ import { AlertCondition } from '../../../../models/interfaces';
 import { DetectorsService } from '../../../services';
 import { RulesSharedState } from '../../../models/interfaces';
 import { DEFAULT_EMPTY_DATA } from '../../../utils/constants';
-import { NotificationChannelTypeOptions } from '../../CreateDetector/components/ConfigureAlerts/models/interfaces';
-import { Finding } from '../models/interfaces';
+import {} from '../models/interfaces';
 import { getEmptyAlertCondition } from '../../CreateDetector/components/ConfigureAlerts/utils/helpers';
 import { validateName } from '../../../utils/validation';
 import { addDetectionType } from '../../../utils/helpers';
-import { Detector } from '../../../../types';
+import { Detector, FindingItemType, NotificationChannelTypeOptions } from '../../../../types';
 
 interface CreateAlertFlyoutProps extends RouteComponentProps {
   closeFlyout: (refreshPage?: boolean) => void;
   detectorService: DetectorsService;
-  finding: Finding;
+  finding: FindingItemType;
   notificationChannels: NotificationChannelTypeOptions[];
   refreshNotificationChannels: () => void;
   allRules: object;
@@ -162,13 +161,12 @@ export default class CreateAlertFlyout extends Component<
             isEdit={false}
             loadingNotifications={loading}
             onAlertTriggerChanged={this.onAlertConditionChange}
-            hasNotificationPlugin={this.props.hasNotificationPlugin}
           />
           <EuiSpacer size={'m'} />
 
           <EuiFlexGroup justifyContent={'flexEnd'}>
             <EuiFlexItem grow={false}>
-              <EuiButton disabled={submitting} onClick={closeFlyout}>
+              <EuiButton disabled={submitting} onClick={() => closeFlyout()}>
                 Cancel
               </EuiButton>
             </EuiFlexItem>
diff --git a/public/pages/Findings/components/FindingsTable/FindingsTable.tsx b/public/pages/Findings/components/FindingsTable/FindingsTable.tsx
index 05d771ffa..53d4f1a54 100644
--- a/public/pages/Findings/components/FindingsTable/FindingsTable.tsx
+++ b/public/pages/Findings/components/FindingsTable/FindingsTable.tsx
@@ -31,12 +31,11 @@ import {
   CorrelationService,
 } from '../../../../services';
 import CreateAlertFlyout from '../CreateAlertFlyout';
-import { NotificationChannelTypeOptions } from '../../../CreateDetector/components/ConfigureAlerts/models/interfaces';
 import { parseAlertSeverityToOption } from '../../../CreateDetector/components/ConfigureAlerts/utils/helpers';
 import { RuleSource } from '../../../../../server/models/interfaces';
 import { DataStore } from '../../../../store/DataStore';
 import { getSeverityColor } from '../../../Correlations/utils/constants';
-import { Finding, FindingItemType } from '../../../../../types';
+import { Finding, FindingItemType, NotificationChannelTypeOptions } from '../../../../../types';
 
 interface FindingsTableProps extends RouteComponentProps {
   detectorService: DetectorsService;
@@ -120,7 +119,7 @@ export default class FindingsTable extends Component<FindingsTableProps, Finding
     if (refreshPage) this.props.onRefresh();
   };
 
-  renderCreateAlertFlyout = (finding: Finding) => {
+  renderCreateAlertFlyout = (finding: FindingItemType) => {
     if (this.state.flyoutOpen) this.closeFlyout();
     else {
       const ruleOptions = finding.queries
diff --git a/public/pages/Findings/components/FindingsTable/ThreatIntelFindingsTable.tsx b/public/pages/Findings/components/FindingsTable/ThreatIntelFindingsTable.tsx
new file mode 100644
index 000000000..c13ff4437
--- /dev/null
+++ b/public/pages/Findings/components/FindingsTable/ThreatIntelFindingsTable.tsx
@@ -0,0 +1,65 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { EuiBasicTableColumn, EuiButtonIcon, EuiInMemoryTable, EuiToolTip } from '@elastic/eui';
+import { ThreatIntelFinding } from '../../../../../types';
+import React from 'react';
+import { renderTime } from '../../../../utils/helpers';
+import { DEFAULT_EMPTY_DATA } from '../../../../utils/constants';
+import { DataStore } from '../../../../store/DataStore';
+
+export interface ThreatIntelFindingsTableProps {
+  findingItems: ThreatIntelFinding[];
+}
+
+export const ThreatIntelFindingsTable: React.FC<ThreatIntelFindingsTableProps> = ({
+  findingItems,
+}) => {
+  const columns: EuiBasicTableColumn<ThreatIntelFinding>[] = [
+    {
+      name: 'Time',
+      field: 'timestamp',
+      render: (timestamp: number) => renderTime(timestamp),
+    },
+    {
+      name: 'Indicator of compromise',
+      field: 'ioc_value',
+    },
+    {
+      name: 'Indicator type',
+      field: 'ioc_type',
+    },
+    {
+      name: 'Threat intel source',
+      field: 'ioc_feed_ids',
+      render: (ioc_feed_ids: ThreatIntelFinding['ioc_feed_ids']) => {
+        return <span>{ioc_feed_ids[0]?.feed_id ?? DEFAULT_EMPTY_DATA}</span>;
+      },
+    },
+    {
+      name: 'Actions',
+      actions: [
+        {
+          render: (finding) => (
+            <EuiToolTip content={'View details'}>
+              <EuiButtonIcon
+                aria-label={'View details'}
+                data-test-subj={`view-details-icon`}
+                iconType={'inspect'}
+                onClick={
+                  () => {}
+                  // TODO: implement finding flyout
+                  // DataStore.findings.openFlyout(finding, this.state.filteredFindings)
+                }
+              />
+            </EuiToolTip>
+          ),
+        },
+      ],
+    },
+  ];
+
+  return <EuiInMemoryTable columns={columns} items={findingItems} pagination search />;
+};
diff --git a/public/pages/Findings/containers/Findings/Findings.tsx b/public/pages/Findings/containers/Findings/Findings.tsx
index d9f197107..2a8aabe37 100644
--- a/public/pages/Findings/containers/Findings/Findings.tsx
+++ b/public/pages/Findings/containers/Findings/Findings.tsx
@@ -15,6 +15,7 @@ import {
   EuiTitle,
   EuiEmptyPrompt,
   EuiLink,
+  EuiTabbedContent,
 } from '@elastic/eui';
 import FindingsTable from '../../components/FindingsTable';
 import {
@@ -28,12 +29,12 @@ import {
   BREADCRUMBS,
   DEFAULT_DATE_RANGE,
   MAX_RECENTLY_USED_TIME_RANGES,
-  OS_NOTIFICATION_PLUGIN,
 } from '../../../../utils/constants';
 import {
   getChartTimeUnit,
   getDomainRange,
   getFindingsVisualizationSpec,
+  getThreatIntelFindingsVisualizationSpec,
   TimeUnit,
 } from '../../../Overview/utils/helpers';
 import { CoreServicesContext } from '../../../../components/core_services';
@@ -45,8 +46,8 @@ import {
   createSelectComponent,
   errorNotificationToast,
   renderVisualization,
-  getPlugins,
   getDuration,
+  getIsNotificationPluginInstalled,
 } from '../../../../utils/helpers';
 import { RuleSource } from '../../../../../server/models/interfaces';
 import { NotificationsStart } from 'opensearch-dashboards/public';
@@ -58,8 +59,11 @@ import {
   FeatureChannelList,
   DateTimeFilter,
   FindingItemType,
-  DetectorHit
+  DetectorHit,
+  ThreatIntelFinding,
+  ThreatIntelFindingsGroupByType,
 } from '../../../../../types';
+import { ThreatIntelFindingsTable } from '../../components/FindingsTable/ThreatIntelFindingsTable';
 
 interface FindingsProps extends RouteComponentProps, DataSourceProps {
   detectorService: DetectorsService;
@@ -73,15 +77,33 @@ interface FindingsProps extends RouteComponentProps, DataSourceProps {
   setDateTimeFilter?: Function;
 }
 
-interface FindingsState {
-  loading: boolean;
+enum FindingTabId {
+  DetectionRules = 'detection-rules',
+  ThreatIntel = 'threat-intel',
+}
+
+interface DetectionRulesFindingsState {
   findings: FindingItemType[];
-  notificationChannels: FeatureChannelList[];
   rules: { [id: string]: RuleSource };
-  recentlyUsedRanges: DurationRange[];
   groupBy: FindingsGroupByType;
   filteredFindings: FindingItemType[];
-  plugins: string[];
+}
+
+interface ThreatIntelFindingsState {
+  findings: ThreatIntelFinding[];
+  groupBy: ThreatIntelFindingsGroupByType;
+  filteredFindings: ThreatIntelFinding[];
+}
+
+interface FindingsState {
+  loading: boolean;
+  selectedTabId: FindingTabId;
+  findingStateByTabId: {
+    [FindingTabId.DetectionRules]: DetectionRulesFindingsState;
+    [FindingTabId.ThreatIntel]: ThreatIntelFindingsState;
+  };
+  notificationChannels: FeatureChannelList[];
+  recentlyUsedRanges: DurationRange[];
   timeUnit: TimeUnit;
   dateFormat: string;
 }
@@ -93,12 +115,21 @@ interface FindingVisualizationData {
   ruleSeverity: string;
 }
 
+interface ThreatIntelFindingVisualizationData {
+  time: number;
+  finding: number;
+  indicatorType: string;
+}
+
 type FindingsGroupByType = 'logType' | 'ruleSeverity';
 
-export const groupByOptions = [
-  { text: 'Log type', value: 'logType' },
-  { text: 'Rule severity', value: 'ruleSeverity' },
-];
+export const groupByOptionsByTabId = {
+  [FindingTabId.DetectionRules]: [
+    { text: 'Log type', value: 'logType' },
+    { text: 'Rule severity', value: 'ruleSeverity' },
+  ],
+  [FindingTabId.ThreatIntel]: [{ text: 'Indicator type', value: 'indicatorType' }],
+};
 
 class Findings extends Component<FindingsProps, FindingsState> {
   static contextType = CoreServicesContext;
@@ -117,25 +148,61 @@ class Findings extends Component<FindingsProps, FindingsState> {
     const timeUnits = getChartTimeUnit(dateTimeFilter.startTime, dateTimeFilter.endTime);
     this.state = {
       loading: true,
-      findings: [],
       notificationChannels: [],
-      rules: {},
+      selectedTabId: FindingTabId.DetectionRules,
+      findingStateByTabId: {
+        [FindingTabId.DetectionRules]: {
+          findings: [],
+          rules: {},
+          filteredFindings: [],
+          groupBy: 'logType',
+        },
+        [FindingTabId.ThreatIntel]: {
+          findings: [],
+          filteredFindings: [],
+          groupBy: 'indicatorType',
+        },
+      },
       recentlyUsedRanges: [DEFAULT_DATE_RANGE],
-      groupBy: 'logType',
-      filteredFindings: [],
-      plugins: [],
       timeUnit: timeUnits.timeUnit,
       dateFormat: timeUnits.dateFormat,
     };
   }
 
+  shouldUpdateVisualization(prevState: FindingsState) {
+    const { selectedTabId, findingStateByTabId } = this.state;
+    const { findingStateByTabId: prevFindingStateByTabId } = prevState;
+    let currentFindingsState, prevFindingsState;
+
+    switch (selectedTabId) {
+      case FindingTabId.DetectionRules:
+        currentFindingsState = findingStateByTabId[FindingTabId.DetectionRules];
+        prevFindingsState = prevFindingStateByTabId[FindingTabId.DetectionRules];
+        return (
+          currentFindingsState.filteredFindings !== prevFindingsState.filteredFindings ||
+          currentFindingsState.groupBy !== prevFindingsState.groupBy
+        );
+
+      case FindingTabId.ThreatIntel:
+        currentFindingsState = findingStateByTabId[FindingTabId.ThreatIntel];
+        prevFindingsState = prevFindingStateByTabId[FindingTabId.ThreatIntel];
+        return (
+          currentFindingsState.filteredFindings !== prevFindingsState.filteredFindings ||
+          currentFindingsState.groupBy !== prevFindingsState.groupBy
+        );
+
+      default:
+        return false;
+    }
+  }
+
   componentDidUpdate(prevProps: Readonly<FindingsProps>, prevState: Readonly<FindingsState>): void {
-    if (this.props.dataSource !== prevProps.dataSource) {
-      this.onRefresh();
-    } else if (
-      this.state.filteredFindings !== prevState.filteredFindings ||
-      this.state.groupBy !== prevState.groupBy
+    if (
+      this.props.dataSource !== prevProps.dataSource ||
+      this.state.selectedTabId !== prevState.selectedTabId
     ) {
+      this.onRefresh();
+    } else if (this.shouldUpdateVisualization(prevState)) {
       renderVisualization(this.generateVisualizationSpec(), 'findings-view');
     }
   }
@@ -151,11 +218,34 @@ class Findings extends Component<FindingsProps, FindingsState> {
 
   onRefresh = async () => {
     await this.getNotificationChannels();
-    await this.getPlugins();
-    await this.getFindings();
+    if (this.state.selectedTabId === FindingTabId.DetectionRules) {
+      await this.getDetectionRulesFindings();
+    } else if (this.state.selectedTabId === FindingTabId.ThreatIntel) {
+      await this.getThreatIntelFindings();
+    }
     renderVisualization(this.generateVisualizationSpec(), 'findings-view');
   };
 
+  setStateForTab<T extends FindingTabId, F extends keyof FindingsState['findingStateByTabId'][T]>(
+    {
+      tabId,
+      field,
+      value,
+    }: { tabId: T; field: F; value: FindingsState['findingStateByTabId'][T][F] },
+    otherState?: Partial<Pick<FindingsState, keyof Omit<FindingsState, 'findingStateByTabId'>>>
+  ) {
+    this.setState({
+      ...(otherState as any),
+      findingStateByTabId: {
+        ...this.state.findingStateByTabId,
+        [tabId]: {
+          ...this.state.findingStateByTabId[tabId],
+          [field]: value,
+        },
+      },
+    });
+  }
+
   onStreamingFindings = async (findings: FindingItemType[]) => {
     const ruleIds = new Set<string>();
     findings.forEach((finding) => {
@@ -163,18 +253,39 @@ class Findings extends Component<FindingsProps, FindingsState> {
     });
 
     await this.getRules(Array.from(ruleIds));
-    this.setState({ findings: [...this.state.findings, ...findings] });
-  }
+    this.setStateForTab({
+      tabId: FindingTabId.DetectionRules,
+      field: 'findings',
+      value: [...this.state.findingStateByTabId[FindingTabId.DetectionRules].findings, ...findings],
+    });
+  };
+
+  onStreamingThreatIntelFindings = async (findings: ThreatIntelFinding[]) => {
+    this.setStateForTab({
+      tabId: FindingTabId.ThreatIntel,
+      field: 'findings',
+      value: [...this.state.findingStateByTabId[FindingTabId.ThreatIntel].findings, ...findings],
+    });
+  };
 
   abortGetFindings = () => {
-    this.abortGetFindingsControllers.forEach(controller => {
+    this.abortGetFindingsControllers.forEach((controller) => {
       controller.abort();
     });
-  }
+  };
 
-  getFindings = async () => {
+  getDetectionRulesFindings = async () => {
     this.abortGetFindings();
-    this.setState({ loading: true, findings: [] });
+    this.setStateForTab(
+      {
+        tabId: FindingTabId.DetectionRules,
+        field: 'findings',
+        value: [],
+      },
+      {
+        loading: true,
+      }
+    );
     const { detectorService, notifications, dateTimeFilter } = this.props;
     const abortController = new AbortController();
     this.abortGetFindingsControllers.push(abortController);
@@ -184,7 +295,11 @@ class Findings extends Component<FindingsProps, FindingsState> {
 
       // Not looking for findings from specific detector
       if (!detectorId) {
-        await DataStore.findings.getAllFindings(abortController.signal, duration, this.onStreamingFindings);
+        await DataStore.findings.getAllFindings(
+          abortController.signal,
+          duration,
+          this.onStreamingFindings
+        );
       } else {
         // get findings for a detector
         const getDetectorResponse = await detectorService.getDetectorWithId(detectorId);
@@ -193,9 +308,15 @@ class Findings extends Component<FindingsProps, FindingsState> {
           const detectorHit: DetectorHit = {
             _id: getDetectorResponse.response._id,
             _index: '',
-            _source: getDetectorResponse.response.detector
-          }
-          await DataStore.findings.getFindingsPerDetector(detectorId, detectorHit, abortController.signal, duration, this.onStreamingFindings);
+            _source: getDetectorResponse.response.detector,
+          };
+          await DataStore.findings.getFindingsPerDetector(
+            detectorId,
+            detectorHit,
+            abortController.signal,
+            duration,
+            this.onStreamingFindings
+          );
         } else {
           errorNotificationToast(notifications, 'retrieve', 'findings', getDetectorResponse.error);
         }
@@ -206,6 +327,33 @@ class Findings extends Component<FindingsProps, FindingsState> {
     this.setState({ loading: false });
   };
 
+  getThreatIntelFindings = async () => {
+    try {
+      this.abortGetFindings();
+      this.setStateForTab(
+        {
+          tabId: FindingTabId.ThreatIntel,
+          field: 'findings',
+          value: [],
+        },
+        {
+          loading: true,
+        }
+      );
+      const duration = this.props.dateTimeFilter
+        ? getDuration(this.props.dateTimeFilter)
+        : undefined;
+      const abortController = new AbortController();
+      this.abortGetFindingsControllers.push(abortController);
+      await DataStore.threatIntel.getThreatIntelFindings(
+        abortController.signal,
+        duration,
+        this.onStreamingThreatIntelFindings
+      );
+    } catch (e: any) {}
+    this.setState({ loading: false });
+  };
+
   getRules = async (ruleIds: string[]) => {
     const { notifications } = this.props;
     try {
@@ -213,10 +361,16 @@ class Findings extends Component<FindingsProps, FindingsState> {
         _id: ruleIds,
       });
 
-      const allRules: { [id: string]: RuleSource } = { ...this.state.rules };
+      const allRules: { [id: string]: RuleSource } = {
+        ...this.state.findingStateByTabId[FindingTabId.DetectionRules].rules,
+      };
       rules.forEach((hit) => (allRules[hit._id] = hit._source));
 
-      this.setState({ rules: allRules });
+      this.setStateForTab({
+        tabId: FindingTabId.DetectionRules,
+        field: 'rules',
+        value: allRules,
+      });
     } catch (e) {
       errorNotificationToast(notifications, 'retrieve', 'rules', e);
     }
@@ -227,13 +381,6 @@ class Findings extends Component<FindingsProps, FindingsState> {
     this.setState({ notificationChannels: channels });
   };
 
-  async getPlugins() {
-    const { opensearchService } = this.props;
-    const plugins = await getPlugins(opensearchService);
-
-    this.setState({ plugins });
-  }
-
   onTimeChange = ({ start, end }: { start: string; end: string }) => {
     let { recentlyUsedRanges } = this.state;
     recentlyUsedRanges = recentlyUsedRanges.filter(
@@ -257,25 +404,49 @@ class Findings extends Component<FindingsProps, FindingsState> {
   };
 
   generateVisualizationSpec() {
-    const visData: FindingVisualizationData[] = [];
-
-    this.state.filteredFindings.forEach((finding: FindingItemType) => {
-      const findingTime = new Date(finding.timestamp);
-      findingTime.setMilliseconds(0);
-      findingTime.setSeconds(0);
-      finding.detectionType === 'Threat intelligence';
-      const ruleLevel =
-        finding.detectionType === 'Threat intelligence'
-          ? 'high'
-          : this.state.rules[finding.queries[0].id].level;
-      visData.push({
-        finding: 1,
-        time: findingTime.getTime(),
-        logType: finding.detector._source.detector_type,
-        ruleSeverity:
-          ruleLevel === 'critical' ? ruleLevel : (finding as any)['ruleSeverity'] || ruleLevel,
+    const visData: (FindingVisualizationData | ThreatIntelFindingVisualizationData)[] = [];
+    const { selectedTabId, findingStateByTabId } = this.state;
+
+    const findingsState =
+      selectedTabId === FindingTabId.DetectionRules
+        ? findingStateByTabId[FindingTabId.DetectionRules]
+        : findingStateByTabId[FindingTabId.ThreatIntel];
+    const groupBy = findingsState.groupBy;
+    let specGetter;
+
+    if (selectedTabId === FindingTabId.DetectionRules) {
+      (findingsState.filteredFindings as FindingItemType[]).forEach((finding: FindingItemType) => {
+        const findingTime = new Date(finding.timestamp);
+        findingTime.setMilliseconds(0);
+        findingTime.setSeconds(0);
+        finding.detectionType === 'Threat intelligence';
+        const ruleLevel =
+          finding.detectionType === 'Threat intelligence'
+            ? 'high'
+            : (findingsState as DetectionRulesFindingsState).rules[finding.queries[0].id].level;
+        visData.push({
+          finding: 1,
+          time: findingTime.getTime(),
+          logType: finding.detector._source.detector_type,
+          ruleSeverity:
+            ruleLevel === 'critical' ? ruleLevel : (finding as any)['ruleSeverity'] || ruleLevel,
+        });
       });
-    });
+      specGetter = getFindingsVisualizationSpec;
+    } else {
+      (findingsState.findings as ThreatIntelFinding[]).forEach((finding) => {
+        const findingTime = new Date(finding.timestamp);
+        findingTime.setMilliseconds(0);
+        findingTime.setSeconds(0);
+
+        visData.push({
+          finding: 1,
+          time: findingTime.getTime(),
+          indicatorType: finding.ioc_type,
+        });
+      });
+      specGetter = getThreatIntelFindingsVisualizationSpec;
+    }
     const {
       dateTimeFilter = {
         startTime: DEFAULT_DATE_RANGE.start,
@@ -283,7 +454,8 @@ class Findings extends Component<FindingsProps, FindingsState> {
       },
     } = this.props;
     const chartTimeUnits = getChartTimeUnit(dateTimeFilter.startTime, dateTimeFilter.endTime);
-    return getFindingsVisualizationSpec(visData, this.state.groupBy, {
+
+    return specGetter(visData, groupBy, {
       timeUnit: chartTimeUnits.timeUnit,
       dateFormat: chartTimeUnits.dateFormat,
       domain: getDomainRange(
@@ -295,23 +467,38 @@ class Findings extends Component<FindingsProps, FindingsState> {
 
   createGroupByControl(): React.ReactNode {
     return createSelectComponent(
-      groupByOptions,
-      this.state.groupBy,
+      groupByOptionsByTabId[this.state.selectedTabId],
+      this.state.findingStateByTabId[this.state.selectedTabId].groupBy,
       'findings-vis-groupBy',
       (event: React.ChangeEvent<HTMLSelectElement>) => {
         const groupBy = event.target.value as FindingsGroupByType;
-        this.setState({ groupBy });
+        this.setStateForTab({
+          tabId: this.state.selectedTabId,
+          field: 'groupBy',
+          value: groupBy,
+        });
       }
     );
   }
 
   onFindingsFiltered = (findings: FindingItemType[]) => {
-    this.setState({ filteredFindings: findings });
+    this.setStateForTab({
+      tabId: FindingTabId.DetectionRules,
+      field: 'filteredFindings',
+      value: findings,
+    });
   };
 
   render() {
-    const { loading, notificationChannels, rules, recentlyUsedRanges } = this.state;
-    let { findings } = this.state;
+    const {
+      loading,
+      notificationChannels,
+      recentlyUsedRanges,
+      selectedTabId,
+      findingStateByTabId,
+    } = this.state;
+    let findings = findingStateByTabId[selectedTabId].findings;
+    const rules = findingStateByTabId[FindingTabId.DetectionRules].rules;
 
     const {
       dateTimeFilter = {
@@ -319,7 +506,7 @@ class Findings extends Component<FindingsProps, FindingsState> {
         endTime: DEFAULT_DATE_RANGE.end,
       },
     } = this.props;
-    if (Object.keys(rules).length > 0) {
+    if (selectedTabId === FindingTabId.DetectionRules && Object.keys(rules).length > 0) {
       findings = findings.map((finding: any) => {
         const rule = rules[finding.queries[0].id];
         if (rule) {
@@ -332,6 +519,57 @@ class Findings extends Component<FindingsProps, FindingsState> {
       });
     }
 
+    const tabs = [
+      {
+        id: FindingTabId.DetectionRules,
+        name: (
+          <span>
+            Detection rules (
+            {findingStateByTabId[FindingTabId.DetectionRules].filteredFindings.length})
+          </span>
+        ),
+        content: (
+          <>
+            <EuiSpacer />
+            <FindingsTable
+              {...this.props}
+              history={this.props.history}
+              findings={findings as FindingItemType[]}
+              loading={loading}
+              rules={rules}
+              startTime={dateTimeFilter.startTime}
+              endTime={dateTimeFilter.endTime}
+              onRefresh={this.onRefresh}
+              notificationChannels={parseNotificationChannelsToOptions(notificationChannels)}
+              refreshNotificationChannels={this.getNotificationChannels}
+              onFindingsFiltered={this.onFindingsFiltered}
+              hasNotificationsPlugin={getIsNotificationPluginInstalled()}
+              correlationService={this.props.correlationService}
+            />
+          </>
+        ),
+      },
+      {
+        id: FindingTabId.ThreatIntel,
+        name: (
+          <span>
+            Threat intel{' '}
+            {this.state.selectedTabId === FindingTabId.ThreatIntel
+              ? `(${findingStateByTabId[FindingTabId.ThreatIntel].findings.length})`
+              : null}
+          </span>
+        ),
+        content: (
+          <>
+            <EuiSpacer />
+            <ThreatIntelFindingsTable
+              findingItems={findingStateByTabId[FindingTabId.ThreatIntel].findings}
+            />
+          </>
+        ),
+      },
+    ];
+
     return (
       <EuiFlexGroup direction="column">
         <EuiFlexItem>
@@ -387,20 +625,12 @@ class Findings extends Component<FindingsProps, FindingsState> {
 
         <EuiFlexItem>
           <ContentPanel title={'Findings'}>
-            <FindingsTable
-              {...this.props}
-              history={this.props.history}
-              findings={findings}
-              loading={loading}
-              rules={rules}
-              startTime={dateTimeFilter.startTime}
-              endTime={dateTimeFilter.endTime}
-              onRefresh={this.onRefresh}
-              notificationChannels={parseNotificationChannelsToOptions(notificationChannels)}
-              refreshNotificationChannels={this.getNotificationChannels}
-              onFindingsFiltered={this.onFindingsFiltered}
-              hasNotificationsPlugin={this.state.plugins.includes(OS_NOTIFICATION_PLUGIN)}
-              correlationService={this.props.correlationService}
+            <EuiTabbedContent
+              tabs={tabs}
+              initialSelectedTab={tabs[0]}
+              onTabClick={(tab) => {
+                this.setState({ selectedTabId: tab.id as FindingTabId });
+              }}
             />
           </ContentPanel>
         </EuiFlexItem>
diff --git a/public/pages/Main/Main.tsx b/public/pages/Main/Main.tsx
index 80eeb49c5..e21341e8a 100644
--- a/public/pages/Main/Main.tsx
+++ b/public/pages/Main/Main.tsx
@@ -58,7 +58,10 @@ import { DataSourceMenuWrapper } from '../../components/MDS/DataSourceMenuWrappe
 import { DataSourceOption } from 'src/plugins/data_source_management/public/components/data_source_menu/types';
 import { DataSourceContext, DataSourceContextConsumer } from '../../services/DataSourceContext';
 import { dataSourceInfo } from '../../services/utils/constants';
-import { getPlugins } from '../../utils/helpers';
+import { ThreatIntelOverview } from '../ThreatIntel/containers/Overview/ThreatIntelOverview';
+import { AddThreatIntelSource } from '../ThreatIntel/containers/AddThreatIntelSource/AddThreatIntelSource';
+import { ThreatIntelScanConfigForm } from '../ThreatIntel/containers/ScanConfiguration/ThreatIntelScanConfigForm';
+import { ThreatIntelSource } from '../ThreatIntel/containers/ThreatIntelSource/ThreatIntelSource';
 
 enum Navigation {
   SecurityAnalytics = 'Security Analytics',
@@ -70,6 +73,7 @@ enum Navigation {
   Correlations = 'Correlations',
   CorrelationRules = 'Correlation rules',
   LogTypes = 'Log types',
+  ThreatIntel = 'Threat Intelligence',
 }
 
 /**
@@ -87,6 +91,9 @@ const HIDDEN_NAV_ROUTES: string[] = [
   ROUTES.EDIT_DETECTOR_ALERT_TRIGGERS,
   `${ROUTES.LOG_TYPES}/.+`,
   ROUTES.LOG_TYPES_CREATE,
+  ROUTES.THREAT_INTEL_ADD_CUSTOM_SOURCE,
+  ROUTES.THREAT_INTEL_CREATE_SCAN_CONFIG,
+  ROUTES.THREAT_INTEL_EDIT_SCAN_CONFIG,
 ];
 
 interface MainProps extends RouteComponentProps {
@@ -98,7 +105,7 @@ interface MainProps extends RouteComponentProps {
 
 interface MainState {
   getStartedDismissedOnce: boolean;
-  selectedNavItemId: number;
+  selectedNavItemId: Navigation;
   dateTimeFilter: DateTimeFilter;
   callout?: ICalloutProps;
   toasts?: Toast[];
@@ -111,12 +118,13 @@ interface MainState {
  *
  */
 
-const navItemIndexByRoute: { [route: string]: number } = {
-  [ROUTES.OVERVIEW]: 1,
-  [ROUTES.FINDINGS]: 2,
-  [ROUTES.ALERTS]: 3,
-  [ROUTES.DETECTORS]: 4,
-  [ROUTES.RULES]: 5,
+const navItemIdByRoute: { [route: string]: Navigation } = {
+  [ROUTES.OVERVIEW]: Navigation.Overview,
+  [ROUTES.FINDINGS]: Navigation.Findings,
+  [ROUTES.ALERTS]: Navigation.Alerts,
+  [ROUTES.DETECTORS]: Navigation.Detectors,
+  [ROUTES.RULES]: Navigation.Rules,
+  [ROUTES.THREAT_INTEL_OVERVIEW]: Navigation.ThreatIntel,
 };
 
 export default class Main extends Component<MainProps, MainState> {
@@ -131,7 +139,7 @@ export default class Main extends Component<MainProps, MainState> {
         };
     this.state = {
       getStartedDismissedOnce: false,
-      selectedNavItemId: 1,
+      selectedNavItemId: Navigation.Overview,
       dateTimeFilter: defaultDateTimeFilter,
       findingFlyout: null,
       dataSourceLoading: props.multiDataSourceEnabled,
@@ -185,30 +193,30 @@ export default class Main extends Component<MainProps, MainState> {
   };
 
   /**
-   * Returns current component route index
-   * @return {number}
+   * Returns current component route's side nav id
+   * @return {string}
    */
-  getCurrentRouteIndex = (): number | undefined => {
-    let index: number | undefined;
+  getCurrentRouteId = (): Navigation | undefined => {
+    let navItemId: Navigation | undefined;
     const pathname = this.props.location.pathname;
-    for (const [route, routeIndex] of Object.entries(navItemIndexByRoute)) {
+    for (const [route, routeId] of Object.entries(navItemIdByRoute)) {
       if (pathname.match(new RegExp(`^${route}`))) {
-        index = routeIndex;
+        navItemId = routeId;
         break;
       }
     }
 
-    return index;
+    return navItemId;
   };
 
   updateSelectedNavItem() {
-    const routeIndex = this.getCurrentRouteIndex();
-    if (routeIndex) {
-      this.setState({ selectedNavItemId: routeIndex });
+    const navItemId = this.getCurrentRouteId();
+    if (navItemId) {
+      this.setState({ selectedNavItemId: navItemId });
     }
 
     if (this.props.location.pathname.includes('detector-details')) {
-      this.setState({ selectedNavItemId: navItemIndexByRoute[ROUTES.DETECTORS] });
+      this.setState({ selectedNavItemId: navItemIdByRoute[ROUTES.DETECTORS] });
     }
   }
 
@@ -240,12 +248,12 @@ export default class Main extends Component<MainProps, MainState> {
   getSideNavItems = () => {
     const { history } = this.props;
 
-    const { selectedNavItemId: selectedNavItemIndex } = this.state;
+    const { selectedNavItemId } = this.state;
 
     return [
       {
         name: Navigation.SecurityAnalytics,
-        id: 0,
+        id: Navigation.SecurityAnalytics,
         renderItem: () => {
           return (
             <>
@@ -259,66 +267,75 @@ export default class Main extends Component<MainProps, MainState> {
         items: [
           {
             name: Navigation.Overview,
-            id: 1,
+            id: Navigation.Overview,
             onClick: () => {
-              this.setState({ selectedNavItemId: 1 });
+              this.setState({ selectedNavItemId: Navigation.Overview });
               history.push(ROUTES.OVERVIEW);
             },
-            isSelected: selectedNavItemIndex === 1,
+            isSelected: selectedNavItemId === Navigation.Overview,
           },
           {
             name: Navigation.Findings,
-            id: 2,
+            id: Navigation.Findings,
             onClick: () => {
-              this.setState({ selectedNavItemId: 2 });
+              this.setState({ selectedNavItemId: Navigation.Findings });
               history.push(ROUTES.FINDINGS);
             },
-            isSelected: selectedNavItemIndex === 2,
+            isSelected: selectedNavItemId === Navigation.Findings,
           },
           {
             name: Navigation.Alerts,
-            id: 3,
+            id: Navigation.Alerts,
             onClick: () => {
-              this.setState({ selectedNavItemId: 3 });
+              this.setState({ selectedNavItemId: Navigation.Alerts });
               history.push(ROUTES.ALERTS);
             },
-            isSelected: selectedNavItemIndex === 3,
+            isSelected: selectedNavItemId === Navigation.Alerts,
+          },
+          {
+            name: Navigation.ThreatIntel,
+            id: Navigation.ThreatIntel,
+            onClick: () => {
+              this.setState({ selectedNavItemId: Navigation.ThreatIntel });
+              history.push(ROUTES.THREAT_INTEL_OVERVIEW);
+            },
+            isSelected: selectedNavItemId === Navigation.ThreatIntel,
           },
           {
             name: Navigation.Detectors,
-            id: 4,
+            id: Navigation.Detectors,
             onClick: () => {
-              this.setState({ selectedNavItemId: 4 });
+              this.setState({ selectedNavItemId: Navigation.Detectors });
               history.push(ROUTES.DETECTORS);
             },
             forceOpen: true,
-            isSelected: selectedNavItemIndex === 4,
+            isSelected: selectedNavItemId === Navigation.Detectors,
             items: [
               {
                 name: Navigation.Rules,
-                id: 5,
+                id: Navigation.Rules,
                 onClick: () => {
-                  this.setState({ selectedNavItemId: 5 });
+                  this.setState({ selectedNavItemId: Navigation.Rules });
                   history.push(ROUTES.RULES);
                 },
-                isSelected: selectedNavItemIndex === 5,
+                isSelected: selectedNavItemId === Navigation.Rules,
               },
               {
                 name: Navigation.LogTypes,
-                id: 8,
+                id: Navigation.LogTypes,
                 onClick: () => {
-                  this.setState({ selectedNavItemId: 8 });
+                  this.setState({ selectedNavItemId: Navigation.LogTypes });
                   history.push(ROUTES.LOG_TYPES);
                 },
-                isSelected: selectedNavItemIndex === 8,
+                isSelected: selectedNavItemId === Navigation.LogTypes,
               },
             ],
           },
           {
             name: Navigation.Correlations,
-            id: 6,
+            id: Navigation.Correlations,
             onClick: () => {
-              this.setState({ selectedNavItemId: 6 });
+              this.setState({ selectedNavItemId: Navigation.Correlations });
               history.push(ROUTES.CORRELATIONS);
             },
             renderItem: (props: any) => {
@@ -328,7 +345,7 @@ export default class Main extends Component<MainProps, MainState> {
                     <span
                       className={props.className}
                       onClick={() => {
-                        this.setState({ selectedNavItemId: 6 });
+                        this.setState({ selectedNavItemId: Navigation.Correlations });
                         history.push(ROUTES.CORRELATIONS);
                       }}
                     >
@@ -338,17 +355,17 @@ export default class Main extends Component<MainProps, MainState> {
                 </EuiFlexGroup>
               );
             },
-            isSelected: selectedNavItemIndex === 6,
+            isSelected: selectedNavItemId === Navigation.Correlations,
             forceOpen: true,
             items: [
               {
                 name: Navigation.CorrelationRules,
-                id: 7,
+                id: Navigation.CorrelationRules,
                 onClick: () => {
-                  this.setState({ selectedNavItemId: 7 });
+                  this.setState({ selectedNavItemId: Navigation.CorrelationRules });
                   history.push(ROUTES.CORRELATION_RULES);
                 },
-                isSelected: selectedNavItemIndex === 7,
+                isSelected: selectedNavItemId === Navigation.CorrelationRules,
               },
             ],
           },
@@ -420,7 +437,7 @@ export default class Main extends Component<MainProps, MainState> {
                                       {...findingFlyout}
                                       history={history}
                                       indexPatternsService={services.indexPatternsService}
-                                      correlationService={services?.correlationsService}
+                                      correlationService={services.correlationsService}
                                       opensearchService={services.opensearchService}
                                     />
                                   ) : null}
@@ -432,7 +449,7 @@ export default class Main extends Component<MainProps, MainState> {
                                           {...props}
                                           setDateTimeFilter={this.setDateTimeFilter}
                                           dateTimeFilter={this.state.dateTimeFilter}
-                                          correlationService={services?.correlationsService}
+                                          correlationService={services.correlationsService}
                                           opensearchService={services.opensearchService}
                                           detectorService={services.detectorsService}
                                           notificationsService={services.notificationsService}
@@ -646,8 +663,8 @@ export default class Main extends Component<MainProps, MainState> {
                                       render={(props: RouteComponentProps<any, any, any>) => (
                                         <CreateCorrelationRule
                                           {...props}
-                                          indexService={services?.indexService}
-                                          fieldMappingService={services?.fieldMappingService}
+                                          indexService={services.indexService}
+                                          fieldMappingService={services.fieldMappingService}
                                           notifications={core?.notifications}
                                           dataSource={selectedDataSource}
                                           notificationsService={services?.notificationsService}
@@ -660,8 +677,8 @@ export default class Main extends Component<MainProps, MainState> {
                                       render={(props: RouteComponentProps<any, any, any>) => (
                                         <CreateCorrelationRule
                                           {...props}
-                                          indexService={services?.indexService}
-                                          fieldMappingService={services?.fieldMappingService}
+                                          indexService={services.indexService}
+                                          fieldMappingService={services.fieldMappingService}
                                           notifications={core?.notifications}
                                           dataSource={selectedDataSource}
                                           notificationsService={services?.notificationsService}
@@ -676,7 +693,11 @@ export default class Main extends Component<MainProps, MainState> {
                                           <Correlations
                                             {...props}
                                             history={props.history}
-                                            onMount={() => this.setState({ selectedNavItemId: 6 })}
+                                            onMount={() =>
+                                              this.setState({
+                                                selectedNavItemId: Navigation.Correlations,
+                                              })
+                                            }
                                             dateTimeFilter={this.state.dateTimeFilter}
                                             setDateTimeFilter={this.setDateTimeFilter}
                                             dataSource={selectedDataSource}
@@ -714,6 +735,57 @@ export default class Main extends Component<MainProps, MainState> {
                                         );
                                       }}
                                     />
+                                    <Route
+                                      path={ROUTES.THREAT_INTEL_ADD_CUSTOM_SOURCE}
+                                      render={(props) => {
+                                        return (
+                                          <AddThreatIntelSource
+                                            {...props}
+                                            threatIntelService={services.threatIntelService}
+                                          />
+                                        );
+                                      }}
+                                    />
+                                    <Route
+                                      path={ROUTES.THREAT_INTEL_OVERVIEW}
+                                      render={(props) => {
+                                        return (
+                                          <ThreatIntelOverview
+                                            {...props}
+                                            threatIntelService={services.threatIntelService}
+                                          />
+                                        );
+                                      }}
+                                    />
+                                    <Route
+                                      path={[
+                                        ROUTES.THREAT_INTEL_CREATE_SCAN_CONFIG,
+                                        ROUTES.THREAT_INTEL_EDIT_SCAN_CONFIG,
+                                      ]}
+                                      render={(props: RouteComponentProps<any, any, any>) => {
+                                        return (
+                                          <ThreatIntelScanConfigForm
+                                            {...props}
+                                            notificationsService={services.notificationsService}
+                                            threatIntelService={services.threatIntelService}
+                                            notifications={core.notifications}
+                                          />
+                                        );
+                                      }}
+                                    />
+                                    <Route
+                                      path={`${ROUTES.THREAT_INTEL_SOURCE_DETAILS}/:id`}
+                                      render={(props: RouteComponentProps<any, any, any>) => {
+                                        return (
+                                          <ThreatIntelSource
+                                            {...props}
+                                            threatIntelService={services.threatIntelService}
+                                            notifications={core.notifications}
+                                          />
+                                        );
+                                      }}
+                                    />
+
                                     <Redirect from={'/'} to={landingPage} />
                                   </Switch>
                                 </EuiPageBody>
diff --git a/public/pages/Overview/utils/helpers.ts b/public/pages/Overview/utils/helpers.ts
index 96856ab31..7c79499e0 100644
--- a/public/pages/Overview/utils/helpers.ts
+++ b/public/pages/Overview/utils/helpers.ts
@@ -272,6 +272,46 @@ export function getFindingsVisualizationSpec(
   ]);
 }
 
+export function getThreatIntelFindingsVisualizationSpec(
+  visualizationData: any[],
+  groupBy: string,
+  dateOpts: DateOpts = {
+    timeUnit: defaultTimeUnit,
+    dateFormat: defaultDateFormat,
+    domain: defaultScaleDomain,
+  }
+) {
+  const indicatorTypeTitle = 'Indicator type';
+
+  return getVisualizationSpec('Findings data overview', visualizationData, [
+    addInteractiveLegends({
+      mark: {
+        type: 'bar',
+        clip: true,
+      },
+      encoding: {
+        tooltip: [
+          getYAxis('finding', 'Findings'),
+          getTimeTooltip(dateOpts),
+          {
+            field: groupBy,
+            title: indicatorTypeTitle,
+          },
+        ],
+        x: getXAxis(dateOpts),
+        y: getYAxis('finding', 'Count'),
+        color: {
+          field: groupBy,
+          title: indicatorTypeTitle,
+          scale: {
+            range: euiPaletteColorBlind(),
+          },
+        },
+      },
+    }),
+  ]);
+}
+
 export function getAlertsVisualizationSpec(
   visualizationData: any[],
   groupBy: string,
diff --git a/public/pages/Rules/containers/ImportRule/ImportRule.tsx b/public/pages/Rules/containers/ImportRule/ImportRule.tsx
index 4656ade44..6578ad88e 100644
--- a/public/pages/Rules/containers/ImportRule/ImportRule.tsx
+++ b/public/pages/Rules/containers/ImportRule/ImportRule.tsx
@@ -30,7 +30,7 @@ export const ImportRule: React.FC<ImportRuleProps> = ({ history, services, notif
     setFileError('');
 
     if (!!files?.item(0)) {
-      let reader = new FileReader();
+      const reader = new FileReader();
       reader.readAsText(files[0]);
       reader.onload = function () {
         try {
diff --git a/public/pages/ThreatIntel/components/ConfigureThreatIntelAlertTriggers/ConfigureThreatIntelAlertTriggers.tsx b/public/pages/ThreatIntel/components/ConfigureThreatIntelAlertTriggers/ConfigureThreatIntelAlertTriggers.tsx
new file mode 100644
index 000000000..63dd0f986
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ConfigureThreatIntelAlertTriggers/ConfigureThreatIntelAlertTriggers.tsx
@@ -0,0 +1,98 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { NotificationChannelTypeOptions, ThreatIntelAlertTrigger } from '../../../../../types';
+import React, { useCallback, useEffect, useState } from 'react';
+import { ThreatIntelAlertTriggerForm } from '../ThreatIntelAlertTriggerForm/ThreatIntelAlertTriggerForm';
+import {
+  getNotificationChannels,
+  parseNotificationChannelsToOptions,
+} from '../../../CreateDetector/components/ConfigureAlerts/utils/helpers';
+import { NotificationsService } from '../../../../services';
+import { EuiButton, EuiPanel, EuiSpacer, EuiTitle } from '@elastic/eui';
+import { ThreatIntelIocType } from '../../../../../common/constants';
+import { getEmptyThreatIntelAlertTrigger } from '../../utils/helpers';
+
+export interface ConfigureThreatIntelAlertTriggersProps {
+  alertTriggers: ThreatIntelAlertTrigger[];
+  notificationsService: NotificationsService;
+  enabledIocTypes: ThreatIntelIocType[];
+  logSources: string[];
+  getNextTriggerName: () => string;
+  updateTriggers: (alertTriggers: ThreatIntelAlertTrigger[]) => void;
+}
+
+export const ConfigureThreatIntelAlertTriggers: React.FC<ConfigureThreatIntelAlertTriggersProps> = ({
+  alertTriggers,
+  enabledIocTypes,
+  logSources,
+  notificationsService,
+  getNextTriggerName,
+  updateTriggers,
+}) => {
+  const [loadingNotificationChannels, setLoadingNotificationChannels] = useState(false);
+  const [notificationChannels, setNotificationChannels] = useState<
+    NotificationChannelTypeOptions[]
+  >([]);
+
+  const updateNotificationChannels = useCallback(async () => {
+    setLoadingNotificationChannels(true);
+    const channels = await getNotificationChannels(notificationsService);
+    const parsedChannels = parseNotificationChannelsToOptions(channels);
+    setNotificationChannels(parsedChannels);
+    setLoadingNotificationChannels(false);
+  }, [notificationsService]);
+
+  useEffect(() => {
+    updateNotificationChannels();
+  }, [notificationsService]);
+
+  const onDeleteTrigger = (triggerIdx: number) => {
+    const newTriggers = [...alertTriggers];
+    newTriggers.splice(triggerIdx, 1);
+    updateTriggers(newTriggers);
+  };
+
+  const onTriggerUpdate = (trigger: ThreatIntelAlertTrigger, triggerIdx: number) => {
+    const newTriggers = [
+      ...alertTriggers.slice(0, triggerIdx),
+      trigger,
+      ...alertTriggers.slice(triggerIdx + 1),
+    ];
+
+    updateTriggers(newTriggers);
+  };
+
+  return (
+    <EuiPanel>
+      <EuiTitle size="s">
+        <h2>Set up alert triggers</h2>
+      </EuiTitle>
+      <EuiSpacer />
+      {alertTriggers.map((trigger, idx) => {
+        return (
+          <ThreatIntelAlertTriggerForm
+            allNotificationChannels={notificationChannels}
+            loadingNotifications={loadingNotificationChannels}
+            enabledIocTypes={enabledIocTypes}
+            logSources={logSources}
+            onDeleteTrgger={() => onDeleteTrigger(idx)}
+            refreshNotificationChannels={updateNotificationChannels}
+            trigger={trigger}
+            updateTrigger={(trigger) => onTriggerUpdate(trigger, idx)}
+          />
+        );
+      })}
+      <EuiSpacer />
+      <EuiButton
+        onClick={() => {
+          updateTriggers([...alertTriggers, getEmptyThreatIntelAlertTrigger(getNextTriggerName())]);
+        }}
+      >
+        Add another alert trigger
+      </EuiButton>
+    </EuiPanel>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/IoCsTable/IoCsTable.tsx b/public/pages/ThreatIntel/components/IoCsTable/IoCsTable.tsx
new file mode 100644
index 000000000..5ba498eec
--- /dev/null
+++ b/public/pages/ThreatIntel/components/IoCsTable/IoCsTable.tsx
@@ -0,0 +1,62 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React from 'react';
+import { EuiBasicTableColumn, EuiInMemoryTable, EuiPanel, EuiSpacer, EuiText } from '@elastic/eui';
+import { ThreatIntelIocData } from '../../../../../types';
+import { renderTime } from '../../../../utils/helpers';
+
+export interface IoCsTableProps {
+  sourceId?: string;
+  loadingIoCs: boolean;
+  iocs: ThreatIntelIocData[];
+}
+
+export const IoCsTable: React.FC<IoCsTableProps> = ({ sourceId, iocs, loadingIoCs }) => {
+  const columns: EuiBasicTableColumn<ThreatIntelIocData>[] = [
+    {
+      name: 'Value',
+      field: 'value',
+    },
+    {
+      name: 'Type',
+      field: 'type',
+    },
+    {
+      name: 'IoC matches',
+      field: 'num_findings',
+    },
+    {
+      name: 'Created',
+      field: 'created',
+      render: (timestamp: number | string) => renderTime(timestamp),
+    },
+    {
+      name: 'Threat severity',
+      field: 'severity',
+    },
+    {
+      name: 'Last updated',
+      field: 'modified',
+      render: (timestamp: number | string) => renderTime(timestamp),
+    },
+  ];
+
+  return (
+    <EuiPanel>
+      <EuiText>
+        <span>{iocs.length} malicious IoCs</span>
+      </EuiText>
+      <EuiSpacer />
+      <EuiInMemoryTable
+        columns={columns}
+        items={iocs}
+        search
+        pagination
+        loading={!sourceId || loadingIoCs}
+      />
+    </EuiPanel>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/SelectLogSourcesForm/SelectThreatIntelLogSourcesForm.tsx b/public/pages/ThreatIntel/components/SelectLogSourcesForm/SelectThreatIntelLogSourcesForm.tsx
new file mode 100644
index 000000000..6e4d35cb0
--- /dev/null
+++ b/public/pages/ThreatIntel/components/SelectLogSourcesForm/SelectThreatIntelLogSourcesForm.tsx
@@ -0,0 +1,337 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiAccordion,
+  EuiBadge,
+  EuiButton,
+  EuiButtonEmpty,
+  EuiCheckbox,
+  EuiComboBox,
+  EuiComboBoxOptionOption,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormRow,
+  EuiPanel,
+  EuiPopover,
+  EuiSpacer,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import { IocLabel, ThreatIntelIocType } from '../../../../../common/constants';
+import React, { useCallback, useEffect, useState } from 'react';
+import { LogSourceIocConfig, ThreatIntelLogSource } from '../../../../../types';
+import { Interval } from '../../../CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval';
+import { getDataSources, getFieldsForIndex } from '../../../../utils/helpers';
+import { useContext } from 'react';
+import { SecurityAnalyticsContext } from '../../../../services';
+import { NotificationsStart } from 'opensearch-dashboards/public';
+import { IndexOption } from '../../../Detectors/models/interfaces';
+import { PeriodSchedule } from '../../../../../models/interfaces';
+
+export interface SelectThreatIntelLogSourcesProps {
+  sources: ThreatIntelLogSource[];
+  schedule: PeriodSchedule;
+  notifications: NotificationsStart;
+  updateSources: (sources: ThreatIntelLogSource[]) => void;
+  updateSchedule: (schedule: PeriodSchedule) => void;
+}
+
+export const SelectThreatIntelLogSources: React.FC<SelectThreatIntelLogSourcesProps> = ({
+  sources,
+  notifications,
+  schedule,
+  updateSources,
+  updateSchedule,
+}) => {
+  const saContext = useContext(SecurityAnalyticsContext);
+  const [loadingLogSourceOptions, setLoadingLogSourceOptions] = useState(false);
+  const [logSourceOptions, setLogSourceOptions] = useState<EuiComboBoxOptionOption<string>[]>([]);
+  const [logSourceMappingByName, setLogSourceMappingByName] = useState<Record<string, any>>({});
+  const [iocInfoWithAddFieldOpen, setIocInfoWithAddFieldOpen] = useState<
+    { sourceName: string; ioc: string; selectedFields: string[] } | undefined
+  >(undefined);
+
+  const getLogFields = useCallback(
+    async (indexName: string) => {
+      if (saContext && !logSourceMappingByName[indexName]) {
+        getFieldsForIndex(saContext.services.indexService, indexName).then((fields) => {
+          setLogSourceMappingByName({
+            ...logSourceMappingByName,
+            [indexName]: fields,
+          });
+        });
+      }
+    },
+    [saContext, logSourceMappingByName]
+  );
+  const [selectedSourcesMap, setSelectedSourcesMap] = useState(() => {
+    const selectedSourcesByName: Map<string, ThreatIntelLogSource> = new Map();
+    sources.forEach((source) => {
+      selectedSourcesByName.set(source.name, source);
+      getLogFields(source.name);
+    });
+    return selectedSourcesByName;
+  });
+
+  useEffect(() => {
+    const getLogSourceOptions = async () => {
+      if (saContext) {
+        setLoadingLogSourceOptions(true);
+        const res = await getDataSources(saContext.services.indexService, notifications);
+        if (res.ok) {
+          setLogSourceOptions(res.dataSources);
+        }
+        setLoadingLogSourceOptions(false);
+      }
+    };
+
+    getLogSourceOptions();
+  }, [saContext]);
+
+  const onIocToggle = (
+    source: ThreatIntelLogSource,
+    toggledIoc: ThreatIntelIocType,
+    enabled: boolean
+  ) => {
+    const newSelectedSourcesMap = new Map(selectedSourcesMap);
+    newSelectedSourcesMap.get(source.name)!.iocConfigMap = {
+      ...source.iocConfigMap,
+      [toggledIoc]: {
+        fieldAliases: [],
+        ...source.iocConfigMap[toggledIoc],
+        enabled,
+      },
+    };
+
+    setSelectedSourcesMap(newSelectedSourcesMap);
+    updateSources?.(Array.from(newSelectedSourcesMap.values()));
+  };
+
+  const onFieldAliasRemove = (
+    source: ThreatIntelLogSource,
+    ioc: ThreatIntelIocType,
+    alias: string
+  ) => {
+    const aliasesSet = new Set(source.iocConfigMap[ioc]?.fieldAliases || []);
+    aliasesSet.delete(alias);
+
+    updateAliases(source, ioc, Array.from(aliasesSet));
+  };
+
+  const onFieldAliasesAdd = (source: ThreatIntelLogSource, ioc: ThreatIntelIocType) => {
+    const newFieldAliasesSet = new Set([...(source.iocConfigMap[ioc]?.fieldAliases || [])]);
+    iocInfoWithAddFieldOpen?.selectedFields.forEach((field) => newFieldAliasesSet.add(field));
+    updateAliases(source, ioc, Array.from(newFieldAliasesSet));
+    setIocInfoWithAddFieldOpen(undefined);
+  };
+
+  const onFieldAliasesSelect = (aliases: string[]) => {
+    setIocInfoWithAddFieldOpen({
+      ...iocInfoWithAddFieldOpen!,
+      selectedFields: aliases,
+    });
+  };
+
+  const updateAliases = (
+    source: ThreatIntelLogSource,
+    ioc: ThreatIntelIocType,
+    fieldAliases: string[]
+  ) => {
+    const newSelectedSourcesMap = new Map(selectedSourcesMap);
+    newSelectedSourcesMap.get(source.name)!.iocConfigMap = {
+      ...source.iocConfigMap,
+      [ioc]: {
+        ...source.iocConfigMap[ioc],
+        fieldAliases,
+      },
+    };
+
+    setSelectedSourcesMap(newSelectedSourcesMap);
+    updateSources?.(Array.from(newSelectedSourcesMap.values()));
+  };
+
+  const onLogSourceSelectionChange = (options: EuiComboBoxOptionOption<string>[]) => {
+    const newSelectedSourcesMap: Map<string, ThreatIntelLogSource> = new Map();
+
+    options.forEach(({ label }) => {
+      if (selectedSourcesMap.get(label)) {
+        newSelectedSourcesMap.set(label, selectedSourcesMap.get(label)!);
+      } else {
+        newSelectedSourcesMap.set(label, {
+          name: label,
+          iocConfigMap: {},
+        });
+      }
+      getLogFields(label);
+    });
+
+    setSelectedSourcesMap(newSelectedSourcesMap);
+    updateSources?.(Array.from(newSelectedSourcesMap.values()));
+  };
+
+  return (
+    <EuiPanel>
+      <EuiTitle size="s">
+        <h2>Configure logs scan</h2>
+      </EuiTitle>
+      <EuiSpacer />
+      <EuiFormRow
+        label="Select Indexes/Aliases"
+        helpText="Using indexes and aliases is recommended for more precise field mapping"
+      >
+        <EuiComboBox
+          options={logSourceOptions}
+          placeholder={'Select an input source for the detector.'}
+          isLoading={loadingLogSourceOptions}
+          selectedOptions={sources.map(({ name }) => ({ label: name }))}
+          onChange={onLogSourceSelectionChange}
+          isClearable={true}
+          data-test-subj={'define-detector-select-data-source'}
+          renderOption={(option: IndexOption) => {
+            return option.index ? `${option.label} (${option.index})` : option.label;
+          }}
+        />
+      </EuiFormRow>
+      <EuiSpacer size="xxl" />
+      <EuiTitle size="s">
+        <h4>Select fields to scan</h4>
+      </EuiTitle>
+      <EuiText color="subdued">
+        <p>
+          To perform detection the IoC from threat intelligence feeds have to be matched against
+          selected fields in your data.
+        </p>
+      </EuiText>
+      <EuiSpacer />
+
+      {selectedSourcesMap.size === 0 ? (
+        <EuiText>
+          <p>
+            Select <b>indexes/aliases</b> above to view the fields.
+          </p>
+        </EuiText>
+      ) : (
+        Array.from(selectedSourcesMap.values()).map((source, idx) => {
+          const { name, iocConfigMap } = source;
+          return (
+            <>
+              <EuiAccordion
+                key={name}
+                id={name}
+                buttonContent={name}
+                initialIsOpen={true}
+                paddingSize="l"
+              >
+                <div style={{ marginTop: -20 }}>
+                  {Object.values(ThreatIntelIocType).map((iocType) => {
+                    const iocEnabled = iocConfigMap[iocType as ThreatIntelIocType]?.enabled;
+                    const [ioc, config]: [ThreatIntelIocType, LogSourceIocConfig] = [
+                      iocType as ThreatIntelIocType,
+                      iocConfigMap[iocType as ThreatIntelIocType] ?? {
+                        enabled: false,
+                        fieldAliases: [],
+                      },
+                    ];
+
+                    return (
+                      <EuiFlexGroup key={ioc} alignItems="center" gutterSize="s">
+                        <EuiFlexItem grow={1}>
+                          <EuiCheckbox
+                            id={`${name}-${ioc}`}
+                            label={IocLabel[ioc]}
+                            checked={iocEnabled}
+                            onChange={(event) => onIocToggle(source, ioc, event.target.checked)}
+                          />
+                        </EuiFlexItem>
+                        <EuiFlexItem grow={7}>
+                          <EuiFlexGroup gutterSize="s" alignItems="center">
+                            {config.fieldAliases.map((alias) => (
+                              <EuiFlexItem grow={false} key={alias}>
+                                <EuiBadge
+                                  key={alias}
+                                  color="hollow"
+                                  iconType="cross"
+                                  iconSide="right"
+                                  iconOnClickAriaLabel="Remove field alias"
+                                  iconOnClick={() => onFieldAliasRemove(source, ioc, alias)}
+                                >
+                                  {alias}
+                                </EuiBadge>
+                              </EuiFlexItem>
+                            ))}
+                            <EuiFlexItem grow={false}>
+                              <EuiPopover
+                                button={
+                                  <EuiButtonEmpty
+                                    iconType={'plus'}
+                                    onClick={() =>
+                                      setIocInfoWithAddFieldOpen({
+                                        ioc: ioc,
+                                        sourceName: name,
+                                        selectedFields:
+                                          iocInfoWithAddFieldOpen?.selectedFields || [],
+                                      })
+                                    }
+                                  >
+                                    Add fields
+                                  </EuiButtonEmpty>
+                                }
+                                panelPaddingSize="s"
+                                closePopover={() => setIocInfoWithAddFieldOpen(undefined)}
+                                isOpen={
+                                  iocInfoWithAddFieldOpen &&
+                                  iocInfoWithAddFieldOpen.sourceName === name &&
+                                  iocInfoWithAddFieldOpen.ioc === ioc
+                                }
+                              >
+                                <EuiComboBox
+                                  style={{ minWidth: 300 }}
+                                  options={logSourceMappingByName[source.name]}
+                                  onChange={(options) =>
+                                    onFieldAliasesSelect(options.map(({ label }) => label))
+                                  }
+                                  selectedOptions={iocInfoWithAddFieldOpen?.selectedFields.map(
+                                    (field) => ({ label: field })
+                                  )}
+                                />
+                                <EuiSpacer />
+                                <EuiFlexGroup gutterSize="s" justifyContent="flexEnd">
+                                  <EuiFlexItem grow={false}>
+                                    <EuiButtonEmpty>Cancel</EuiButtonEmpty>
+                                  </EuiFlexItem>
+                                  <EuiFlexItem grow={false}>
+                                    <EuiButton fill onClick={() => onFieldAliasesAdd(source, ioc)}>
+                                      Add fields
+                                    </EuiButton>
+                                  </EuiFlexItem>
+                                </EuiFlexGroup>
+                              </EuiPopover>
+                            </EuiFlexItem>
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    );
+                  })}
+                </div>
+              </EuiAccordion>
+              <EuiSpacer />
+            </>
+          );
+        })
+      )}
+
+      <EuiSpacer />
+      <EuiTitle size="s">
+        <h4>Scan schedule</h4>
+      </EuiTitle>
+      <EuiText color="subdued">
+        <p>Define the frequency of the log scan execution.</p>
+      </EuiText>
+      <EuiSpacer />
+      <Interval label={'Run scan every'} schedule={schedule} onScheduleChange={updateSchedule} />
+    </EuiPanel>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/ThreatIntelAlertTriggerForm/ThreatIntelAlertTriggerForm.tsx b/public/pages/ThreatIntel/components/ThreatIntelAlertTriggerForm/ThreatIntelAlertTriggerForm.tsx
new file mode 100644
index 000000000..b19b265f0
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ThreatIntelAlertTriggerForm/ThreatIntelAlertTriggerForm.tsx
@@ -0,0 +1,174 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiAccordion,
+  EuiButtonIcon,
+  EuiComboBox,
+  EuiComboBoxOptionOption,
+  EuiFieldText,
+  EuiFormRow,
+  EuiSpacer,
+} from '@elastic/eui';
+import { NotificationChannelTypeOptions, ThreatIntelAlertTrigger } from '../../../../../types';
+import React from 'react';
+import { NotificationForm } from '../../../../components/Notifications/NotificationForm';
+import { ThreatIntelIocType } from '../../../../../common/constants';
+import { ALERT_SEVERITY_OPTIONS } from '../../../CreateDetector/components/ConfigureAlerts/utils/constants';
+import { parseAlertSeverityToOption } from '../../../CreateDetector/components/ConfigureAlerts/utils/helpers';
+import { AlertSeverity } from '../../../Alerts/utils/constants';
+
+export interface ThreatIntelAlertTriggerProps {
+  allNotificationChannels: NotificationChannelTypeOptions[];
+  loadingNotifications: boolean;
+  trigger: ThreatIntelAlertTrigger;
+  enabledIocTypes: ThreatIntelIocType[];
+  logSources: string[];
+  onDeleteTrgger: () => void;
+  refreshNotificationChannels: () => void;
+  updateTrigger: (trigger: ThreatIntelAlertTrigger) => void;
+}
+
+export const ThreatIntelAlertTriggerForm: React.FC<ThreatIntelAlertTriggerProps> = ({
+  allNotificationChannels,
+  loadingNotifications,
+  trigger,
+  enabledIocTypes,
+  logSources,
+  onDeleteTrgger,
+  refreshNotificationChannels,
+  updateTrigger,
+}) => {
+  const onChannelsChange = (selectedOptions: EuiComboBoxOptionOption<string>[]) => {
+    updateTrigger({
+      ...trigger,
+      actions: [
+        {
+          ...trigger.actions[0],
+          destination_id: selectedOptions[0]?.value || '',
+        },
+      ],
+    });
+  };
+
+  const onMessageSubjectChange = (subject: string) => {
+    updateTrigger({
+      ...trigger,
+      actions: [
+        {
+          ...trigger.actions[0],
+          name: subject,
+          subject_template: {
+            ...trigger.actions[0].subject_template,
+            source: subject,
+          },
+        },
+      ],
+    });
+  };
+
+  const onMessageBodyChange = (message: string) => {
+    updateTrigger({
+      ...trigger,
+      actions: [
+        {
+          ...trigger.actions[0],
+          message_template: {
+            ...trigger.actions[0].message_template,
+            source: message,
+          },
+        },
+      ],
+    });
+  };
+
+  const prepareMessage = () => {};
+
+  return (
+    <EuiAccordion
+      id="threat-intel-trigger"
+      initialIsOpen={true}
+      buttonContent={trigger.name}
+      extraAction={<EuiButtonIcon iconType={'trash'} onClick={onDeleteTrgger} />}
+      paddingSize="l"
+    >
+      <EuiFormRow>
+        <EuiFieldText
+          placeholder="Trigger name"
+          value={trigger.name}
+          onChange={(event) => {
+            updateTrigger({
+              ...trigger,
+              name: event.target.value,
+            });
+          }}
+        />
+      </EuiFormRow>
+      <EuiSpacer />
+      <EuiAccordion
+        id={'threat-intel-trigger-condition'}
+        buttonContent="Trigger condition"
+        initialIsOpen={true}
+        paddingSize="l"
+      >
+        <EuiFormRow label="Indicator type(s)">
+          <EuiComboBox
+            placeholder="Any"
+            options={enabledIocTypes.map((ioc) => ({ label: ioc }))}
+            selectedOptions={trigger.ioc_types.map((iocType) => ({ label: iocType }))}
+            onChange={(options) => {
+              updateTrigger({
+                ...trigger,
+                ioc_types: options.map(({ label }) => label),
+              });
+            }}
+          />
+        </EuiFormRow>
+        <EuiSpacer />
+        <EuiFormRow label="Log source(s)">
+          <EuiComboBox
+            placeholder="Any"
+            options={logSources.map((logSource) => ({ label: logSource }))}
+            selectedOptions={trigger.data_sources.map((source) => ({ label: source }))}
+            onChange={(options) => {
+              updateTrigger({
+                ...trigger,
+                data_sources: options.map(({ label }) => label),
+              });
+            }}
+          />
+        </EuiFormRow>
+      </EuiAccordion>
+      <EuiSpacer />
+      <EuiFormRow label="Alert severity">
+        <EuiComboBox
+          singleSelection
+          options={Object.values(ALERT_SEVERITY_OPTIONS)}
+          selectedOptions={[
+            parseAlertSeverityToOption(trigger.severity) ?? ALERT_SEVERITY_OPTIONS.HIGHEST,
+          ]}
+          onChange={(options) => {
+            updateTrigger({
+              ...trigger,
+              severity: (options[0]?.value ||
+                ALERT_SEVERITY_OPTIONS.HIGHEST.value) as AlertSeverity,
+            });
+          }}
+        />
+      </EuiFormRow>
+      <EuiSpacer />
+      <NotificationForm
+        action={trigger.actions[0]}
+        allNotificationChannels={allNotificationChannels}
+        loadingNotifications={loadingNotifications}
+        onChannelsChange={onChannelsChange}
+        onMessageBodyChange={onMessageBodyChange}
+        onMessageSubjectChange={onMessageSubjectChange}
+        prepareMessage={prepareMessage}
+        refreshNotificationChannels={refreshNotificationChannels}
+      />
+    </EuiAccordion>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/ThreatIntelAlertTriggersFlyout/ThreatIntelAlertTriggersFlyout.tsx b/public/pages/ThreatIntel/components/ThreatIntelAlertTriggersFlyout/ThreatIntelAlertTriggersFlyout.tsx
new file mode 100644
index 000000000..b743229fc
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ThreatIntelAlertTriggersFlyout/ThreatIntelAlertTriggersFlyout.tsx
@@ -0,0 +1,155 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiAccordion,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiPanel,
+  EuiSpacer,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import { ThreatIntelAlertTrigger, ThreatIntelAlertTriggerAction } from '../../../../../types';
+import React, { useCallback } from 'react';
+import { IocLabel, ThreatIntelIocType } from '../../../../../common/constants';
+import {
+  DescriptionGroup,
+  DescriptionGroupProps,
+} from '../../../../components/Utility/DescriptionGroup';
+import { getThreatIntelALertSeverityLabel } from '../../utils/helpers';
+import { AlertSeverity } from '../../../Alerts/utils/constants';
+import { ConfigActionButton } from '../Utility/ConfigActionButton';
+import { DEFAULT_EMPTY_DATA } from '../../../../utils/constants';
+
+export interface ThreatIntelAlertTriggersProps {
+  triggers: ThreatIntelAlertTrigger[];
+  threatIntelSourceCount: number;
+  scanConfigActionHandler: () => void;
+}
+
+export const ThreatIntelAlertTriggersFlyout: React.FC<ThreatIntelAlertTriggersProps> = ({
+  triggers,
+  threatIntelSourceCount,
+  scanConfigActionHandler,
+}) => {
+  const getTriggerConditionDetails = (
+    dataSources: string[],
+    indicatorTypes: string[]
+  ): DescriptionGroupProps['listItems'] => {
+    return [
+      {
+        title: 'Indicator type',
+        description: indicatorTypes.join(', ') || 'Any',
+      },
+      {
+        title: 'Log source',
+        description: dataSources.join(', ') || 'Any',
+      },
+    ];
+  };
+
+  const getNotificationConfig = (
+    alertSeverity: AlertSeverity,
+    triggerAction: ThreatIntelAlertTriggerAction
+  ): DescriptionGroupProps['listItems'] => {
+    return [
+      {
+        title: 'Severity',
+        description: getThreatIntelALertSeverityLabel(alertSeverity),
+      },
+      {
+        title: 'Notification channel',
+        description: DEFAULT_EMPTY_DATA,
+      },
+    ];
+  };
+
+  const createTitle = useCallback((text: string) => {
+    return (
+      <>
+        <EuiTitle size="s">
+          <h4>{text}</h4>
+        </EuiTitle>
+        <EuiSpacer />
+      </>
+    );
+  }, []);
+
+  return (
+    <EuiPanel hasBorder={false} hasShadow={false}>
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiTitle>
+            <h4>Alert triggers ({triggers.length})</h4>
+          </EuiTitle>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <ConfigActionButton
+            action={threatIntelSourceCount > 0 && triggers.length ? 'edit' : 'configure'}
+            actionHandler={scanConfigActionHandler}
+            disabled={threatIntelSourceCount === 0}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiSpacer />
+      {triggers.map(({ actions, severity, name, data_sources, ioc_types }, idx) => {
+        const logSourcesCount = data_sources.length === 0 ? 'Any' : data_sources.length.toString();
+        const iocTriggerCondition =
+          ioc_types.length === 0
+            ? 'All types of indicators'
+            : ioc_types.map((iocType) => IocLabel[iocType as ThreatIntelIocType]).join(', ');
+
+        return (
+          <EuiAccordion
+            id={`threat-intel-alert-trigger-${idx}`}
+            key={idx}
+            initialIsOpen={false}
+            buttonContent={
+              <>
+                <EuiTitle size="s">
+                  <h4>{name}</h4>
+                </EuiTitle>
+                <EuiText
+                  color="subdued"
+                  size="s"
+                >{`${logSourcesCount} log sources, ${iocTriggerCondition}`}</EuiText>
+              </>
+            }
+            paddingSize="m"
+          >
+            <DescriptionGroup
+              listItems={[
+                {
+                  title: createTitle('Trigger condition'),
+                  description: (
+                    <DescriptionGroup
+                      listItems={getTriggerConditionDetails(data_sources, ioc_types)}
+                      groupProps={{ justifyContent: 'spaceAround' }}
+                    />
+                  ),
+                },
+              ]}
+            />
+            <EuiSpacer />
+            <DescriptionGroup
+              listItems={[
+                {
+                  title: createTitle('Notification'),
+                  description: (
+                    <DescriptionGroup
+                      listItems={getNotificationConfig(severity, actions[0])}
+                      groupProps={{ justifyContent: 'spaceAround' }}
+                    />
+                  ),
+                },
+              ]}
+            />
+          </EuiAccordion>
+        );
+      })}
+    </EuiPanel>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/ThreatIntelLogScanConfig/ThreatIntelLogScanConfig.tsx b/public/pages/ThreatIntel/components/ThreatIntelLogScanConfig/ThreatIntelLogScanConfig.tsx
new file mode 100644
index 000000000..162416d37
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ThreatIntelLogScanConfig/ThreatIntelLogScanConfig.tsx
@@ -0,0 +1,235 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiButtonEmpty,
+  EuiDescriptionList,
+  EuiEmptyPrompt,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormRow,
+  EuiLink,
+  EuiPanel,
+  EuiSpacer,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import React from 'react';
+import { ConfigActionButton } from '../Utility/ConfigActionButton';
+import { ThreatIntelScanConfig } from '../../../../../types';
+import { deriveFormModelFromConfig } from '../../utils/helpers';
+import { IocLabel, ThreatIntelIocType } from '../../../../../common/constants';
+import { Interval } from '../../../CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval';
+import { ThreatIntelLogSourcesFlyout } from '../ThreatIntelLogSourcesFlyout/ThreatIntelLogSourcesFlyout';
+import { ThreatIntelAlertTriggersFlyout } from '../ThreatIntelAlertTriggersFlyout/ThreatIntelAlertTriggersFlyout';
+
+export interface ThreatIntelLogScanConfigProps {
+  scanConfig?: ThreatIntelScanConfig;
+  threatIntelSourceCount: number;
+  setFlyoutContent: (content: React.ReactNode) => void;
+  addThreatIntelActionHandler: () => void;
+  scanConfigActionHandler: () => void;
+}
+
+export const ThreatIntelLogScanConfig: React.FC<ThreatIntelLogScanConfigProps> = ({
+  scanConfig,
+  threatIntelSourceCount,
+  addThreatIntelActionHandler,
+  scanConfigActionHandler,
+  setFlyoutContent,
+}) => {
+  if (threatIntelSourceCount === 0) {
+    return (
+      <EuiPanel>
+        <EuiEmptyPrompt
+          title={
+            <p>
+              Configure log scan after{' '}
+              <EuiLink onClick={addThreatIntelActionHandler}>adding a threat intel source</EuiLink>.
+            </p>
+          }
+          titleSize="xs"
+        />
+      </EuiPanel>
+    );
+  }
+
+  if (!scanConfig) {
+    return (
+      <EuiPanel>
+        <EuiEmptyPrompt
+          title={
+            <p>
+              <EuiLink onClick={scanConfigActionHandler}>Configure scan</EuiLink> to monitor threats
+              using the threat intel sources.
+            </p>
+          }
+          titleSize="xs"
+        />
+      </EuiPanel>
+    );
+  }
+
+  const { logSources, schedule, triggers } = deriveFormModelFromConfig(scanConfig);
+
+  return (
+    <EuiPanel>
+      <EuiFlexGroup alignItems="flexStart">
+        <EuiFlexItem>
+          <EuiTitle>
+            <h4>Log sources</h4>
+          </EuiTitle>
+          <EuiSpacer size="xs" />
+          <EuiText color="subdued">
+            <span>
+              To perform detection the IoC from threat intelligence feeds have to be matched against
+              selected fields in your data.
+            </span>
+          </EuiText>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <ConfigActionButton
+            action={logSources.length > 0 ? 'edit' : 'configure'}
+            actionHandler={scanConfigActionHandler}
+            disabled={threatIntelSourceCount === 0}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiSpacer />
+      {logSources.length > 0 && (
+        <>
+          <EuiFlexGroup>
+            <EuiFlexItem grow={1}>
+              <EuiDescriptionList
+                listItems={[
+                  {
+                    title: `Log sources (${logSources.length})`,
+                    description: `Select indexes, aliases and wildcard patterns that 
+                  are being scanned for the matches with the known malicious activity indicators`,
+                  },
+                ]}
+              />
+            </EuiFlexItem>
+            <EuiFlexItem grow={2} style={{ marginLeft: 100 }}>
+              <EuiFlexGroup direction="column" alignItems="flexStart" gutterSize="xs">
+                {logSources.slice(0, 3).map((source) => {
+                  return (
+                    <EuiFlexItem grow={false}>
+                      <EuiDescriptionList
+                        key={source.name}
+                        listItems={[
+                          {
+                            title: source.name,
+                            description: Object.keys(source.iocConfigMap)
+                              .map((iocType) => IocLabel[iocType as ThreatIntelIocType])
+                              .join(', '),
+                          },
+                        ]}
+                      />
+                    </EuiFlexItem>
+                  );
+                })}
+                {logSources.length > 0 && (
+                  <EuiFlexItem grow={false}>
+                    <EuiButtonEmpty
+                      onClick={() => {
+                        setFlyoutContent(
+                          <ThreatIntelLogSourcesFlyout
+                            logSources={logSources}
+                            scanConfigActionHandler={scanConfigActionHandler}
+                            threatIntelSourceCount={threatIntelSourceCount}
+                          />
+                        );
+                      }}
+                    >
+                      View {logSources.length} log sources
+                    </EuiButtonEmpty>
+                  </EuiFlexItem>
+                )}
+              </EuiFlexGroup>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+          <EuiSpacer size="xxl" />
+          <EuiFlexGroup>
+            <EuiFlexItem grow={1}>
+              <EuiDescriptionList
+                listItems={[
+                  {
+                    title: 'Scan schedule',
+                    description: 'Define the frequency of the log scan execution.',
+                  },
+                ]}
+              />
+            </EuiFlexItem>
+            <EuiFlexItem grow={2} style={{ marginLeft: 100 }}>
+              <EuiFormRow label="Scan runs every">
+                <Interval schedule={schedule} readonly onScheduleChange={() => {}} />
+              </EuiFormRow>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+          <EuiSpacer size="xxl" />
+          <EuiFlexGroup>
+            <EuiFlexItem grow={1}>
+              <EuiDescriptionList
+                listItems={[
+                  {
+                    title: `Alert triggers (${triggers.length})`,
+                    description:
+                      'Set up alert triggers to get notified on the matches with threat intel sources in your log sources.',
+                  },
+                ]}
+              />
+            </EuiFlexItem>
+            <EuiFlexItem grow={2} style={{ marginLeft: 100 }}>
+              <EuiFlexGroup gutterSize="s" direction="column" alignItems="flexStart">
+                {triggers.slice(0, 3).map(({ name, data_sources, ioc_types }) => {
+                  const logSourcesCount =
+                    data_sources.length === 0 ? 'Any' : data_sources.length.toString();
+                  const iocTriggerCondition =
+                    ioc_types.length === 0
+                      ? 'All types of indicators'
+                      : ioc_types
+                          .map((iocType) => IocLabel[iocType as ThreatIntelIocType])
+                          .join(', ');
+
+                  return (
+                    <EuiFlexItem key={name}>
+                      <EuiDescriptionList
+                        listItems={[
+                          {
+                            title: name,
+                            description: `${logSourcesCount} log sources, ${iocTriggerCondition}`,
+                          },
+                        ]}
+                      />
+                    </EuiFlexItem>
+                  );
+                })}
+                {triggers.length > 0 && (
+                  <EuiFlexItem grow={false}>
+                    <EuiButtonEmpty
+                      size="s"
+                      onClick={() => {
+                        setFlyoutContent(
+                          <ThreatIntelAlertTriggersFlyout
+                            triggers={triggers}
+                            threatIntelSourceCount={threatIntelSourceCount}
+                            scanConfigActionHandler={scanConfigActionHandler}
+                          />
+                        );
+                      }}
+                    >
+                      View {triggers.length} triggers
+                    </EuiButtonEmpty>
+                  </EuiFlexItem>
+                )}
+              </EuiFlexGroup>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </>
+      )}
+    </EuiPanel>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/ThreatIntelLogSourcesFlyout/ThreatIntelLogSourcesFlyout.tsx b/public/pages/ThreatIntel/components/ThreatIntelLogSourcesFlyout/ThreatIntelLogSourcesFlyout.tsx
new file mode 100644
index 000000000..72a1f3666
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ThreatIntelLogSourcesFlyout/ThreatIntelLogSourcesFlyout.tsx
@@ -0,0 +1,78 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiBasicTableColumn,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiInMemoryTable,
+  EuiPanel,
+  EuiSpacer,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import { ThreatIntelLogSource } from '../../../../../types';
+import React, { useMemo } from 'react';
+import { ConfigActionButton } from '../Utility/ConfigActionButton';
+
+export interface ThreatIntelLogSourcesProps {
+  logSources: ThreatIntelLogSource[];
+  threatIntelSourceCount: number;
+  scanConfigActionHandler: () => void;
+}
+
+export const ThreatIntelLogSourcesFlyout: React.FC<ThreatIntelLogSourcesProps> = ({
+  logSources,
+  threatIntelSourceCount,
+  scanConfigActionHandler,
+}) => {
+  const columns: EuiBasicTableColumn<ThreatIntelLogSource>[] = useMemo(
+    () => [
+      {
+        field: 'name',
+        name: 'Index/Alias',
+        render: (name: string) => <EuiText>{name}</EuiText>,
+      },
+      {
+        name: 'Indicator types',
+        render: ({ iocConfigMap }: ThreatIntelLogSource) => {
+          return Object.entries(iocConfigMap)
+            .map(([ioc]) => ioc)
+            .join(', ');
+        },
+      },
+    ],
+    []
+  );
+
+  return (
+    <EuiPanel hasBorder={false} hasShadow={false}>
+      <EuiSpacer size="m" />
+      <EuiFlexGroup alignItems="flexStart">
+        <EuiFlexItem>
+          <EuiTitle>
+            <h4>Log sources</h4>
+          </EuiTitle>
+          <EuiSpacer size="xs" />
+          <EuiText color="subdued">
+            <span>
+              To perform detection the IoC from threat intelligence feeds have to be matched against
+              selected fields in your data.
+            </span>
+          </EuiText>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <ConfigActionButton
+            action={threatIntelSourceCount > 0 && logSources.length ? 'edit' : 'configure'}
+            actionHandler={scanConfigActionHandler}
+            disabled={threatIntelSourceCount === 0}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiSpacer />
+      <EuiInMemoryTable columns={columns} items={logSources} pagination search />
+    </EuiPanel>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/ThreatIntelOverviewActions/ThreatIntelOverviewActions.tsx b/public/pages/ThreatIntel/components/ThreatIntelOverviewActions/ThreatIntelOverviewActions.tsx
new file mode 100644
index 000000000..b5ed17338
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ThreatIntelOverviewActions/ThreatIntelOverviewActions.tsx
@@ -0,0 +1,122 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React from 'react';
+import { EuiButton, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import { StatusWithIndicator } from '../../../../components/Utility/StatusWithIndicator';
+import { RouteComponentProps } from 'react-router-dom';
+import { ROUTES } from '../../../../utils/constants';
+import { ThreatIntelScanConfig } from '../../../../../types';
+import { ConfigureThreatIntelScanStep } from '../../utils/constants';
+
+export interface ThreatIntelOverviewActionsProps {
+  sourceCount: number;
+  scanConfig?: ThreatIntelScanConfig;
+  history: RouteComponentProps['history'];
+}
+
+const statusByScanState = {
+  notRunning: <StatusWithIndicator text="Real-time scan not running" indicatorColor="text" />,
+  running: <StatusWithIndicator text="Real-time scan running" indicatorColor="success" />,
+  stopped: <StatusWithIndicator text="Real-time scan stopped" indicatorColor="text" />,
+};
+
+export const ThreatIntelOverviewActions: React.FC<ThreatIntelOverviewActionsProps> = ({
+  sourceCount,
+  scanConfig,
+  history,
+}) => {
+  const scanIsSetup = !!scanConfig;
+  const scanRunning = scanIsSetup && scanConfig.enabled;
+  const alertTriggerSetup = scanIsSetup && scanConfig.triggers.length > 0;
+
+  let status: React.ReactNode = null;
+  let actions = [];
+
+  if (sourceCount === 0) {
+    status = statusByScanState['notRunning'];
+    actions.push({
+      label: 'Configure scan',
+      disabled: true,
+      fill: true,
+      onClick: () => {},
+    });
+  } else if (!scanIsSetup) {
+    status = statusByScanState['notRunning'];
+    actions.push({
+      label: 'Configure scan',
+      disabled: false,
+      fill: true,
+      onClick: () => {
+        history.push({
+          pathname: ROUTES.THREAT_INTEL_CREATE_SCAN_CONFIG,
+        });
+      },
+    });
+  } else if (scanRunning) {
+    status = statusByScanState['running'];
+    actions.push({
+      label: 'View findings',
+      disabled: false,
+      fill: false,
+      onClick: () => {
+        history.push({
+          pathname: ROUTES.FINDINGS,
+          search: '?detectionType=Threat intelligence',
+        });
+      },
+    });
+
+    if (!alertTriggerSetup) {
+      actions.push({
+        label: 'Set up alerts',
+        disabled: false,
+        fill: true,
+        onClick: () => {
+          history.push({
+            pathname: ROUTES.THREAT_INTEL_EDIT_SCAN_CONFIG,
+            state: {
+              scanConfig,
+              step: ConfigureThreatIntelScanStep.SetupAlertTriggers,
+            },
+          });
+        },
+      });
+    } else {
+      actions.push({
+        label: 'View alerts',
+        disabled: false,
+        fill: false,
+        onClick: () => {
+          history.push({
+            pathname: ROUTES.ALERTS,
+            search: '?detectionType=Threat intelligence',
+          });
+        },
+      });
+    }
+  } else {
+    status = statusByScanState['stopped'];
+    actions.push({
+      label: 'Start scan',
+      disabled: false,
+      fill: true,
+      onClick: () => {},
+    });
+  }
+
+  return (
+    <EuiFlexGroup alignItems="center" gutterSize="m">
+      <EuiFlexItem>{status}</EuiFlexItem>
+      {actions.map((action, idx) => (
+        <EuiFlexItem grow={false} key={idx}>
+          <EuiButton fill={action.fill} disabled={action.disabled} onClick={action.onClick}>
+            {action.label}
+          </EuiButton>
+        </EuiFlexItem>
+      ))}
+    </EuiFlexGroup>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/ThreatIntelSourceDetails/ThreatIntelSourceDetails.tsx b/public/pages/ThreatIntel/components/ThreatIntelSourceDetails/ThreatIntelSourceDetails.tsx
new file mode 100644
index 000000000..7f536608a
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ThreatIntelSourceDetails/ThreatIntelSourceDetails.tsx
@@ -0,0 +1,386 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React, { useEffect, useState } from 'react';
+import {
+  EuiBottomBar,
+  EuiButton,
+  EuiCheckboxGroup,
+  EuiFieldText,
+  EuiFilePicker,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormLabel,
+  EuiFormRow,
+  EuiPanel,
+  EuiSpacer,
+  EuiSwitch,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import { Interval } from '../../../CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval';
+import {
+  FileUploadSource,
+  S3ConnectionSource,
+  ThreatIntelS3CustomSourcePayload,
+  ThreatIntelSourceItem,
+  ThreatIntelSourcePayload,
+} from '../../../../../types';
+import { defaultIntervalUnitOptions } from '../../../../utils/constants';
+import { readIocsFromFile, threatIntelSourceItemToBasePayload } from '../../utils/helpers';
+import { ThreatIntelService } from '../../../../services';
+import { ThreatIntelIocType } from '../../../../../common/constants';
+import { PeriodSchedule } from '../../../../../models/interfaces';
+
+export interface ThreatIntelSourceDetailsProps {
+  sourceItem: ThreatIntelSourceItem;
+  threatIntelService: ThreatIntelService;
+  onSourceUpdate: () => void;
+}
+
+export const ThreatIntelSourceDetails: React.FC<ThreatIntelSourceDetailsProps> = ({
+  sourceItem,
+  threatIntelService,
+  onSourceUpdate,
+}) => {
+  const [isReadOnly, setIsReadOnly] = useState(true);
+  const [sourceItemState, setSourceItemState] = useState(sourceItem);
+  const [s3ConnectionDetails, setS3ConnectionDetails] = useState<S3ConnectionSource>(
+    sourceItem.source as S3ConnectionSource
+  );
+  const [fileUploadSource, setFileUploadSource] = useState<FileUploadSource>(
+    sourceItem.source as FileUploadSource
+  );
+  const { id, description, name, ioc_types, enabled, type } = sourceItemState;
+  const [schedule, setSchedule] = useState<ThreatIntelS3CustomSourcePayload['schedule']>(
+    (sourceItem as ThreatIntelS3CustomSourcePayload).schedule
+  );
+  const [fileError, setFileError] = useState('');
+  const [saveInProgress, setSaveInProgress] = useState(false);
+  const [saveDisabled, setSaveDisabled] = useState(false);
+  const checkboxes = [
+    {
+      id: ThreatIntelIocType.IPAddress,
+      label: 'IP - addresses',
+    },
+    {
+      id: ThreatIntelIocType.Domain,
+      label: 'Domains',
+    },
+    {
+      id: ThreatIntelIocType.FileHash,
+      label: 'File hash',
+    },
+  ];
+  const [checkboxIdToSelectedMap, setCheckboxIdToSelectedMap] = useState<Record<string, boolean>>(
+    () => {
+      const newCheckboxIdToSelectedMap: any = {};
+      ioc_types.forEach((ioc_type) => {
+        newCheckboxIdToSelectedMap[ioc_type] = true;
+      });
+      return newCheckboxIdToSelectedMap;
+    }
+  );
+
+  useEffect(() => {
+    if (!isReadOnly && type === 'IOC_UPLOAD' && fileUploadSource.ioc_upload.iocs.length === 0) {
+      setSaveDisabled(true);
+    } else if (type === 'IOC_UPLOAD' && fileUploadSource.ioc_upload.iocs.length > 0) {
+      setSaveDisabled(false);
+    }
+  }, [fileUploadSource, isReadOnly, type]);
+
+  const onNameChange = (event: React.ChangeEvent<HTMLInputElement>) => {
+    setSourceItemState({
+      ...sourceItemState,
+      name: event.target.value,
+    });
+    setSaveDisabled(!event.target.value);
+  };
+
+  const onDescriptionChange = (event: React.ChangeEvent<HTMLInputElement>) => {
+    setSourceItemState({
+      ...sourceItemState,
+      description: event.target.value,
+    });
+  };
+
+  const onS3DataChange = (field: keyof S3ConnectionSource['s3'], value: string) => {
+    setS3ConnectionDetails({
+      s3: {
+        ...s3ConnectionDetails.s3,
+        [field]: value,
+      },
+    });
+  };
+
+  const onIocTypesChange = (optionId: string) => {
+    const newCheckboxIdToSelectedMap = {
+      ...checkboxIdToSelectedMap,
+      ...{
+        [optionId]: !checkboxIdToSelectedMap[optionId],
+      },
+    };
+    setCheckboxIdToSelectedMap(newCheckboxIdToSelectedMap);
+  };
+
+  const onRefreshSwitchChange = (checked: boolean) => {
+    setSourceItemState({
+      ...sourceItemState,
+      enabled: !checked,
+    });
+  };
+
+  const onFileChange = (files: FileList | null) => {
+    setFileError('');
+    if (!!files?.item(0)) {
+      readIocsFromFile(files[0], (response) => {
+        if (response.ok) {
+          setFileUploadSource(response.sourceData);
+        } else {
+          setFileError(response.errorMessage);
+        }
+      });
+    }
+  };
+
+  const onIntervalChange = (schedule: PeriodSchedule) => {
+    setSchedule({
+      interval: {
+        start_time: Date.now(),
+        period: schedule.period.interval,
+        unit: schedule.period.unit,
+      },
+    });
+  };
+
+  const onSave = () => {
+    setSaveInProgress(true);
+
+    const payloadBase = {
+      ...threatIntelSourceItemToBasePayload(sourceItemState),
+      ioc_types: Object.entries(checkboxIdToSelectedMap)
+        .filter(([ioc, checked]) => checked)
+        .map(([ioc]) => ioc as ThreatIntelIocType),
+    };
+
+    const payload: ThreatIntelSourcePayload =
+      sourceItemState.type === 'S3_CUSTOM'
+        ? {
+            ...payloadBase,
+            type: 'S3_CUSTOM',
+            schedule: {
+              ...sourceItemState.schedule,
+              interval: {
+                ...sourceItemState.schedule.interval,
+                start_time: Date.now(),
+              },
+            },
+            source: s3ConnectionDetails,
+          }
+        : {
+            ...payloadBase,
+            type: 'IOC_UPLOAD',
+            source: fileUploadSource,
+            enabled: false,
+          };
+
+    if (sourceItem.type === 'IOC_UPLOAD') {
+      delete (payload as any)['schedule'];
+    }
+
+    threatIntelService.updateThreatIntelSource(id, payload).then((res) => {
+      setSaveInProgress(false);
+      if (res.ok) {
+        setSaveInProgress(false);
+        setIsReadOnly(true);
+        onSourceUpdate();
+      }
+    });
+  };
+
+  const onDiscard = () => {
+    setFileError('');
+    setIsReadOnly(true);
+    setSourceItemState(sourceItem);
+    setS3ConnectionDetails(sourceItem.source as S3ConnectionSource);
+    setFileUploadSource(sourceItem.source as FileUploadSource);
+  };
+
+  return (
+    <>
+      <EuiPanel>
+        <EuiFlexGroup>
+          <EuiFlexItem grow={1}>
+            <EuiTitle size="s">
+              <h4>Threat intel source details</h4>
+            </EuiTitle>
+          </EuiFlexItem>
+          <EuiFlexItem grow={2}>
+            <EuiFormRow label="Name">
+              <EuiFieldText readOnly={isReadOnly} value={name} onChange={onNameChange} />
+            </EuiFormRow>
+            <EuiSpacer />
+            <EuiFormRow label="Description">
+              <EuiFieldText
+                readOnly={isReadOnly}
+                value={description}
+                onChange={onDescriptionChange}
+              />
+            </EuiFormRow>
+            <EuiSpacer />
+            {type === 'S3_CUSTOM' && schedule && (
+              <>
+                <EuiFormLabel>Download schedule</EuiFormLabel>
+                <EuiSpacer size="xs" />
+                <EuiFlexGroup alignItems="center">
+                  <EuiFlexItem>
+                    <Interval
+                      schedule={{
+                        period: {
+                          interval: schedule.interval.period,
+                          unit: schedule.interval.unit,
+                        },
+                      }}
+                      onScheduleChange={onIntervalChange}
+                      readonly={isReadOnly || !enabled}
+                      scheduleUnitOptions={[defaultIntervalUnitOptions.DAYS]}
+                    />
+                  </EuiFlexItem>
+                  {(!isReadOnly || !enabled) && (
+                    <EuiFlexItem grow={false}>
+                      <EuiSwitch
+                        label="Download on demand only"
+                        checked={!enabled}
+                        onChange={(event) => onRefreshSwitchChange(event.target.checked)}
+                        disabled={isReadOnly}
+                      />
+                    </EuiFlexItem>
+                  )}
+                </EuiFlexGroup>
+                <EuiSpacer />
+
+                <EuiText>
+                  <h4>Connection details</h4>
+                </EuiText>
+                <EuiSpacer />
+                <EuiFormRow label={<EuiFormLabel>IAM Role ARN</EuiFormLabel>}>
+                  <EuiFieldText
+                    readOnly={isReadOnly}
+                    placeholder="arn:"
+                    onChange={(event) => onS3DataChange('role_arn', event.target.value)}
+                    value={s3ConnectionDetails.s3.role_arn}
+                  />
+                </EuiFormRow>
+                <EuiSpacer />
+                <EuiFormRow label="S3 bucket directory">
+                  <EuiFieldText
+                    readOnly={isReadOnly}
+                    placeholder="S3://"
+                    onChange={(event) => onS3DataChange('bucket_name', event.target.value)}
+                    value={s3ConnectionDetails.s3.bucket_name}
+                  />
+                </EuiFormRow>
+                <EuiSpacer />
+                <EuiFormRow label="Specify a directory or file">
+                  <EuiFieldText
+                    readOnly={isReadOnly}
+                    placeholder="Object key"
+                    onChange={(event) => onS3DataChange('object_key', event.target.value)}
+                    value={s3ConnectionDetails.s3.object_key}
+                  />
+                </EuiFormRow>
+                <EuiSpacer />
+                <EuiFormRow label="Region">
+                  <EuiFieldText
+                    readOnly={isReadOnly}
+                    placeholder="Region"
+                    onChange={(event) => onS3DataChange('region', event.target.value)}
+                    value={s3ConnectionDetails.s3.region}
+                  />
+                </EuiFormRow>
+                <EuiSpacer />
+              </>
+            )}
+            {type === 'IOC_UPLOAD' && (
+              <>
+                {isReadOnly && (
+                  <EuiFormRow label="Uploaded file">
+                    <EuiFieldText
+                      readOnly={isReadOnly}
+                      value={fileUploadSource.ioc_upload?.file_name}
+                      icon={'download'}
+                    />
+                  </EuiFormRow>
+                )}
+                {!isReadOnly && (
+                  <>
+                    <EuiFormRow
+                      label="Upload file"
+                      helpText={
+                        <>
+                          <p>Accepted format: JSON (.json) based on STIX spec.</p>
+                          <p>Maximum size: 500 kB. </p>
+                        </>
+                      }
+                      isInvalid={!!fileError}
+                      error={fileError}
+                    >
+                      <EuiFilePicker
+                        id={'filePickerId'}
+                        fullWidth
+                        initialPromptText="Select or drag and drop a file"
+                        onChange={onFileChange}
+                        display={'large'}
+                        multiple={false}
+                        aria-label="ioc file picker"
+                        isInvalid={!!fileError}
+                        data-test-subj="import_ioc_file"
+                      />
+                    </EuiFormRow>
+                  </>
+                )}
+              </>
+            )}
+            <EuiFormRow label="Types of malicious indicators">
+              <>
+                <EuiSpacer size="s" />
+                <EuiCheckboxGroup
+                  options={checkboxes}
+                  idToSelectedMap={checkboxIdToSelectedMap}
+                  onChange={onIocTypesChange}
+                  disabled={isReadOnly}
+                />
+              </>
+            </EuiFormRow>
+            <EuiSpacer />
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiButton
+              style={{ visibility: isReadOnly ? 'visible' : 'hidden' }}
+              onClick={() => setIsReadOnly(false)}
+            >
+              Edit
+            </EuiButton>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiPanel>
+      {!isReadOnly && (
+        <EuiBottomBar>
+          <EuiFlexGroup justifyContent="flexEnd">
+            <EuiFlexItem grow={false}>
+              <EuiButton onClick={onDiscard}>Discard</EuiButton>
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>
+              <EuiButton isLoading={saveInProgress} fill onClick={onSave} disabled={saveDisabled}>
+                Save
+              </EuiButton>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiBottomBar>
+      )}
+    </>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/ThreatIntelSourcesList/ThreatIntelSourcesList.tsx b/public/pages/ThreatIntel/components/ThreatIntelSourcesList/ThreatIntelSourcesList.tsx
new file mode 100644
index 000000000..b2b985b2b
--- /dev/null
+++ b/public/pages/ThreatIntel/components/ThreatIntelSourcesList/ThreatIntelSourcesList.tsx
@@ -0,0 +1,120 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React from 'react';
+import {
+  EuiBadge,
+  EuiButton,
+  EuiButtonEmpty,
+  EuiCard,
+  EuiEmptyPrompt,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiIcon,
+  EuiPanel,
+  EuiSpacer,
+  EuiTitle,
+} from '@elastic/eui';
+import { ROUTES } from '../../../../utils/constants';
+import { ThreatIntelSourceItem } from '../../../../../types';
+import { RouteComponentProps } from 'react-router-dom';
+import { IocLabel } from '../../../../../common/constants';
+
+export interface ThreatIntelSourcesListProps {
+  threatIntelSources: ThreatIntelSourceItem[];
+  history: RouteComponentProps['history'];
+}
+
+export const ThreatIntelSourcesList: React.FC<ThreatIntelSourcesListProps> = ({
+  threatIntelSources,
+  history,
+}) => {
+  return (
+    <EuiPanel>
+      <EuiSpacer size="m" />
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiTitle size="s">
+            <h4>Threat intelligence sources ({threatIntelSources.length})</h4>
+          </EuiTitle>
+        </EuiFlexItem>
+        {threatIntelSources.length > 0 && (
+          <EuiFlexItem grow={false}>
+            <EuiButton
+              onClick={() => {
+                history.push({
+                  pathname: ROUTES.THREAT_INTEL_ADD_CUSTOM_SOURCE,
+                });
+              }}
+            >
+              Add threat intel source
+            </EuiButton>
+          </EuiFlexItem>
+        )}
+      </EuiFlexGroup>
+      <EuiSpacer />
+      <EuiFlexGroup>
+        {threatIntelSources.map((source, idx) => {
+          return (
+            <EuiFlexItem key={idx} style={{ maxWidth: 350 }}>
+              <EuiCard
+                // icon={source.icon}
+                title={source.name}
+                description={source.description}
+                footer={
+                  <>
+                    <EuiButtonEmpty
+                      onClick={() => {
+                        history.push({
+                          pathname: `${ROUTES.THREAT_INTEL_SOURCE_DETAILS}/${source.id}`,
+                          state: { source },
+                        });
+                      }}
+                      iconType={'iInCircle'}
+                    >
+                      More details
+                    </EuiButtonEmpty>
+                    <EuiSpacer size="m" />
+                    {source.enabled && (
+                      <>
+                        <EuiIcon
+                          type={'dot'}
+                          color={source.enabled ? 'success' : 'text'}
+                          style={{ marginBottom: 4 }}
+                        />{' '}
+                        Active
+                      </>
+                    )}
+                  </>
+                }
+              >
+                {source.ioc_types.map((iocType) => (
+                  <EuiBadge key={iocType}>{IocLabel[iocType]}</EuiBadge>
+                ))}
+              </EuiCard>
+            </EuiFlexItem>
+          );
+        })}
+      </EuiFlexGroup>
+      {threatIntelSources.length === 0 && (
+        <EuiEmptyPrompt
+          title={<h3>No threat intel source present</h3>}
+          actions={[
+            <EuiButton
+              fill
+              onClick={() => {
+                history.push({
+                  pathname: ROUTES.THREAT_INTEL_ADD_CUSTOM_SOURCE,
+                });
+              }}
+            >
+              Add threat intel source
+            </EuiButton>,
+          ]}
+        />
+      )}
+    </EuiPanel>
+  );
+};
diff --git a/public/pages/ThreatIntel/components/Utility/ConfigActionButton.tsx b/public/pages/ThreatIntel/components/Utility/ConfigActionButton.tsx
new file mode 100644
index 000000000..83b9f9992
--- /dev/null
+++ b/public/pages/ThreatIntel/components/Utility/ConfigActionButton.tsx
@@ -0,0 +1,38 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { EuiButton } from '@elastic/eui';
+import React from 'react';
+
+export interface ConfigActionButtonProps {
+  action: 'configure' | 'edit';
+  actionHandler: () => void;
+  disabled?: boolean;
+}
+
+export const ConfigActionButton: React.FC<ConfigActionButtonProps> = ({
+  action,
+  disabled,
+  actionHandler,
+}) => {
+  let buttonText;
+
+  switch (action) {
+    case 'configure':
+      buttonText = 'Configure scan';
+      break;
+    case 'edit':
+      buttonText = 'Edit scan configuration';
+      break;
+    default:
+      buttonText = '';
+  }
+
+  return buttonText ? (
+    <EuiButton onClick={actionHandler} disabled={disabled}>
+      {buttonText}
+    </EuiButton>
+  ) : null;
+};
diff --git a/public/pages/ThreatIntel/containers/AddThreatIntelSource/AddThreatIntelSource.tsx b/public/pages/ThreatIntel/containers/AddThreatIntelSource/AddThreatIntelSource.tsx
new file mode 100644
index 000000000..db79b9f4e
--- /dev/null
+++ b/public/pages/ThreatIntel/containers/AddThreatIntelSource/AddThreatIntelSource.tsx
@@ -0,0 +1,422 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React, { useContext, useEffect, useState } from 'react';
+import {
+  EuiButton,
+  EuiCheckableCard,
+  EuiCheckboxGroup,
+  EuiFieldText,
+  EuiFilePicker,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormLabel,
+  EuiFormRow,
+  EuiPanel,
+  EuiSpacer,
+  EuiSwitch,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import { CoreServicesContext } from '../../../../components/core_services';
+import { BREADCRUMBS, ROUTES, defaultIntervalUnitOptions } from '../../../../utils/constants';
+import { Interval } from '../../../CreateDetector/components/DefineDetector/components/DetectorSchedule/Interval';
+import { RouteComponentProps } from 'react-router-dom';
+import ThreatIntelService from '../../../../services/ThreatIntelService';
+import {
+  FileUploadSource,
+  S3ConnectionSource,
+  ThreatIntelS3CustomSourcePayload,
+  ThreatIntelSourcePayload,
+  ThreatIntelSourcePayloadBase,
+} from '../../../../../types';
+import {
+  getEmptyIocFileUploadSource,
+  getEmptyS3ConnectionSource,
+  getEmptyThreatIntelSourcePayloadBase,
+  readIocsFromFile,
+} from '../../utils/helpers';
+import { ThreatIntelIocType } from '../../../../../common/constants';
+import { PeriodSchedule } from '../../../../../models/interfaces';
+
+export interface AddThreatIntelSourceProps extends RouteComponentProps {
+  threatIntelService: ThreatIntelService;
+}
+
+export const AddThreatIntelSource: React.FC<AddThreatIntelSourceProps> = ({
+  history,
+  threatIntelService,
+}) => {
+  const context = useContext(CoreServicesContext);
+  const [source, setSource] = useState<ThreatIntelSourcePayloadBase>(
+    getEmptyThreatIntelSourcePayloadBase()
+  );
+  const [schedule, setSchedule] = useState<ThreatIntelS3CustomSourcePayload['schedule']>({
+    interval: {
+      start_time: Date.now(),
+      period: 1,
+      unit: 'DAYS',
+    },
+  });
+  const [sourceType, setSourceType] = useState<'S3_CUSTOM' | 'IOC_UPLOAD'>('S3_CUSTOM');
+  const [s3ConnectionDetails, setS3ConnectionDetails] = useState<S3ConnectionSource>(
+    getEmptyS3ConnectionSource()
+  );
+  const [fileUploadSource, setFileUploadSource] = useState<FileUploadSource>(
+    getEmptyIocFileUploadSource()
+  );
+  const [fileError, setFileError] = useState('');
+  const [submitInProgress, setSubmitInProgress] = useState(false);
+  const checkboxes = [
+    {
+      id: ThreatIntelIocType.IPAddress,
+      label: 'IP - addresses',
+    },
+    {
+      id: ThreatIntelIocType.Domain,
+      label: 'Domains',
+    },
+    {
+      id: ThreatIntelIocType.FileHash,
+      label: 'File hash',
+    },
+  ];
+  const [checkboxIdToSelectedMap, setCheckboxIdToSelectedMap] = useState<Record<string, boolean>>(
+    {}
+  );
+
+  useEffect(() => {
+    context?.chrome.setBreadcrumbs([
+      BREADCRUMBS.SECURITY_ANALYTICS,
+      BREADCRUMBS.THREAT_INTEL_OVERVIEW,
+      BREADCRUMBS.THREAT_INTEL_ADD_CUSTOM_SOURCE,
+    ]);
+  }, []);
+
+  const onIocTypesChange = (optionId: string) => {
+    const newCheckboxIdToSelectedMap = {
+      ...checkboxIdToSelectedMap,
+      ...{
+        [optionId]: !checkboxIdToSelectedMap[optionId],
+      },
+    };
+    setCheckboxIdToSelectedMap(newCheckboxIdToSelectedMap);
+  };
+
+  const onRefreshSwitchChange = (checked: boolean) => {
+    setSource({
+      ...source,
+      enabled: !checked,
+    });
+  };
+
+  const onNameChange = (event: React.ChangeEvent<HTMLInputElement>) => {
+    setSource({
+      ...source,
+      name: event.target.value,
+    });
+  };
+
+  const onDescriptionChange = (event: React.ChangeEvent<HTMLInputElement>) => {
+    setSource({
+      ...source,
+      description: event.target.value,
+    });
+  };
+
+  const onS3DataChange = (field: keyof S3ConnectionSource['s3'], value: string) => {
+    setS3ConnectionDetails({
+      s3: {
+        ...s3ConnectionDetails.s3,
+        [field]: value,
+      },
+    });
+  };
+
+  const onIntervalChange = (schedule: PeriodSchedule) => {
+    setSchedule({
+      interval: {
+        start_time: Date.now(),
+        period: schedule.period.interval,
+        unit: schedule.period.unit,
+      },
+    });
+  };
+
+  const onFileChange = (files: FileList | null) => {
+    setFileError('');
+    if (!!files?.item(0)) {
+      readIocsFromFile(files[0], (response) => {
+        if (response.ok) {
+          setFileUploadSource(response.sourceData);
+        } else {
+          setFileError(response.errorMessage);
+        }
+      });
+    }
+  };
+
+  const onSubmit = () => {
+    setSubmitInProgress(true);
+    const payload: ThreatIntelSourcePayload =
+      sourceType === 'S3_CUSTOM'
+        ? {
+            ...source,
+            type: 'S3_CUSTOM',
+            schedule: {
+              ...schedule,
+              interval: {
+                ...schedule.interval,
+                start_time: Date.now(),
+              },
+            },
+            ioc_types: Object.entries(checkboxIdToSelectedMap)
+              .filter(([ioc, checked]) => checked)
+              .map(([ioc]) => ioc as ThreatIntelIocType),
+            source: s3ConnectionDetails,
+          }
+        : {
+            ...source,
+            type: 'IOC_UPLOAD',
+            ioc_types: Object.entries(checkboxIdToSelectedMap)
+              .filter(([ioc, checked]) => checked)
+              .map(([ioc]) => ioc as ThreatIntelIocType),
+            source: fileUploadSource,
+            enabled: false,
+          };
+
+    threatIntelService.addThreatIntelSource(payload).then((res) => {
+      setSubmitInProgress(false);
+      if (res.ok) {
+        history.push({
+          pathname: `${ROUTES.THREAT_INTEL_SOURCE_DETAILS}/${res.response.id}`,
+          state: { source: res.response },
+        });
+      }
+    });
+  };
+
+  return (
+    <>
+      <EuiPanel>
+        <EuiTitle>
+          <h4>Add custom threat intelligence source</h4>
+        </EuiTitle>
+        <EuiSpacer size="xs" />
+        <EuiText color="subdued">
+          <p>
+            Add your custom threat intelligence source that contains indicators of malicious
+            behaviors in STIX (Structured Threat Information Expression) format.
+          </p>
+        </EuiText>
+        <EuiSpacer />
+        <EuiText>
+          <h4>Details</h4>
+        </EuiText>
+        <EuiSpacer />
+        <EuiFormRow label="Name">
+          <EuiFieldText placeholder="Title" onChange={onNameChange} value={source.name} />
+        </EuiFormRow>
+        <EuiSpacer />
+        <EuiFormRow
+          label={
+            <>
+              {'Description - '}
+              <em>optional</em>
+            </>
+          }
+        >
+          <EuiFieldText
+            placeholder="Description"
+            onChange={onDescriptionChange}
+            value={source.description}
+          />
+        </EuiFormRow>
+        <EuiSpacer />
+        <EuiText size="xs">
+          <b>Threat intel source type</b>
+        </EuiText>
+        <EuiSpacer size="s" />
+        <EuiFlexGroup>
+          <EuiFlexItem style={{ maxWidth: 400 }}>
+            <EuiCheckableCard
+              className="eui-fullHeight"
+              id={'data-store'}
+              label={
+                <>
+                  <EuiTitle size="s">
+                    <h4>Data storage location</h4>
+                  </EuiTitle>
+                  <EuiText size="s">
+                    <p>Connect your custom data storage.</p>
+                  </EuiText>
+                </>
+              }
+              checkableType="radio"
+              checked={sourceType === 'S3_CUSTOM'}
+              onChange={() => {
+                setSourceType('S3_CUSTOM');
+              }}
+            />
+          </EuiFlexItem>
+          <EuiFlexItem style={{ maxWidth: 400 }}>
+            <EuiCheckableCard
+              className="eui-fullHeight"
+              id={'file-upload'}
+              label={
+                <>
+                  <EuiTitle size="s">
+                    <h4>File upload</h4>
+                  </EuiTitle>
+                  <EuiText size="s">
+                    <p>Upload your own threat intel as a local file or using a URL.</p>
+                  </EuiText>
+                </>
+              }
+              checkableType="radio"
+              checked={sourceType === 'IOC_UPLOAD'}
+              onChange={() => {
+                setSourceType('IOC_UPLOAD');
+              }}
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <EuiSpacer />
+        {sourceType === 'S3_CUSTOM' && (
+          <>
+            <EuiText>
+              <h4>Connection details</h4>
+            </EuiText>
+            <EuiSpacer />
+            <EuiFormRow
+              label={
+                <>
+                  <EuiFormLabel>IAM Role ARN</EuiFormLabel>
+                  <EuiText color="subdued" size="xs">
+                    <span>
+                      The Amazon Resource Name for an IAM role in Amazon Web Services (AWS)
+                    </span>
+                  </EuiText>
+                </>
+              }
+            >
+              <EuiFieldText
+                placeholder="arn:"
+                onChange={(event) => onS3DataChange('role_arn', event.target.value)}
+                value={s3ConnectionDetails.s3.role_arn}
+              />
+            </EuiFormRow>
+            <EuiSpacer />
+            <EuiFormRow label="S3 bucket directory">
+              <EuiFieldText
+                placeholder="S3://"
+                onChange={(event) => onS3DataChange('bucket_name', event.target.value)}
+                value={s3ConnectionDetails.s3.bucket_name}
+              />
+            </EuiFormRow>
+            <EuiSpacer />
+            <EuiFormRow label="Specify a directory or file">
+              <EuiFieldText
+                placeholder="Object key"
+                onChange={(event) => onS3DataChange('object_key', event.target.value)}
+                value={s3ConnectionDetails.s3.object_key}
+              />
+            </EuiFormRow>
+            <EuiSpacer />
+            <EuiFormRow label="Region">
+              <EuiFieldText
+                placeholder="Region"
+                onChange={(event) => onS3DataChange('region', event.target.value)}
+                value={s3ConnectionDetails.s3.region}
+              />
+            </EuiFormRow>
+            <EuiSpacer />
+            {/* <EuiButton>Test connection</EuiButton>
+            <EuiSpacer /> */}
+            <EuiText>
+              <h4>Download schedule</h4>
+            </EuiText>
+            <EuiSpacer />
+            <EuiSwitch
+              label="Download on demand only"
+              checked={!source.enabled}
+              onChange={(event) => onRefreshSwitchChange(event.target.checked)}
+            />
+            <EuiSpacer />
+            {source.enabled && sourceType === 'S3_CUSTOM' && (
+              <>
+                <Interval
+                  label="Download new data every"
+                  schedule={{
+                    period: {
+                      interval: schedule.interval.period,
+                      unit: schedule.interval.unit,
+                    },
+                  }}
+                  scheduleUnitOptions={[defaultIntervalUnitOptions.DAYS]}
+                  onScheduleChange={onIntervalChange}
+                />
+                <EuiSpacer />
+              </>
+            )}
+          </>
+        )}
+        {sourceType === 'IOC_UPLOAD' && (
+          <>
+            <EuiText>
+              <h4>Upload a file</h4>
+            </EuiText>
+            <EuiSpacer />
+            <EuiFormRow
+              label="File"
+              helpText={
+                <>
+                  <p>Accepted format: JSON (.json) based on STIX spec.</p>
+                  <p>Maximum size: 500 kB. </p>
+                </>
+              }
+              isInvalid={!!fileError}
+              error={fileError}
+            >
+              <EuiFilePicker
+                id={'filePickerId'}
+                fullWidth
+                initialPromptText="Select or drag and drop a file"
+                onChange={onFileChange}
+                display={'large'}
+                multiple={false}
+                aria-label="ioc file picker"
+                isInvalid={!!fileError}
+                data-test-subj="import_ioc_file"
+              />
+            </EuiFormRow>
+            <EuiSpacer />
+          </>
+        )}
+        <EuiText>
+          <h4>Types of malicious indicators</h4>
+        </EuiText>
+        <EuiSpacer />
+        <EuiCheckboxGroup
+          options={checkboxes}
+          idToSelectedMap={checkboxIdToSelectedMap}
+          onChange={onIocTypesChange}
+        />
+        <EuiSpacer />
+      </EuiPanel>
+      <EuiSpacer />
+      <EuiFlexGroup justifyContent="flexEnd">
+        <EuiFlexItem grow={false}>
+          <EuiButton onClick={() => history.push(ROUTES.THREAT_INTEL_OVERVIEW)}>Cancel</EuiButton>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <EuiButton isLoading={submitInProgress} fill onClick={onSubmit}>
+            Add threat intel source
+          </EuiButton>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </>
+  );
+};
diff --git a/public/pages/ThreatIntel/containers/Overview/ThreatIntelOverview.tsx b/public/pages/ThreatIntel/containers/Overview/ThreatIntelOverview.tsx
new file mode 100644
index 000000000..ac1681a2c
--- /dev/null
+++ b/public/pages/ThreatIntel/containers/Overview/ThreatIntelOverview.tsx
@@ -0,0 +1,209 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import {
+  EuiAccordion,
+  EuiButton,
+  EuiCard,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFlyout,
+  EuiLink,
+  EuiSpacer,
+  EuiTabbedContent,
+  EuiTabbedContentTab,
+  EuiText,
+  EuiTitle,
+} from '@elastic/eui';
+import React, { MouseEventHandler, useCallback, useContext, useEffect, useMemo } from 'react';
+import { CoreServicesContext } from '../../../../components/core_services';
+import { BREADCRUMBS, ROUTES } from '../../../../utils/constants';
+import { useState } from 'react';
+import {
+  ThreatIntelNextStepId,
+  ThreatIntelScanConfig,
+  ThreatIntelSourceItem,
+} from '../../../../../types';
+import { RouteComponentProps } from 'react-router-dom';
+import { ThreatIntelSourcesList } from '../../components/ThreatIntelSourcesList/ThreatIntelSourcesList';
+import { deriveFormModelFromConfig, getThreatIntelNextStepsProps } from '../../utils/helpers';
+import { ThreatIntelOverviewActions } from '../../components/ThreatIntelOverviewActions/ThreatIntelOverviewActions';
+import ThreatIntelService from '../../../../services/ThreatIntelService';
+import { ThreatIntelLogScanConfig } from '../../components/ThreatIntelLogScanConfig/ThreatIntelLogScanConfig';
+
+export interface ThreatIntelOverviewProps extends RouteComponentProps {
+  threatIntelService: ThreatIntelService;
+}
+
+export const ThreatIntelOverview: React.FC<ThreatIntelOverviewProps> = ({
+  history,
+  threatIntelService,
+}) => {
+  const context = useContext(CoreServicesContext);
+  const [threatIntelSources, setThreatIntelSources] = useState<ThreatIntelSourceItem[]>([]);
+  const [scanConfig, setScanConfig] = useState<ThreatIntelScanConfig>();
+  const [flyoutContent, setFlyoutContent] = useState<React.ReactNode>(null);
+
+  const onEditScanConfig = () => {
+    history.push({
+      pathname: `${ROUTES.THREAT_INTEL_EDIT_SCAN_CONFIG}`,
+      state: { scanConfig },
+    });
+  };
+
+  const logSources = useMemo(() => {
+    if (!scanConfig) {
+      return [];
+    }
+
+    return deriveFormModelFromConfig(scanConfig).logSources;
+  }, [scanConfig]);
+
+  const addThreatIntelSourceActionHandler = useCallback(() => {
+    history.push({
+      pathname: ROUTES.THREAT_INTEL_ADD_CUSTOM_SOURCE,
+    });
+  }, []);
+
+  const tabs: EuiTabbedContentTab[] = useMemo(
+    () => [
+      {
+        id: 'threat-intel-sources',
+        name: <span>Threat intel sources ({threatIntelSources.length})</span>,
+        content: (
+          <ThreatIntelSourcesList threatIntelSources={threatIntelSources} history={history} />
+        ),
+      },
+      {
+        id: 'log-scan-config',
+        name: <span>Log scan configuration</span>,
+        content: (
+          <ThreatIntelLogScanConfig
+            scanConfig={scanConfig}
+            threatIntelSourceCount={threatIntelSources.length}
+            setFlyoutContent={(content) => setFlyoutContent(content)}
+            scanConfigActionHandler={onEditScanConfig}
+            addThreatIntelActionHandler={addThreatIntelSourceActionHandler}
+          />
+        ),
+      },
+    ],
+    [scanConfig, threatIntelSources]
+  );
+
+  useEffect(() => {
+    context?.chrome.setBreadcrumbs([
+      BREADCRUMBS.SECURITY_ANALYTICS,
+      BREADCRUMBS.THREAT_INTEL_OVERVIEW,
+    ]);
+  }, []);
+
+  useEffect(() => {
+    const searchSources = async () => {
+      const res = await threatIntelService.searchThreatIntelSource();
+
+      if (res.ok) {
+        setThreatIntelSources(res.response);
+      }
+    };
+
+    const getScanConfig = async () => {
+      try {
+        const res = await threatIntelService.getThreatIntelScanConfig();
+
+        if (res.ok) {
+          setScanConfig(res.response);
+        }
+      } catch (e: any) {
+        console.log('failed to get scan config');
+      }
+    };
+
+    getScanConfig();
+
+    searchSources();
+  }, [threatIntelService]);
+
+  const nextStepClickHandlerById: Record<ThreatIntelNextStepId, MouseEventHandler> = {
+    ['add-source']: addThreatIntelSourceActionHandler,
+    ['configure-scan']: () => {
+      history.push({
+        pathname:
+          logSources.length > 0
+            ? ROUTES.THREAT_INTEL_EDIT_SCAN_CONFIG
+            : ROUTES.THREAT_INTEL_CREATE_SCAN_CONFIG,
+        state: { scanConfig },
+      });
+    },
+  };
+
+  const threatIntelNextStepsProps = getThreatIntelNextStepsProps(
+    threatIntelSources.length > 0,
+    logSources.length > 0
+  );
+
+  return (
+    <>
+      <EuiFlexGroup alignItems="flexStart">
+        <EuiFlexItem>
+          <EuiTitle size="m">
+            <h1>Threat intelligence</h1>
+          </EuiTitle>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <ThreatIntelOverviewActions
+            history={history}
+            scanConfig={scanConfig}
+            sourceCount={threatIntelSources.length}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiSpacer size="s" />
+      <EuiText color="subdued">
+        <span>
+          Scan log data for indicators of compromise from threat intel data streams to identify
+          malicious actors and security threats.{' '}
+          <EuiLink href="" external>
+            Learn more
+          </EuiLink>
+          .
+        </span>
+      </EuiText>
+      <EuiSpacer />
+      <EuiAccordion
+        id="threat-intel-management-steps"
+        buttonContent="Get started"
+        initialIsOpen={threatIntelSources.length === 0 || logSources.length === 0}
+      >
+        <EuiSpacer />
+        <EuiFlexGroup>
+          {threatIntelNextStepsProps.map(
+            ({ id, title, description, footerButtonProps: { text, disabled } }) => (
+              <EuiFlexItem key={id}>
+                <EuiCard
+                  title={title}
+                  description={description}
+                  footer={
+                    <EuiButton disabled={disabled} onClick={nextStepClickHandlerById[id]}>
+                      {text}
+                    </EuiButton>
+                  }
+                />
+              </EuiFlexItem>
+            )
+          )}
+        </EuiFlexGroup>
+      </EuiAccordion>
+      <EuiSpacer />
+      <EuiTabbedContent tabs={tabs} initialSelectedTab={tabs[0]} />
+      {flyoutContent && (
+        <EuiFlyout onClose={() => setFlyoutContent(null)}>
+          <EuiSpacer />
+          {flyoutContent}
+        </EuiFlyout>
+      )}
+    </>
+  );
+};
diff --git a/public/pages/ThreatIntel/containers/ScanConfiguration/ThreatIntelScanConfigForm.tsx b/public/pages/ThreatIntel/containers/ScanConfiguration/ThreatIntelScanConfigForm.tsx
new file mode 100644
index 000000000..74c5450a5
--- /dev/null
+++ b/public/pages/ThreatIntel/containers/ScanConfiguration/ThreatIntelScanConfigForm.tsx
@@ -0,0 +1,346 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React, { useContext, useEffect, useRef, useState } from 'react';
+import {
+  EuiButton,
+  EuiButtonEmpty,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiSpacer,
+  EuiSteps,
+  EuiTitle,
+} from '@elastic/eui';
+import { BREADCRUMBS, PLUGIN_NAME, ROUTES } from '../../../../utils/constants';
+import { CoreServicesContext } from '../../../../components/core_services';
+import { SelectThreatIntelLogSources } from '../../components/SelectLogSourcesForm/SelectThreatIntelLogSourcesForm';
+import {
+  ThreatIntelScanConfig,
+  ThreatIntelAlertTrigger,
+  ThreatIntelLogSource,
+  ThreatIntelScanConfigFormModel,
+} from '../../../../../types';
+import { ConfigureThreatIntelAlertTriggers } from '../../components/ConfigureThreatIntelAlertTriggers/ConfigureThreatIntelAlertTriggers';
+import { NotificationsService, ThreatIntelService } from '../../../../services';
+import {
+  configFormModelToMonitorPayload,
+  deriveFormModelFromConfig,
+  getEmptyScanConfigFormModel,
+} from '../../utils/helpers';
+import { RouteComponentProps } from 'react-router-dom';
+import { ConfigureThreatIntelScanStep } from '../../utils/constants';
+import { NotificationsStart } from 'opensearch-dashboards/public';
+import { PeriodSchedule } from '../../../../../models/interfaces';
+import { errorNotificationToast } from '../../../../utils/helpers';
+
+export interface ThreatIntelScanConfigFormProps
+  extends RouteComponentProps<
+    any,
+    any,
+    { scanConfig?: ThreatIntelScanConfig; step?: ConfigureThreatIntelScanStep }
+  > {
+  notificationsService: NotificationsService;
+  threatIntelService: ThreatIntelService;
+  notifications: NotificationsStart;
+}
+
+interface FormErrors {
+  logSourceError?: string;
+  fieldAliasError?: string;
+  triggersErrors?: {
+    nameError?: string;
+    notificationChannelError?: string;
+  }[];
+}
+
+export const ThreatIntelScanConfigForm: React.FC<ThreatIntelScanConfigFormProps> = ({
+  notificationsService,
+  notifications,
+  location,
+  threatIntelService,
+  history,
+}) => {
+  const isEdit = location.pathname.includes(ROUTES.THREAT_INTEL_EDIT_SCAN_CONFIG);
+  const [scanId, setScanId] = useState('');
+  const context = useContext(CoreServicesContext);
+  const [currentStep, setCurrentStep] = useState(
+    location.state?.step ?? ConfigureThreatIntelScanStep.SelectLogSources
+  );
+  const [formErrors, setFormErrors] = useState<FormErrors>({});
+  const [configureInProgress, setConfigureInProgress] = useState(false);
+  const [stepDataValid, setStepDataValid] = useState({
+    [ConfigureThreatIntelScanStep.SelectLogSources]: true,
+    [ConfigureThreatIntelScanStep.SetupAlertTriggers]: true,
+  });
+  const threatIntelTriggerCounter = useRef(0);
+  const getNextTriggerName = () => {
+    threatIntelTriggerCounter.current++;
+    return `Trigger ${threatIntelTriggerCounter.current}`;
+  };
+
+  const [configureScanFormInputs, setConfigureScanFormInputs] = useState<
+    ThreatIntelScanConfigFormModel
+  >(() => {
+    if (location.state?.scanConfig) {
+      setScanId(location.state.scanConfig.id);
+      return deriveFormModelFromConfig(location.state.scanConfig);
+    }
+
+    return getEmptyScanConfigFormModel(getNextTriggerName());
+  });
+
+  useEffect(() => {
+    context?.chrome.setBreadcrumbs([
+      BREADCRUMBS.SECURITY_ANALYTICS,
+      BREADCRUMBS.THREAT_INTEL_OVERVIEW,
+      isEdit
+        ? BREADCRUMBS.THREAT_INTEL_EDIT_SCAN_CONFIG
+        : BREADCRUMBS.THREAT_INTEL_SETUP_SCAN_CONFIG,
+    ]);
+
+    if (isEdit && !location.state?.scanConfig) {
+      const getScanConfig = async () => {
+        try {
+          const res = await threatIntelService.getThreatIntelScanConfig();
+
+          if (res.ok) {
+            setScanId(res.response.id);
+            setConfigureScanFormInputs(deriveFormModelFromConfig(res.response));
+          } else if (
+            res.error.includes('Configured indices are not found: [.opendistro-alerting-config]')
+          ) {
+            history.push({
+              pathname: ROUTES.THREAT_INTEL_CREATE_SCAN_CONFIG,
+            });
+          }
+        } catch (e: any) {
+          console.log('failed to get scan config');
+        }
+      };
+
+      getScanConfig();
+    }
+  }, [isEdit]);
+
+  const updateFormErrors = (errors: FormErrors) => {
+    const newErrors = {
+      ...formErrors,
+      ...errors,
+    };
+    setFormErrors(newErrors);
+    updateStepValidity(newErrors);
+  };
+
+  const validateLogSources = (logSources: ThreatIntelScanConfigFormModel['logSources']) => {
+    if (logSources.length === 0) {
+      return 'Select at least one index/alias';
+    }
+  };
+
+  const validateFieldAliases = (logSources: ThreatIntelScanConfigFormModel['logSources']) => {
+    const iocEnabled = logSources.every((logSource) => {
+      return Object.keys(logSource.iocConfigMap).length !== 0;
+    });
+
+    if (!iocEnabled) {
+      return 'Enable at least one IoC type for each selected index/alias.';
+    }
+
+    for (let l of logSources) {
+      for (let [_ioc, config] of Object.entries(l.iocConfigMap)) {
+        if (config.enabled && (!config.fieldAliases || config.fieldAliases.length === 0)) {
+          return 'Add at least one log source field for each enabled IoC type.';
+        }
+      }
+    }
+
+    return '';
+  };
+
+  const updateStepValidity = (errors: FormErrors) => {
+    const stepOneDataValid = !errors.logSourceError && !errors.fieldAliasError;
+    const stepTwoDataValid = !errors.triggersErrors?.some(
+      (errors) => errors.nameError || errors.notificationChannelError
+    );
+
+    setStepDataValid({
+      [ConfigureThreatIntelScanStep.SelectLogSources]: stepOneDataValid,
+      [ConfigureThreatIntelScanStep.SetupAlertTriggers]: stepTwoDataValid,
+    });
+  };
+
+  const validateFormData = (formModel: ThreatIntelScanConfigFormModel) => {
+    validateLogSources(formModel.logSources);
+    validateFieldAliases(formModel.logSources);
+  };
+
+  const updatePayload = (formModel: ThreatIntelScanConfigFormModel) => {
+    setConfigureScanFormInputs(formModel);
+  };
+
+  const onSourcesChange = (logSources: ThreatIntelLogSource[]): void => {
+    updatePayload({
+      ...configureScanFormInputs,
+      logSources,
+      indices: logSources.map(({ name }) => name),
+    });
+    const logSourceError = validateLogSources(logSources);
+    const fieldAliasError = validateFieldAliases(logSources);
+    updateFormErrors({
+      logSourceError,
+      fieldAliasError,
+    });
+  };
+
+  const onTriggersChange = (triggers: ThreatIntelAlertTrigger[]) => {
+    updatePayload({
+      ...configureScanFormInputs,
+      triggers,
+    });
+  };
+
+  const onScheduleChange = (schedule: PeriodSchedule) => {
+    updatePayload({
+      ...configureScanFormInputs,
+      schedule,
+    });
+  };
+
+  const getStepConent = (step: ConfigureThreatIntelScanStep) => {
+    switch (step) {
+      case ConfigureThreatIntelScanStep.SelectLogSources:
+        return (
+          <SelectThreatIntelLogSources
+            sources={configureScanFormInputs.logSources}
+            schedule={configureScanFormInputs.schedule}
+            notifications={notifications}
+            updateSources={onSourcesChange}
+            updateSchedule={onScheduleChange}
+          />
+        );
+      case ConfigureThreatIntelScanStep.SetupAlertTriggers:
+        return (
+          <ConfigureThreatIntelAlertTriggers
+            alertTriggers={configureScanFormInputs.triggers}
+            notificationsService={notificationsService}
+            enabledIocTypes={configFormModelToMonitorPayload(
+              configureScanFormInputs
+            ).per_ioc_type_scan_input_list.map((list) => list.ioc_type)}
+            logSources={configureScanFormInputs.indices}
+            getNextTriggerName={getNextTriggerName}
+            updateTriggers={onTriggersChange}
+          />
+        );
+      default:
+        return null;
+    }
+  };
+
+  const onPreviousClick = () => {
+    setCurrentStep(ConfigureThreatIntelScanStep.SelectLogSources);
+  };
+
+  const onNextClick = () => {
+    setCurrentStep(ConfigureThreatIntelScanStep.SetupAlertTriggers);
+  };
+
+  const onSubmit = async () => {
+    setConfigureInProgress(true);
+
+    let res;
+    if (isEdit) {
+      res = await threatIntelService.updateThreatIntelMonitor(
+        scanId,
+        configFormModelToMonitorPayload(configureScanFormInputs)
+      );
+    } else {
+      res = await threatIntelService.createThreatIntelMonitor(
+        configFormModelToMonitorPayload(configureScanFormInputs)
+      );
+    }
+
+    if (res.ok) {
+      history.push({
+        pathname: ROUTES.THREAT_INTEL_OVERVIEW,
+      });
+    } else {
+      errorNotificationToast(notifications, 'configure', 'scan', res.error);
+    }
+
+    setConfigureInProgress(false);
+  };
+
+  return (
+    <>
+      <EuiFlexGroup>
+        <EuiFlexItem grow={false}>
+          <EuiSteps
+            steps={[
+              {
+                title: 'Select log sources',
+                status:
+                  currentStep === ConfigureThreatIntelScanStep.SetupAlertTriggers
+                    ? 'complete'
+                    : undefined,
+                children: <></>,
+              },
+              {
+                title: 'Set up alert triggers',
+                status:
+                  currentStep === ConfigureThreatIntelScanStep.SetupAlertTriggers
+                    ? undefined
+                    : 'disabled',
+                children: <></>,
+              },
+            ]}
+          />
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <EuiTitle>
+            <h1>{isEdit ? 'Edit' : 'Set up'} real-time scan</h1>
+          </EuiTitle>
+          <EuiSpacer />
+          {getStepConent(currentStep)}
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiSpacer />
+      <EuiFlexGroup alignItems={'center'} justifyContent={'flexEnd'}>
+        <EuiFlexItem grow={false}>
+          <EuiButtonEmpty href={`${PLUGIN_NAME}#${ROUTES.THREAT_INTEL_OVERVIEW}`}>
+            Cancel
+          </EuiButtonEmpty>
+        </EuiFlexItem>
+
+        {currentStep === ConfigureThreatIntelScanStep.SelectLogSources && (
+          <EuiFlexItem grow={false}>
+            <EuiButton fill={true} onClick={onNextClick} disabled={!stepDataValid[currentStep]}>
+              Next
+            </EuiButton>
+          </EuiFlexItem>
+        )}
+
+        {currentStep === ConfigureThreatIntelScanStep.SetupAlertTriggers && (
+          <>
+            <EuiFlexItem grow={false}>
+              <EuiButton disabled={configureInProgress} onClick={onPreviousClick}>
+                Back
+              </EuiButton>
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                disabled={configureInProgress || !stepDataValid[currentStep]}
+                isLoading={configureInProgress}
+                fill={true}
+                onClick={onSubmit}
+              >
+                Save and start monitoring
+              </EuiButton>
+            </EuiFlexItem>
+          </>
+        )}
+      </EuiFlexGroup>
+    </>
+  );
+};
diff --git a/public/pages/ThreatIntel/containers/ThreatIntelSource/ThreatIntelSource.tsx b/public/pages/ThreatIntel/containers/ThreatIntelSource/ThreatIntelSource.tsx
new file mode 100644
index 000000000..084825165
--- /dev/null
+++ b/public/pages/ThreatIntel/containers/ThreatIntelSource/ThreatIntelSource.tsx
@@ -0,0 +1,217 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import React, { useContext, useState } from 'react';
+import { ThreatIntelIocData, ThreatIntelSourceItem } from '../../../../../types';
+import { RouteComponentProps } from 'react-router-dom';
+import { BREADCRUMBS, DEFAULT_EMPTY_DATA, ROUTES } from '../../../../utils/constants';
+import { useEffect } from 'react';
+import { CoreServicesContext } from '../../../../components/core_services';
+import {
+  EuiButton,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiLoadingContent,
+  EuiPanel,
+  EuiSpacer,
+  EuiTabbedContent,
+  EuiTabbedContentTab,
+  EuiTitle,
+} from '@elastic/eui';
+import { DescriptionGroup } from '../../../../components/Utility/DescriptionGroup';
+import { IoCsTable } from '../../components/IoCsTable/IoCsTable';
+import { ThreatIntelSourceDetails } from '../../components/ThreatIntelSourceDetails/ThreatIntelSourceDetails';
+import { IocLabel } from '../../../../../common/constants';
+import { ThreatIntelService } from '../../../../services';
+import { errorNotificationToast, parseSchedule, renderTime } from '../../../../utils/helpers';
+import DeleteModal from '../../../../components/DeleteModal';
+import { NotificationsStart } from 'opensearch-dashboards/public';
+
+export interface ThreatIntelSource
+  extends RouteComponentProps<any, any, { source?: ThreatIntelSourceItem }> {
+  threatIntelService: ThreatIntelService;
+  notifications: NotificationsStart;
+}
+
+export const ThreatIntelSource: React.FC<ThreatIntelSource> = ({
+  location,
+  history,
+  threatIntelService,
+  notifications,
+}) => {
+  const coreContext = useContext(CoreServicesContext);
+  const [source, setSource] = useState<ThreatIntelSourceItem | undefined>(location.state?.source);
+  const sourceId =
+    source?.id ?? location.pathname.replace(`${ROUTES.THREAT_INTEL_SOURCE_DETAILS}/`, '');
+  const [showDeleteModal, setShowDeleteModal] = useState(false);
+  const [iocs, setIocs] = useState<ThreatIntelIocData[]>([]);
+  const [loadingIoCs, setLoadingIoCs] = useState(true);
+  const getSource = async (sourceId: string) => {
+    const res = await threatIntelService.getThreatIntelSource(sourceId);
+
+    if (res?.ok) {
+      setSource(res.response);
+    }
+  };
+
+  useEffect(() => {
+    if (!source && sourceId) {
+      getSource(sourceId);
+    }
+  }, []);
+
+  const getIocs = async () => {
+    if (sourceId) {
+      setLoadingIoCs(true);
+      const iocsRes = await threatIntelService.getThreatIntelIocs({});
+
+      if (iocsRes.ok) {
+        setIocs(iocsRes.response.iocs);
+      }
+      setLoadingIoCs(false);
+    }
+  };
+
+  useEffect(() => {
+    const baseCrumbs = [BREADCRUMBS.SECURITY_ANALYTICS, BREADCRUMBS.THREAT_INTEL_OVERVIEW];
+
+    coreContext?.chrome.setBreadcrumbs(
+      !source
+        ? baseCrumbs
+        : [...baseCrumbs, BREADCRUMBS.THREAT_INTEL_SOURCE_DETAILS(source.name, sourceId)]
+    );
+
+    getIocs();
+  }, [source]);
+
+  if (!source) {
+    return <EuiLoadingContent />;
+  }
+
+  const onSourceUpdate = () => {
+    getSource(sourceId);
+  };
+
+  const tabs: EuiTabbedContentTab[] = [
+    {
+      id: 'iocs',
+      name: <span>Indicators of Compromise</span>,
+      content: <IoCsTable sourceId={source?.id} iocs={iocs} loadingIoCs={loadingIoCs} />,
+    },
+    {
+      id: 'source-details',
+      name: <span>Source details</span>,
+      content: (
+        <ThreatIntelSourceDetails
+          sourceItem={source}
+          threatIntelService={threatIntelService}
+          onSourceUpdate={onSourceUpdate}
+        />
+      ),
+    },
+  ];
+
+  const onDeleteButtonClick = () => {
+    setShowDeleteModal(true);
+  };
+
+  const onDeleteConfirmed = async () => {
+    const res = await threatIntelService.deleteThreatIntelSource(sourceId);
+
+    if (res.ok) {
+      history.push({
+        pathname: ROUTES.THREAT_INTEL_OVERVIEW,
+      });
+    }
+  };
+
+  const onRefresh = async () => {
+    const res = await threatIntelService.refreshThreatIntelSource(sourceId);
+    if (!res.ok) {
+      errorNotificationToast(notifications, 'refresh', 'source', res.error);
+    } else {
+      getIocs();
+    }
+  };
+
+  const { name, description, type, ioc_types, last_update_time, enabled } = source;
+  const schedule = type === 'S3_CUSTOM' ? source.schedule : undefined;
+
+  return (
+    <>
+      <EuiFlexGroup alignItems="flexStart">
+        <EuiFlexItem>
+          <EuiTitle>
+            <h2>{name}</h2>
+          </EuiTitle>
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <EuiFlexGroup alignItems="center">
+            {type === 'S3_CUSTOM' && (
+              <EuiFlexItem grow={false}>
+                <EuiButton fill onClick={onRefresh}>
+                  Refresh
+                </EuiButton>
+              </EuiFlexItem>
+            )}
+            <EuiFlexItem grow={false}>
+              <EuiButton color="danger" onClick={onDeleteButtonClick}>
+                Delete
+              </EuiButton>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+      <EuiSpacer />
+      <EuiPanel>
+        <DescriptionGroup
+          listItems={[
+            {
+              title: 'Description',
+              description: description || DEFAULT_EMPTY_DATA,
+            },
+          ]}
+        />
+        <EuiSpacer size="xl" />
+        <DescriptionGroup
+          listItems={[
+            { title: 'Type', description: type },
+            {
+              title: 'Refresh schedule',
+              description: schedule
+                ? enabled
+                  ? parseSchedule({
+                      period: {
+                        interval: schedule.interval.period,
+                        unit: schedule.interval.unit.toUpperCase(),
+                      },
+                    })
+                  : 'Download on demand'
+                : 'File uploaded',
+            },
+            {
+              title: 'Last updated',
+              description: renderTime(last_update_time),
+            },
+            { title: 'Ioc types', description: ioc_types.map((ioc) => IocLabel[ioc]).join(', ') },
+          ]}
+        />
+      </EuiPanel>
+      <EuiSpacer />
+      <EuiTabbedContent tabs={tabs} initialSelectedTab={tabs[0]} />
+      {showDeleteModal && (
+        <DeleteModal
+          type="threat intel source"
+          closeDeleteModal={() => {
+            setShowDeleteModal(false);
+          }}
+          ids={source.name}
+          onClickDelete={onDeleteConfirmed}
+          confirmation
+        />
+      )}
+    </>
+  );
+};
diff --git a/public/pages/ThreatIntel/utils/constants.ts b/public/pages/ThreatIntel/utils/constants.ts
new file mode 100644
index 000000000..d45451cbb
--- /dev/null
+++ b/public/pages/ThreatIntel/utils/constants.ts
@@ -0,0 +1,127 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { ThreatIntelIocType } from '../../../../common/constants';
+import {
+  ThreatIntelIocData,
+  ThreatIntelLogSource,
+  ThreatIntelScanConfig,
+  ThreatIntelSourceItem,
+} from '../../../../types';
+import { getEmptyThreatIntelAlertTrigger } from './helpers';
+
+export enum ConfigureThreatIntelScanStep {
+  SelectLogSources = 'SelectLogSources',
+  SetupAlertTriggers = 'SetupAlertTriggers',
+}
+
+// TODO: Remove below Dummy data once APIs are integrated
+export const dummyIoCDetails: ThreatIntelIocData = {
+  id: 'indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f',
+  name: 'my-bad-ip',
+  type: ThreatIntelIocType.IPAddress,
+  value: '192.0.2.1',
+  severity: 'High',
+  created: 1718761171,
+  modified: 1718761171,
+  description: 'Random IP address',
+  labels: [],
+  feedId: 'random-feed-id',
+  specVersion: '',
+  version: 1,
+};
+
+export const dummySource: ThreatIntelSourceItem = {
+  id: 'hello-world',
+  name: 'AlienVault',
+  description: 'Short description for threat intel source',
+  enabled: false,
+  ioc_types: [ThreatIntelIocType.IPAddress, ThreatIntelIocType.Domain],
+  enabled_time: 1718924173068,
+  format: 'STIX2',
+  last_refreshed_time: 1718924173211,
+  schedule: {
+    interval: {
+      start_time: 1718924173055,
+      period: 1,
+      unit: 'DAYS',
+    },
+  },
+  source: {
+    s3: {
+      bucket_name: 'threat-intel-s3-test-bucket',
+      object_key: 'bd',
+      region: 'us-west-2',
+      role_arn: 'arn:aws:iam::540654354201:role/threat_intel_s3_test_role',
+    },
+  },
+  state: 'REFRESH_FAILED',
+  store_type: 'OS',
+  type: 'S3_CUSTOM',
+  version: 438,
+  created_by_user: null,
+  created_at: 1718924173068,
+  last_update_time: 1718993593158,
+  refresh_type: 'FULL',
+  last_refreshed_user: null,
+};
+
+export const dummyScanConfig: ThreatIntelScanConfig = {
+  id: '',
+  enabled: true,
+  name: '',
+  indices: ['windows'],
+  per_ioc_type_scan_input_list: [
+    {
+      ioc_type: ThreatIntelIocType.IPAddress,
+      index_to_fields_map: {
+        windows: ['DestinationIp'],
+      },
+    },
+  ],
+  schedule: {
+    period: {
+      interval: 1,
+      unit: 'DAYS',
+    },
+  },
+  triggers: [getEmptyThreatIntelAlertTrigger('Sample trigger')],
+};
+
+export const dummyLogSource: ThreatIntelLogSource = {
+  name: 'windows*',
+  iocConfigMap: {
+    [ThreatIntelIocType.IPAddress]: {
+      enabled: true,
+      fieldAliases: ['src_ip', 'dst.ip'],
+    },
+    [ThreatIntelIocType.Domain]: {
+      enabled: true,
+      fieldAliases: ['domain'],
+    },
+    [ThreatIntelIocType.FileHash]: {
+      enabled: false,
+      fieldAliases: ['hash'],
+    },
+  },
+};
+
+export const dummyLogSource2: ThreatIntelLogSource = {
+  name: 'cloudtrail*',
+  iocConfigMap: {
+    [ThreatIntelIocType.IPAddress]: {
+      enabled: true,
+      fieldAliases: ['src_ip', 'dst.ip'],
+    },
+    [ThreatIntelIocType.Domain]: {
+      enabled: true,
+      fieldAliases: ['domain'],
+    },
+    [ThreatIntelIocType.FileHash]: {
+      enabled: false,
+      fieldAliases: ['hash'],
+    },
+  },
+};
diff --git a/public/pages/ThreatIntel/utils/helpers.ts b/public/pages/ThreatIntel/utils/helpers.ts
new file mode 100644
index 000000000..1a84aac1a
--- /dev/null
+++ b/public/pages/ThreatIntel/utils/helpers.ts
@@ -0,0 +1,276 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { DEFAULT_EMPTY_DATA } from '../../../utils/constants';
+import {
+  ThreatIntelAlertTrigger,
+  ThreatIntelScanConfig,
+  ThreatIntelNextStepCardProps,
+  ThreatIntelScanConfigFormModel,
+  ThreatIntelLogSource,
+  ThreatIntelMonitorPayload,
+  IocFieldAliases,
+  S3ConnectionSource,
+  FileUploadSource,
+  ThreatIntelSourceItem,
+  ThreatIntelSourcePayloadBase,
+  ThreatIntelAlertTriggerAction,
+} from '../../../../types';
+import { AlertSeverity } from '../../Alerts/utils/constants';
+import { ALERT_SEVERITY_OPTIONS } from '../../CreateDetector/components/ConfigureAlerts/utils/constants';
+import _ from 'lodash';
+import { ThreatIntelIocType } from '../../../../common/constants';
+
+export function getEmptyScanConfigFormModel(triggerName: string): ThreatIntelScanConfigFormModel {
+  return {
+    enabled: true,
+    name: 'Threat intel monitor',
+    indices: [],
+    logSources: [],
+    schedule: {
+      period: {
+        interval: 1,
+        unit: 'MINUTES',
+      },
+    },
+    triggers: [getEmptyThreatIntelAlertTrigger(triggerName)],
+  };
+}
+
+export function getEmptyThreatIntelAlertTriggerAction(): ThreatIntelAlertTriggerAction {
+  return {
+    id: '',
+    name: '',
+    destination_id: '',
+    subject_template: {
+      source: '',
+      lang: 'mustache',
+    },
+    message_template: {
+      source: '',
+      lang: 'mustache',
+    },
+    throttle_enabled: false,
+    throttle: {
+      value: 10,
+      unit: 'MINUTES',
+    },
+  };
+}
+
+export function getEmptyThreatIntelAlertTrigger(triggerName: string): ThreatIntelAlertTrigger {
+  return {
+    name: triggerName,
+    data_sources: [],
+    ioc_types: [],
+    severity: AlertSeverity.ONE,
+    actions: [getEmptyThreatIntelAlertTriggerAction()],
+  };
+}
+
+export function getThreatIntelALertSeverityLabel(severity: AlertSeverity) {
+  return (
+    Object.values(ALERT_SEVERITY_OPTIONS).find((option) => option.value === severity)?.label ||
+    DEFAULT_EMPTY_DATA
+  );
+}
+
+export function getThreatIntelNextStepsProps(
+  logSourceAdded: boolean,
+  isScanSetup: boolean
+): ThreatIntelNextStepCardProps[] {
+  return [
+    {
+      id: 'add-source',
+      title: '1. Setup threat intel sources',
+      description: 'Add/activate threat intel source(s) to get started',
+      footerButtonProps: {
+        text: 'Add threat intel source',
+      },
+    },
+    {
+      id: 'configure-scan',
+      title: '2. Set up the scan for your log sources',
+      description: 'Select log sources for scan and get alerted on security threats',
+      footerButtonProps: {
+        text: isScanSetup ? 'Edit scan configuration' : 'Configure scan',
+        disabled: !logSourceAdded,
+      },
+    },
+  ];
+}
+
+export function getEmptyS3ConnectionSource(): S3ConnectionSource {
+  return {
+    s3: {
+      bucket_name: '',
+      object_key: '',
+      region: '',
+      role_arn: '',
+    },
+  };
+}
+
+export function getEmptyIocFileUploadSource(): FileUploadSource {
+  return {
+    ioc_upload: {
+      file_name: '',
+      iocs: [],
+    },
+  };
+}
+
+export function getEmptyThreatIntelSourcePayloadBase(): ThreatIntelSourcePayloadBase {
+  return {
+    name: '',
+    description: '',
+    format: 'STIX2',
+    store_type: 'OS',
+    enabled: true,
+    ioc_types: [],
+  };
+}
+
+export function deriveFormModelFromConfig(
+  scanConfig: ThreatIntelScanConfig
+): ThreatIntelScanConfigFormModel {
+  const logSourcesByName: { [name: string]: ThreatIntelLogSource } = {};
+  scanConfig.per_ioc_type_scan_input_list.forEach(({ ioc_type, index_to_fields_map }) => {
+    Object.entries(index_to_fields_map).forEach(([index, fieldAliases]) => {
+      if (!logSourcesByName[index]) {
+        logSourcesByName[index] = {
+          name: index,
+          iocConfigMap: {
+            [ioc_type]: {
+              fieldAliases,
+              enabled: true,
+            },
+          },
+        };
+      } else {
+        logSourcesByName[index].iocConfigMap[ioc_type] = {
+          fieldAliases,
+          enabled: true,
+        };
+      }
+    });
+  });
+
+  const configClone: any = _.cloneDeep(scanConfig);
+  delete configClone.per_ioc_type_scan_input_list;
+
+  configClone.triggers.forEach((trigger: ThreatIntelAlertTrigger) => {
+    if (trigger.actions.length === 0) {
+      trigger.actions.push(getEmptyThreatIntelAlertTriggerAction());
+    }
+  });
+
+  const formModel: ThreatIntelScanConfigFormModel = {
+    ...configClone,
+    logSources: Object.values(logSourcesByName),
+  };
+
+  return formModel;
+}
+
+export function configFormModelToMonitorPayload(
+  formModel: ThreatIntelScanConfigFormModel
+): ThreatIntelMonitorPayload {
+  const fieldAliasesByIocType: { [k in ThreatIntelIocType]?: IocFieldAliases } = {};
+
+  formModel.logSources.forEach((source) => {
+    Object.entries(source.iocConfigMap).forEach(([iocType, iocConfig]) => {
+      if (!iocConfig?.enabled) {
+        return;
+      }
+
+      if (!fieldAliasesByIocType[iocType as ThreatIntelIocType]) {
+        fieldAliasesByIocType[iocType as ThreatIntelIocType] = {
+          ioc_type: iocType as ThreatIntelIocType,
+          index_to_fields_map: {
+            [source.name]: iocConfig.fieldAliases,
+          },
+        };
+      } else {
+        fieldAliasesByIocType[iocType as ThreatIntelIocType]!.index_to_fields_map[source.name] =
+          iocConfig.fieldAliases;
+      }
+    });
+  });
+
+  const formModelClone: any = _.cloneDeep(formModel);
+  delete formModelClone['logSources'];
+
+  return {
+    ...formModelClone,
+    per_ioc_type_scan_input_list: Object.values(fieldAliasesByIocType),
+  };
+}
+
+export function readIocsFromFile(
+  file: File,
+  onRead: (
+    readResponse: { ok: true; sourceData: FileUploadSource } | { ok: false; errorMessage: string }
+  ) => void
+) {
+  if (file.size > 512000) {
+    return onRead({ ok: false, errorMessage: 'File size should be less then 500KB.' });
+  }
+
+  const reader = new FileReader();
+  reader.readAsText(file);
+  reader.onload = function () {
+    try {
+      const iocStrings =
+        reader.result
+          ?.toString()
+          .split('\n')
+          .filter((iocObj) => !!iocObj) || [];
+      const iocs = [];
+      for (let iocStr of iocStrings) {
+        try {
+          const ioc = JSON.parse(iocStr);
+          if (typeof ioc !== 'object') {
+            throw '';
+          }
+          iocs.push(ioc);
+        } catch (e: any) {
+          onRead({
+            ok: false,
+            errorMessage: 'Invalid IoC format found, must follow STIX spec.',
+          });
+        }
+      }
+      onRead({
+        ok: true,
+        sourceData: {
+          ioc_upload: {
+            file_name: file.name,
+            iocs,
+          },
+        },
+      });
+    } catch (e: any) {
+      onRead({ ok: false, errorMessage: e?.message || e?.toString?.() });
+    }
+  };
+  reader.onerror = function () {
+    onRead({ ok: false, errorMessage: 'Error reading file.' });
+  };
+}
+
+export function threatIntelSourceItemToBasePayload(
+  sourceItem: ThreatIntelSourceItem
+): ThreatIntelSourcePayloadBase {
+  const { name, description, enabled, ioc_types } = sourceItem;
+  return {
+    name,
+    description,
+    format: 'STIX2',
+    store_type: 'OS',
+    enabled,
+    ioc_types,
+  };
+}
diff --git a/public/security_analytics_app.tsx b/public/security_analytics_app.tsx
index 6bc6cd83b..8e123c96f 100644
--- a/public/security_analytics_app.tsx
+++ b/public/security_analytics_app.tsx
@@ -34,6 +34,9 @@ import MetricsService from './services/MetricsService';
 import { MetricsContext } from './metrics/MetricsContext';
 import { CHANNEL_TYPES } from './pages/CreateDetector/components/ConfigureAlerts/utils/constants';
 import { DataSourceManagementPluginSetup } from '../../../src/plugins/data_source_management/public';
+import { getPlugins, setIsNotificationPluginInstalled } from './utils/helpers';
+import { OS_NOTIFICATION_PLUGIN } from './utils/constants';
+import ThreatIntelService from './services/ThreatIntelService';
 
 export function renderApp(
   coreStart: CoreStart,
@@ -57,6 +60,7 @@ export function renderApp(
   const indexPatternsService = new IndexPatternsService(depsStart.data.indexPatterns);
   const logTypeService = new LogTypeService(http);
   const metricsService = new MetricsService(http);
+  const threatIntelService = new ThreatIntelService(http);
 
   const services: BrowserServices = {
     detectorsService,
@@ -72,6 +76,7 @@ export function renderApp(
     indexPatternsService,
     logTypeService,
     metricsService,
+    threatIntelService,
   };
 
   const metrics = new MetricsContext(metricsService);
@@ -107,6 +112,10 @@ export function renderApp(
         CHANNEL_TYPES.splice(0, CHANNEL_TYPES.length, ...response.response);
       }
     });
+
+    getPlugins(opensearchService).then((plugins): void => {
+      setIsNotificationPluginInstalled(plugins.includes(OS_NOTIFICATION_PLUGIN));
+    });
   });
 
   return () => ReactDOM.unmountComponentAtNode(params.element);
diff --git a/public/services/FindingsService.ts b/public/services/FindingsService.ts
index 93eb5dbec..d55f86821 100644
--- a/public/services/FindingsService.ts
+++ b/public/services/FindingsService.ts
@@ -6,7 +6,12 @@
 import { HttpSetup } from 'opensearch-dashboards/public';
 import { ServerResponse } from '../../server/models/types';
 import { API } from '../../server/utils/constants';
-import { GetFindingsParams, GetFindingsResponse } from '../../types';
+import {
+  GetFindingsParams,
+  GetFindingsResponse,
+  GetThreatIntelFindingsParams,
+  GetThreatIntelFindingsResponse,
+} from '../../types';
 import { dataSourceInfo } from './utils/constants';
 
 export default class FindingsService {
@@ -32,4 +37,17 @@ export default class FindingsService {
 
     return await this.httpClient.get(`..${API.GET_FINDINGS}`, { query });
   };
+
+  getThreatIntelFindings = async (
+    getFindingsParams: GetThreatIntelFindingsParams
+  ): Promise<ServerResponse<GetThreatIntelFindingsResponse>> => {
+    const query = {
+      sortOrder: 'desc',
+      size: 10000,
+      ...getFindingsParams,
+      dataSourceId: dataSourceInfo.activeDataSource.id,
+    };
+
+    return await this.httpClient.get(`..${API.THREAT_INTEL_BASE}/findings/_search`, { query });
+  };
 }
diff --git a/public/services/OpenSearchService.ts b/public/services/OpenSearchService.ts
index a3916d61f..cea1d039f 100644
--- a/public/services/OpenSearchService.ts
+++ b/public/services/OpenSearchService.ts
@@ -18,7 +18,7 @@ export default class OpenSearchService {
     private savedObjectsClient: SavedObjectsClientContract
   ) {}
 
-  getPlugins = async (): Promise<ServerResponse<Plugin[]>> => {
+  getPlugins = async (): Promise<ServerResponse<{ component: string }[]>> => {
     let url = `..${API.PLUGINS}`;
     return await this.httpClient.get(url, {
       query: {
diff --git a/public/services/ThreatIntelService.ts b/public/services/ThreatIntelService.ts
new file mode 100644
index 000000000..18782965c
--- /dev/null
+++ b/public/services/ThreatIntelService.ts
@@ -0,0 +1,149 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { HttpSetup } from 'opensearch-dashboards/public';
+import { ServerResponse } from '../../server/models/types';
+import {
+  AddThreatIntelSourcePayload,
+  GetIocsQueryParams,
+  ThreatIntelMonitorPayload,
+} from '../../types';
+import { dataSourceInfo } from './utils/constants';
+import { API } from '../../server/utils/constants';
+
+export default class ThreatIntelService {
+  constructor(private httpClient: HttpSetup) {}
+
+  addThreatIntelSource = async (
+    source: AddThreatIntelSourcePayload
+  ): Promise<ServerResponse<any>> => {
+    const url = `..${API.THREAT_INTEL_BASE}/sources`;
+    const response = (await this.httpClient.post(url, {
+      body: JSON.stringify(source),
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  updateThreatIntelSource = async (
+    id: string,
+    source: AddThreatIntelSourcePayload
+  ): Promise<ServerResponse<any>> => {
+    const url = `..${API.THREAT_INTEL_BASE}/sources/${id}`;
+    const response = (await this.httpClient.put(url, {
+      body: JSON.stringify(source),
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  searchThreatIntelSource = async (): Promise<ServerResponse<any>> => {
+    const url = `..${API.THREAT_INTEL_BASE}/sources/_search`;
+    const response = (await this.httpClient.post(url, {
+      body: JSON.stringify({ query: { match_all: {} } }),
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  getThreatIntelSource = async (sourceId: string): Promise<ServerResponse<any>> => {
+    const url = `..${API.THREAT_INTEL_BASE}/sources/${sourceId}`;
+    const response = (await this.httpClient.get(url, {
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  deleteThreatIntelSource = async (sourceId: string): Promise<ServerResponse<any>> => {
+    const url = `..${API.THREAT_INTEL_BASE}/sources/${sourceId}`;
+    const response = (await this.httpClient.delete(url, {
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  refreshThreatIntelSource = async (sourceId: string): Promise<ServerResponse<any>> => {
+    const url = `..${API.THREAT_INTEL_BASE}/sources/${sourceId}/_refresh`;
+    const response = (await this.httpClient.post(url, {
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  createThreatIntelMonitor = async (montiorPayload: ThreatIntelMonitorPayload) => {
+    const url = `..${API.THREAT_INTEL_BASE}/monitors`;
+    const response = (await this.httpClient.post(url, {
+      body: JSON.stringify(montiorPayload),
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  updateThreatIntelMonitor = async (id: string, montiorPayload: ThreatIntelMonitorPayload) => {
+    const url = `..${API.THREAT_INTEL_BASE}/monitors/${id}`;
+    const response = (await this.httpClient.put(url, {
+      body: JSON.stringify(montiorPayload),
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+
+  getThreatIntelScanConfig = async () => {
+    const url = `..${API.THREAT_INTEL_BASE}/monitors/_search`;
+    const response = (await this.httpClient.post(url, {
+      body: JSON.stringify({ query: { match_all: {} } }),
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+      },
+    })) as ServerResponse<any>;
+
+    if (response.ok) {
+      const { _source } = response.response.hits.hits[0];
+
+      return {
+        ok: response.ok,
+        response: { ..._source },
+      };
+    }
+
+    return response;
+  };
+
+  getThreatIntelIocs = async (getIocsQueryParams: GetIocsQueryParams) => {
+    const url = `..${API.THREAT_INTEL_BASE}/iocs`;
+    const response = (await this.httpClient.get(url, {
+      query: {
+        dataSourceId: dataSourceInfo.activeDataSource.id,
+        ...getIocsQueryParams,
+      },
+    })) as ServerResponse<any>;
+
+    return response;
+  };
+}
diff --git a/public/services/index.ts b/public/services/index.ts
index cd0e2db8e..08ff2ff3e 100644
--- a/public/services/index.ts
+++ b/public/services/index.ts
@@ -16,6 +16,7 @@ import IndexPatternsService from './IndexPatternsService';
 import SavedObjectService from './SavedObjectService';
 import CorrelationService from './CorrelationService';
 import LogTypeService from './LogTypeService';
+import ThreatIntelService from './ThreatIntelService';
 
 export {
   SaContextConsumer,
@@ -32,4 +33,5 @@ export {
   IndexPatternsService,
   SavedObjectService,
   LogTypeService,
+  ThreatIntelService,
 };
diff --git a/public/store/DataStore.ts b/public/store/DataStore.ts
index b8e2b741c..fb4e37e71 100644
--- a/public/store/DataStore.ts
+++ b/public/store/DataStore.ts
@@ -11,6 +11,7 @@ import { CorrelationsStore } from './CorrelationsStore';
 import { FindingsStore } from './FindingsStore';
 import { LogTypeStore } from './LogTypeStore';
 import { AlertsStore } from './AlertsStore';
+import { ThreatIntelStore } from './ThreatIntelStore';
 
 export class DataStore {
   public static rules: RulesStore;
@@ -19,6 +20,7 @@ export class DataStore {
   public static findings: FindingsStore;
   public static logTypes: LogTypeStore;
   public static alerts: AlertsStore;
+  public static threatIntel: ThreatIntelStore;
 
   public static init = (services: BrowserServices, notifications: NotificationsStart) => {
     const rulesStore = new RulesStore(services.ruleService, notifications);
@@ -47,5 +49,7 @@ export class DataStore {
     DataStore.logTypes = new LogTypeStore(services.logTypeService, notifications);
 
     DataStore.alerts = new AlertsStore(services.alertService, notifications);
+
+    DataStore.threatIntel = new ThreatIntelStore(services.findingsService);
   };
 }
diff --git a/public/store/ThreatIntelStore.ts b/public/store/ThreatIntelStore.ts
new file mode 100644
index 000000000..02f151791
--- /dev/null
+++ b/public/store/ThreatIntelStore.ts
@@ -0,0 +1,58 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Duration, ThreatIntelFinding } from '../../types';
+import { FindingsService } from '../services';
+
+export class ThreatIntelStore {
+  constructor(private findingsService: FindingsService) {}
+
+  public async getThreatIntelFindings(
+    signal: AbortSignal,
+    duration?: Duration,
+    onPartialFindingsFetched?: (findings: ThreatIntelFinding[]) => void
+  ) {
+    let start = 0;
+    const size = 10000;
+    let remaining = 10000;
+    let findings: ThreatIntelFinding[] = [];
+
+    do {
+      if (signal.aborted) {
+        return findings;
+      }
+
+      start = findings.length;
+      const res = await this.findingsService.getThreatIntelFindings({
+        startIndex: start,
+        size,
+        startTime: duration?.startTime,
+        endTime: duration?.endTime,
+      });
+
+      if (res.ok) {
+        if (res.response.total_findings > size) {
+          remaining = res.response.total_findings - size;
+        } else if (res.response.total_findings === size) {
+          remaining = size;
+        } else {
+          remaining = 0;
+        }
+
+        onPartialFindingsFetched?.(res.response.ioc_findings);
+
+        findings = findings.concat(res.response.ioc_findings);
+      } else {
+        return findings;
+      }
+
+      if (signal.aborted) {
+        return findings;
+      }
+    } while (remaining > 0);
+
+    return findings;
+  }
+}
diff --git a/public/utils/constants.ts b/public/utils/constants.ts
index c27ac5726..da121df68 100644
--- a/public/utils/constants.ts
+++ b/public/utils/constants.ts
@@ -49,6 +49,11 @@ export const ROUTES = Object.freeze({
   CORRELATION_RULE_EDIT: '/correlations/rule',
   LOG_TYPES: '/log-types',
   LOG_TYPES_CREATE: '/create-log-type',
+  THREAT_INTEL_OVERVIEW: '/threat-intel',
+  THREAT_INTEL_ADD_CUSTOM_SOURCE: '/add-threat-intel-source',
+  THREAT_INTEL_CREATE_SCAN_CONFIG: '/create-scan-config',
+  THREAT_INTEL_EDIT_SCAN_CONFIG: '/edit-scan-config',
+  THREAT_INTEL_SOURCE_DETAILS: '/threat-intel-source',
 
   get LANDING_PAGE(): string {
     return this.OVERVIEW;
@@ -87,6 +92,23 @@ export const BREADCRUMBS = Object.freeze({
   },
   LOG_TYPES: { text: 'Log types', href: `#${ROUTES.LOG_TYPES}` },
   LOG_TYPE_CREATE: { text: 'Create log type', href: `#${ROUTES.LOG_TYPES_CREATE}` },
+  THREAT_INTEL_OVERVIEW: { text: 'Threat intelligence', href: `#${ROUTES.THREAT_INTEL_OVERVIEW}` },
+  THREAT_INTEL_ADD_CUSTOM_SOURCE: {
+    text: 'Add threat intel source',
+    href: `#${ROUTES.THREAT_INTEL_ADD_CUSTOM_SOURCE}`,
+  },
+  THREAT_INTEL_SETUP_SCAN_CONFIG: {
+    text: 'Setup real-time scan',
+    href: `#${ROUTES.THREAT_INTEL_CREATE_SCAN_CONFIG}`,
+  },
+  THREAT_INTEL_EDIT_SCAN_CONFIG: {
+    text: 'Edit real-time scan',
+    href: `#${ROUTES.THREAT_INTEL_EDIT_SCAN_CONFIG}`,
+  },
+  THREAT_INTEL_SOURCE_DETAILS: (name: string, id: string) => ({
+    text: `${name}`,
+    href: `#${ROUTES.THREAT_INTEL_SOURCE_DETAILS}/${id}`,
+  }),
 });
 
 export enum SortDirection {
@@ -192,3 +214,9 @@ export const logTypeCategories: string[] = [];
 export const logTypesByCategories: { [category: string]: LogType[] } = {};
 
 export const defaultColorForVisualizations: string = euiPaletteColorBlind()[0];
+
+export const defaultIntervalUnitOptions = {
+  MINUTES: { value: 'MINUTES', text: 'Minutes' },
+  HOURS: { value: 'HOURS', text: 'Hours' },
+  DAYS: { value: 'DAYS', text: 'Days' },
+};
diff --git a/public/utils/helpers.tsx b/public/utils/helpers.tsx
index f8566dfd0..7c3f4d10c 100644
--- a/public/utils/helpers.tsx
+++ b/public/utils/helpers.tsx
@@ -30,14 +30,10 @@ import {
   RuleItem,
   RuleItemInfo,
 } from '../pages/CreateDetector/components/DefineDetector/components/DetectionRules/types/interfaces';
-import { compile, TopLevelSpec } from 'vega-lite';
-import { parse, View } from 'vega/build-es5/vega.js';
-import { expressionInterpreter as vegaExpressionInterpreter } from 'vega-interpreter/build/vega-interpreter';
 import { RuleInfo } from '../../server/models/interfaces';
 import { NotificationsStart } from 'opensearch-dashboards/public';
 import { IndexService, OpenSearchService } from '../services';
 import { ruleSeverity, ruleTypes } from '../pages/Rules/utils/constants';
-import { Handler } from 'vega-tooltip';
 import _ from 'lodash';
 import { AlertCondition, DateTimeFilter, Duration, LogType } from '../../types';
 import { DataStore } from '../store/DataStore';
@@ -181,9 +177,11 @@ export function getUpdatedEnabledRuleIds(
   return newEnabledIds;
 }
 
-export function renderVisualization(spec: TopLevelSpec, containerId: string) {
+export async function renderVisualization(spec: any, containerId: string) {
   let view;
 
+  const { compile } = await import('vega-lite');
+
   try {
     setDefaultColors(spec);
     renderVegaSpec(compile({ ...spec, width: 'container', height: 400 }).spec).catch((err: Error) =>
@@ -193,8 +191,9 @@ export function renderVisualization(spec: TopLevelSpec, containerId: string) {
     console.error(error);
   }
 
-  function renderVegaSpec(spec: {}) {
+  async function renderVegaSpec(spec: {}) {
     let chartColoredItems: any[] = [];
+    const { Handler } = await import('vega-tooltip');
     const handler = new Handler({
       formatTooltip: (value, sanitize) => {
         let tooltipData = { ...value };
@@ -237,7 +236,11 @@ export function renderVisualization(spec: TopLevelSpec, containerId: string) {
         `;
       },
     });
-    view = new View(parse(spec, null, { expr: vegaExpressionInterpreter }), {
+    const { expressionInterpreter: vegaExpressionInterpreter } = await import(
+      'vega-interpreter/build/vega-interpreter'
+    );
+    const { parse, View } = await import('vega');
+    view = new View(parse(spec, undefined, { expr: vegaExpressionInterpreter } as any), {
       renderer: 'canvas', // renderer (canvas or svg)
       container: `#${containerId}`, // parent DOM container
       hover: true, // enable hover processing
@@ -560,6 +563,36 @@ export function getDuration({ startTime, endTime }: DateTimeFilter): Duration {
 
   return {
     startTime: startMoment.valueOf(),
-    endTime: endMoment.valueOf()
+    endTime: endMoment.valueOf(),
+  };
+}
+
+let isNotificationPluginInstalled = false;
+export function setIsNotificationPluginInstalled(isInstalled: boolean) {
+  isNotificationPluginInstalled = isInstalled;
+}
+
+export function getIsNotificationPluginInstalled(): boolean {
+  return isNotificationPluginInstalled;
+}
+
+export async function getFieldsForIndex(indexService: IndexService, indexName: string) {
+  let fields: {
+    label: string;
+    value: string;
+  }[] = [];
+
+  if (indexName) {
+    const result = await indexService.getIndexFields(indexName);
+    if (result?.ok) {
+      fields = result.response?.map((field) => ({
+        label: field,
+        value: field,
+      }));
+    }
+
+    return fields;
   }
+
+  return fields;
 }
diff --git a/server/clusters/addFindingsMethods.ts b/server/clusters/addFindingsMethods.ts
index f930d56e2..f193b6d97 100644
--- a/server/clusters/addFindingsMethods.ts
+++ b/server/clusters/addFindingsMethods.ts
@@ -34,9 +34,43 @@ export function addFindingsMethods(securityAnalytics: any, createAction: any): v
         searchString: {
           type: 'string',
         },
+        findingIds: {
+          type: 'string',
+        },
+      },
+    },
+    needBody: false,
+    method: 'GET',
+  });
+
+  securityAnalytics[METHOD_NAMES.GET_THREAT_INTEL_FINDINGS] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/findings/_search`,
+      params: {
+        sortOrder: {
+          type: 'string',
+        },
+        size: {
+          type: 'number',
+        },
+        startIndex: {
+          type: 'number',
+        },
+        searchString: {
+          type: 'string',
+        },
         findingIds: {
           type: 'list',
         },
+        iocIds: {
+          type: 'string',
+        },
+        startTime: {
+          type: 'number',
+        },
+        endTime: {
+          type: 'number',
+        },
       },
     },
     needBody: false,
diff --git a/server/clusters/addThreatIntelMethods.ts b/server/clusters/addThreatIntelMethods.ts
new file mode 100644
index 000000000..14481d6f1
--- /dev/null
+++ b/server/clusters/addThreatIntelMethods.ts
@@ -0,0 +1,139 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { METHOD_NAMES, API } from '../utils/constants';
+
+export function addThreatIntelMethods(securityAnalytics: any, createAction: any): void {
+  securityAnalytics[METHOD_NAMES.ADD_THREAT_INTEL_SOURCE] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/sources`,
+    },
+    needBody: true,
+    method: 'POST',
+  });
+
+  securityAnalytics[METHOD_NAMES.UPDATE_THREAT_INTEL_SOURCE] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/sources/<%=sourceId%>`,
+      req: {
+        sourceId: {
+          type: 'string',
+          required: true,
+        },
+      },
+    },
+    needBody: true,
+    method: 'PUT',
+  });
+
+  securityAnalytics[METHOD_NAMES.SEARCH_THREAT_INTEL_SOURCES] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/sources/_search`,
+    },
+    needBody: true,
+    method: 'POST',
+  });
+
+  securityAnalytics[METHOD_NAMES.GET_THREAT_INTEL_SOURCE] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/sources/<%=sourceId%>`,
+      req: {
+        sourceId: {
+          type: 'string',
+          required: true,
+        },
+      },
+    },
+    needBody: false,
+    method: 'GET',
+  });
+
+  securityAnalytics[METHOD_NAMES.CREATE_THREAT_INTEL_MONITOR] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/monitors`,
+    },
+    needBody: true,
+    method: 'POST',
+  });
+
+  securityAnalytics[METHOD_NAMES.UPDATE_THREAT_INTEL_MONITOR] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/monitors/<%=monitorId%>`,
+      req: {
+        monitorId: {
+          type: 'string',
+          required: true,
+        },
+      },
+    },
+    needBody: true,
+    method: 'PUT',
+  });
+
+  securityAnalytics[METHOD_NAMES.SEARCH_THREAT_INTEL_MONITORS] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/monitors/_search`,
+    },
+    needBody: true,
+    method: 'POST',
+  });
+
+  securityAnalytics[METHOD_NAMES.GET_THREAT_INTEL_IOCS] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/iocs`,
+      // fmt: '/_plugins/_security_analytics/iocs/list',
+      params: {
+        startIndex: {
+          type: 'number',
+        },
+        size: {
+          type: 'number',
+        },
+        feed_id: {
+          type: 'string',
+        },
+        iocTypes: {
+          type: 'string',
+        },
+        search: {
+          type: 'string',
+        },
+        sortString: {
+          type: 'string',
+        },
+      },
+    },
+    needBody: false,
+    method: 'GET',
+  });
+
+  securityAnalytics[METHOD_NAMES.DELETE_THREAT_INTEL_SOURCE] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/sources/<%=sourceId%>`,
+      req: {
+        sourceId: {
+          type: 'string',
+          required: true,
+        },
+      },
+    },
+    needBody: false,
+    method: 'DELETE',
+  });
+
+  securityAnalytics[METHOD_NAMES.REFRESH_THREAT_INTEL_SOURCE] = createAction({
+    url: {
+      fmt: `${API.THREAT_INTEL_BASE}/sources/<%=sourceId%>/_refresh`,
+      req: {
+        sourceId: {
+          type: 'string',
+          required: true,
+        },
+      },
+    },
+    needBody: false,
+    method: 'POST',
+  });
+}
diff --git a/server/clusters/securityAnalyticsPlugin.ts b/server/clusters/securityAnalyticsPlugin.ts
index f400b18f4..796908e02 100644
--- a/server/clusters/securityAnalyticsPlugin.ts
+++ b/server/clusters/securityAnalyticsPlugin.ts
@@ -12,6 +12,7 @@ import { addRulesMethods } from './addRuleMethods';
 import { addNotificationsMethods } from './addNotificationsMethods';
 import { addCorrelationMethods } from './addCorrelationMethods';
 import { addLogTypeMethods } from './addLogTypeMethods';
+import { addThreatIntelMethods } from './addThreatIntelMethods';
 
 export function securityAnalyticsPlugin(Client: any, config: any, components: any) {
   const createAction = components.clientAction.factory;
@@ -27,4 +28,5 @@ export function securityAnalyticsPlugin(Client: any, config: any, components: an
   addRulesMethods(securityAnalytics, createAction);
   addNotificationsMethods(securityAnalytics, createAction);
   addLogTypeMethods(securityAnalytics, createAction);
+  addThreatIntelMethods(securityAnalytics, createAction);
 }
diff --git a/server/models/interfaces/index.ts b/server/models/interfaces/index.ts
index f108d5623..3cfc6c3b9 100644
--- a/server/models/interfaces/index.ts
+++ b/server/models/interfaces/index.ts
@@ -16,6 +16,7 @@ import AlertService from '../../services/AlertService';
 import { LogTypeService } from '../../services/LogTypeService';
 import MetricsService from '../../services/MetricsService';
 import RulesService from '../../services/RuleService';
+import ThreatIntelService from '../../services/ThreatIntelService';
 
 export interface SecurityAnalyticsApi {
   readonly DETECTORS_BASE: string;
@@ -41,6 +42,7 @@ export interface SecurityAnalyticsApi {
   readonly METRICS: string;
   readonly GET_CORRELATION_ALERTS: string;
   readonly ACK_CORRELATION_ALERTS: string;
+  readonly THREAT_INTEL_BASE: string;
 }
 
 export interface NodeServices {
@@ -55,6 +57,7 @@ export interface NodeServices {
   notificationsService: NotificationsService;
   logTypeService: LogTypeService;
   metricsService: MetricsService;
+  threatIntelService: ThreatIntelService;
 }
 
 export interface GetIndicesResponse {
@@ -109,6 +112,4 @@ export interface Plugin {
 export * from './Detectors';
 export * from './FieldMappings';
 export * from './Findings';
-export * from './Alerts';
 export * from './Rules';
-export * from './Notifications';
diff --git a/server/plugin.ts b/server/plugin.ts
index bc2e7a446..d8a157781 100644
--- a/server/plugin.ts
+++ b/server/plugin.ts
@@ -42,6 +42,8 @@ import MetricsService from './services/MetricsService';
 import { SecurityAnalyticsPluginConfigType } from '../config';
 import { DataSourcePluginSetup } from 'src/plugins/data_source/server';
 import { securityAnalyticsPlugin } from './clusters/securityAnalyticsPlugin';
+import ThreatIntelService from './services/ThreatIntelService';
+import { setupThreatIntelRoutes } from './routes/ThreatIntel';
 
 export interface SecurityAnalyticsPluginDependencies {
   dataSource?: DataSourcePluginSetup;
@@ -77,6 +79,7 @@ export class SecurityAnalyticsPlugin
       notificationsService: new NotificationsService(securityAnalyticsClient, dataSourceEnabled),
       logTypeService: new LogTypeService(securityAnalyticsClient, dataSourceEnabled),
       metricsService: new MetricsService(),
+      threatIntelService: new ThreatIntelService(securityAnalyticsClient, dataSourceEnabled),
     };
 
     // Create router
@@ -94,6 +97,7 @@ export class SecurityAnalyticsPlugin
     setupNotificationsRoutes(services, router);
     setupLogTypeRoutes(services, router);
     setupMetricsRoutes(services, router);
+    setupThreatIntelRoutes(services, router);
 
     // @ts-ignore
     const config$ = this.initializerContext.config.create();
diff --git a/server/routes/FindingsRoutes.ts b/server/routes/FindingsRoutes.ts
index d5ddf1f8f..49e02eda8 100644
--- a/server/routes/FindingsRoutes.ts
+++ b/server/routes/FindingsRoutes.ts
@@ -27,10 +27,29 @@ export function setupFindingsRoutes(services: NodeServices, router: IRouter) {
           searchString: schema.maybe(schema.string()),
           findingIds: schema.maybe(schema.string()),
           startTime: schema.maybe(schema.number()),
-          endTime: schema.maybe(schema.number())
+          endTime: schema.maybe(schema.number()),
         }),
       },
     },
     findingsService.getFindings
   );
+
+  router.get(
+    {
+      path: `${API.THREAT_INTEL_BASE}/findings/_search`,
+      validate: {
+        query: createQueryValidationSchema({
+          sortOrder: schema.maybe(schema.string()),
+          size: schema.maybe(schema.number()),
+          startIndex: schema.maybe(schema.number()),
+          searchString: schema.maybe(schema.string()),
+          findingIds: schema.maybe(schema.string()),
+          startTime: schema.maybe(schema.number()),
+          endTime: schema.maybe(schema.number()),
+          iocIds: schema.maybe(schema.string()),
+        }),
+      },
+    },
+    findingsService.getThreatIntelFindings
+  );
 }
diff --git a/server/routes/ThreatIntel.ts b/server/routes/ThreatIntel.ts
new file mode 100644
index 000000000..6c22ae780
--- /dev/null
+++ b/server/routes/ThreatIntel.ts
@@ -0,0 +1,140 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { IRouter } from 'src/core/server';
+import { NodeServices } from '../models/interfaces';
+import { API } from '../utils/constants';
+import { schema } from '@osd/config-schema';
+import { createQueryValidationSchema } from '../utils/helpers';
+
+export function setupThreatIntelRoutes({ threatIntelService }: NodeServices, router: IRouter) {
+  router.post(
+    {
+      path: `${API.THREAT_INTEL_BASE}/sources`,
+      validate: {
+        body: schema.any(),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.addThreatIntelSource
+  );
+
+  router.put(
+    {
+      path: `${API.THREAT_INTEL_BASE}/sources/{sourceId}`,
+      validate: {
+        params: schema.object({
+          sourceId: schema.string(),
+        }),
+        body: schema.any(),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.updateThreatIntelSource
+  );
+
+  router.post(
+    {
+      path: `${API.THREAT_INTEL_BASE}/sources/_search`,
+      validate: {
+        body: schema.any(),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.searchThreatIntelSources
+  );
+
+  router.get(
+    {
+      path: `${API.THREAT_INTEL_BASE}/sources/{sourceId}`,
+      validate: {
+        params: schema.object({
+          sourceId: schema.string(),
+        }),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.getThreatIntelSource
+  );
+
+  router.post(
+    {
+      path: `${API.THREAT_INTEL_BASE}/monitors`,
+      validate: {
+        body: schema.any(),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.createThreatIntelMonitor
+  );
+
+  router.put(
+    {
+      path: `${API.THREAT_INTEL_BASE}/monitors/{monitorId}`,
+      validate: {
+        params: schema.object({
+          monitorId: schema.string(),
+        }),
+        body: schema.any(),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.updateThreatIntelMonitor
+  );
+
+  router.post(
+    {
+      path: `${API.THREAT_INTEL_BASE}/monitors/_search`,
+      validate: {
+        body: schema.any(),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.searchThreatIntelMonitors
+  );
+
+  router.get(
+    {
+      path: `${API.THREAT_INTEL_BASE}/iocs`,
+      validate: {
+        query: createQueryValidationSchema({
+          startIndex: schema.maybe(schema.number()),
+          size: schema.maybe(schema.number()),
+          feedIds: schema.maybe(schema.string()),
+          iocTypes: schema.maybe(schema.string()),
+          search: schema.maybe(schema.string()),
+          sortString: schema.maybe(schema.string()),
+        }),
+      },
+    },
+    threatIntelService.getThreatIntelIocs
+  );
+
+  router.delete(
+    {
+      path: `${API.THREAT_INTEL_BASE}/sources/{sourceId}`,
+      validate: {
+        params: schema.object({
+          sourceId: schema.string(),
+        }),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.deleteThreatIntelSource
+  );
+
+  router.post(
+    {
+      path: `${API.THREAT_INTEL_BASE}/sources/{sourceId}/_refresh`,
+      validate: {
+        params: schema.object({
+          sourceId: schema.string(),
+        }),
+        query: createQueryValidationSchema(),
+      },
+    },
+    threatIntelService.refreshThreatIntelSource
+  );
+}
diff --git a/server/services/FindingsService.ts b/server/services/FindingsService.ts
index dc6784f99..4349f6af4 100644
--- a/server/services/FindingsService.ts
+++ b/server/services/FindingsService.ts
@@ -11,8 +11,14 @@ import {
   RequestHandlerContext,
 } from 'opensearch-dashboards/server';
 import { ServerResponse } from '../models/types';
-import { CLIENT_DETECTOR_METHODS } from '../utils/constants';
-import { DataSourceRequestParams, GetFindingsParams, GetFindingsResponse } from '../../types';
+import { CLIENT_DETECTOR_METHODS, CLIENT_THREAT_INTEL_METHODS } from '../utils/constants';
+import {
+  DataSourceRequestParams,
+  GetFindingsParams,
+  GetFindingsResponse,
+  GetThreatIntelFindingsParams,
+  GetThreatIntelFindingsResponse,
+} from '../../types';
 import { MDSEnabledClientService } from './MDSEnabledClientService';
 
 export default class FindingsService extends MDSEnabledClientService {
@@ -67,4 +73,43 @@ export default class FindingsService extends MDSEnabledClientService {
       });
     }
   };
+
+  getThreatIntelFindings = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<
+      {},
+      GetThreatIntelFindingsParams & DataSourceRequestParams
+    >,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<
+    IOpenSearchDashboardsResponse<ServerResponse<GetThreatIntelFindingsResponse> | ResponseError>
+  > => {
+    try {
+      const params: GetThreatIntelFindingsParams & DataSourceRequestParams = { ...request.query };
+      const client = this.getClient(request, context);
+      // Delete the dataSourceId since this query param is not supported by the finding API
+      delete params['dataSourceId'];
+      const getFindingsResponse: GetThreatIntelFindingsResponse = await client(
+        CLIENT_THREAT_INTEL_METHODS.GET_THREAT_INTEL_FINDINGS,
+        params
+      );
+
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: getFindingsResponse,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - FindingsService - getThreatIntelFindings:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
 }
diff --git a/server/services/ThreatIntelService.ts b/server/services/ThreatIntelService.ts
new file mode 100644
index 000000000..f740e226c
--- /dev/null
+++ b/server/services/ThreatIntelService.ts
@@ -0,0 +1,342 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { ResponseError } from '@opensearch-project/opensearch/lib/errors';
+import {
+  RequestHandlerContext,
+  OpenSearchDashboardsRequest,
+  OpenSearchDashboardsResponseFactory,
+  IOpenSearchDashboardsResponse,
+} from 'src/core/server';
+import { ServerResponse } from '../models/types';
+import { CLIENT_THREAT_INTEL_METHODS } from '../utils/constants';
+import { MDSEnabledClientService } from './MDSEnabledClientService';
+import { ThreatIntelSourceGetHit, ThreatIntelSourceSearchHit } from '../../types';
+
+export default class ThreatIntelService extends MDSEnabledClientService {
+  addThreatIntelSource = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{}, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params: any = { body: request.body };
+      const client = this.getClient(request, context);
+      const { _id, source_config }: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.ADD_THREAT_INTEL_SOURCE,
+        params
+      );
+
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: { ...source_config, id: _id },
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - addThreatIntelSource:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  updateThreatIntelSource = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{ sourceId: string }, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params: any = { body: request.body, sourceId: request.params.sourceId };
+      const client = this.getClient(request, context);
+      const { _id, source_config }: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.UPDATE_THREAT_INTEL_SOURCE,
+        params
+      );
+
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: { ...source_config, id: _id },
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - updateThreatIntelSource:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  getThreatIntelSource = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{ sourceId: string }, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const { sourceId } = request.params;
+      const client = this.getClient(request, context);
+      const hit: ThreatIntelSourceGetHit = await client(
+        CLIENT_THREAT_INTEL_METHODS.GET_THREAT_INTEL_SOURCE,
+        {
+          sourceId,
+        }
+      );
+      const source = {
+        id: hit._id,
+        version: hit._version,
+        ...hit.source_config,
+      };
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: source,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - getThreatIntelSource:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  searchThreatIntelSources = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{}, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params = { body: request.body };
+      const client = this.getClient(request, context);
+      const searchSourcesResponse: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.SEARCH_THREAT_INTEL_SOURCES,
+        params
+      );
+      const sources = searchSourcesResponse.hits.hits.map((hit: ThreatIntelSourceSearchHit) => ({
+        id: hit._id,
+        ...hit._source.source_config,
+      }));
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: sources,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - searchThreatIntelSources:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  deleteThreatIntelSource = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{ sourceId: string }, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params = { sourceId: request.params.sourceId };
+      const client = this.getClient(request, context);
+      const deleteRes: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.DELETE_THREAT_INTEL_SOURCE,
+        params
+      );
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: deleteRes,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - deleteThreatIntelSource:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  refreshThreatIntelSource = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{ sourceId: string }, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params = { sourceId: request.params.sourceId };
+      const client = this.getClient(request, context);
+      const refreshRes: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.REFRESH_THREAT_INTEL_SOURCE,
+        params
+      );
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: refreshRes,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - refreshThreatIntelSource:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  getThreatIntelIocs = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{}, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params = { feed_id: request.query.feedIds };
+
+      const client = this.getClient(request, context);
+      const getIocsResponse: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.GET_THREAT_INTEL_IOCS,
+        params
+      );
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: getIocsResponse,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - getThreatIntelIocs:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  createThreatIntelMonitor = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{}, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params = { body: request.body };
+      const client = this.getClient(request, context);
+      const createMonitorRes: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.CREATE_THREAT_INTEL_MONITOR,
+        params
+      );
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: createMonitorRes,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - createThreatIntelMonitor:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  updateThreatIntelMonitor = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{ monitorId: string }, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params = { body: request.body, monitorId: request.params.monitorId };
+      const client = this.getClient(request, context);
+      const updateMonitorRes: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.UPDATE_THREAT_INTEL_MONITOR,
+        params
+      );
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: updateMonitorRes,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - updateThreatIntelMonitor:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+
+  searchThreatIntelMonitors = async (
+    context: RequestHandlerContext,
+    request: OpenSearchDashboardsRequest<{}, any>,
+    response: OpenSearchDashboardsResponseFactory
+  ): Promise<IOpenSearchDashboardsResponse<ServerResponse<any> | ResponseError>> => {
+    try {
+      const params = { body: request.body };
+      const client = this.getClient(request, context);
+      const searchMonitorsRes: any = await client(
+        CLIENT_THREAT_INTEL_METHODS.SEARCH_THREAT_INTEL_MONITORS,
+        params
+      );
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: true,
+          response: searchMonitorsRes,
+        },
+      });
+    } catch (error: any) {
+      console.error('Security Analytics - ThreatIntelService - searchThreatIntelMonitors:', error);
+      return response.custom({
+        statusCode: 200,
+        body: {
+          ok: false,
+          error: error.message,
+        },
+      });
+    }
+  };
+}
diff --git a/server/utils/constants.ts b/server/utils/constants.ts
index bca032d47..a66634765 100644
--- a/server/utils/constants.ts
+++ b/server/utils/constants.ts
@@ -38,6 +38,7 @@ export const API: SecurityAnalyticsApi = {
   METRICS: `/api/security_analytics/stats`,
   GET_CORRELATION_ALERTS: `${BASE_API_PATH}/correlationAlerts`,
   ACK_CORRELATION_ALERTS: `${BASE_API_PATH}/_acknowledge/correlationAlerts`,
+  THREAT_INTEL_BASE: `${BASE_API_PATH}/threat_intel`,
 };
 
 /**
@@ -93,6 +94,20 @@ export const METHOD_NAMES = {
   CREATE_LOGTYPE: 'createLogType',
   UPDATE_LOGTYPE: 'updateLogType',
   DELETE_LOGTYPE: 'deleteLogType',
+
+  // Threat intel methods
+  ADD_THREAT_INTEL_SOURCE: 'addThreatIntelSource',
+  UPDATE_THREAT_INTEL_SOURCE: 'updateThreatIntelSource',
+  SEARCH_THREAT_INTEL_SOURCES: 'searchThreatIntelSources',
+  GET_THREAT_INTEL_SOURCE: 'getThreatIntelSource',
+  DELETE_THREAT_INTEL_SOURCE: 'deleteThreatIntelSource',
+  REFRESH_THREAT_INTEL_SOURCE: 'refreshThreatIntelSource',
+  GET_THREAT_INTEL_IOCS: 'getThreatIntelIoCs',
+  CREATE_THREAT_INTEL_MONITOR: 'createThreatIntelMonitor',
+  UPDATE_THREAT_INTEL_MONITOR: 'updateThreatIntelMonitor',
+  SEARCH_THREAT_INTEL_MONITORS: 'searchThreatIntelMonitors',
+  GET_THREAT_INTEL_FINDINGS: 'getThreatIntelFindings',
+  GET_THREAT_INTEL_ALERTS: 'getThreatIntelAlerts',
 };
 
 /**
@@ -152,6 +167,21 @@ export const CLIENT_LOGTYPE_METHODS = {
   DELETE_LOGTYPE: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.DELETE_LOGTYPE}`,
 };
 
+export const CLIENT_THREAT_INTEL_METHODS = {
+  ADD_THREAT_INTEL_SOURCE: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.ADD_THREAT_INTEL_SOURCE}`,
+  UPDATE_THREAT_INTEL_SOURCE: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.UPDATE_THREAT_INTEL_SOURCE}`,
+  SEARCH_THREAT_INTEL_SOURCES: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.SEARCH_THREAT_INTEL_SOURCES}`,
+  GET_THREAT_INTEL_SOURCE: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_THREAT_INTEL_SOURCE}`,
+  DELETE_THREAT_INTEL_SOURCE: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.DELETE_THREAT_INTEL_SOURCE}`,
+  REFRESH_THREAT_INTEL_SOURCE: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.REFRESH_THREAT_INTEL_SOURCE}`,
+  GET_THREAT_INTEL_IOCS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_THREAT_INTEL_IOCS}`,
+  CREATE_THREAT_INTEL_MONITOR: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.CREATE_THREAT_INTEL_MONITOR}`,
+  UPDATE_THREAT_INTEL_MONITOR: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.UPDATE_THREAT_INTEL_MONITOR}`,
+  SEARCH_THREAT_INTEL_MONITORS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.SEARCH_THREAT_INTEL_MONITORS}`,
+  GET_THREAT_INTEL_FINDINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_THREAT_INTEL_FINDINGS}`,
+  GET_THREAT_INTEL_ALERTS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_THREAT_INTEL_ALERTS}`,
+};
+
 export const DEFAULT_METRICS_COUNTER: MetricsCounter = {
   CreateDetector: {
     [CreateDetectorSteps.started]: 0,
diff --git a/test/mocks/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.mock.ts b/test/mocks/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.mock.ts
index 18c936fa7..79b9702aa 100644
--- a/test/mocks/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.mock.ts
+++ b/test/mocks/CreateDetector/components/ConfigureAlerts/components/AlertCondition/AlertConditionPanel.mock.ts
@@ -4,13 +4,13 @@
  */
 
 import { AlertCondition } from '../../../../../../../models/interfaces';
-import { NotificationChannelTypeOptions } from '../../../../../../../public/pages/CreateDetector/components/ConfigureAlerts/models/interfaces';
 import { RuleOptions } from '../../../../../../../public/models/interfaces';
 import ruleOptionsMock from '../../../../../Rules/RuleOptions.mock';
 import alertConditionMock from './AlertCondition.mock';
 import notificationChannelTypeOptionsMock from '../../../../../services/notifications/NotificationChannelTypeOptions.mock';
 import detectorMock from '../../../../../Detectors/containers/Detectors/Detector.mock';
 import AlertConditionPanel from '../../../../../../../public/pages/CreateDetector/components/ConfigureAlerts/components/AlertCondition';
+import { NotificationChannelTypeOptions } from '../../../../../../../types';
 
 const alertCondition: AlertCondition = alertConditionMock;
 const notificationChannelTypeOptions: NotificationChannelTypeOptions = notificationChannelTypeOptionsMock;
diff --git a/test/mocks/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.mock.ts b/test/mocks/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.mock.ts
index 15fca33d6..2a5ba3bcf 100644
--- a/test/mocks/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.mock.ts
+++ b/test/mocks/Detectors/components/UpdateAlertConditions/UpdateAlertConditions.mock.ts
@@ -9,12 +9,12 @@ import notificationsStartMock from '../../../services/notifications/Notification
 import UpdateAlertConditions from '../../../../../public/pages/Detectors/components/UpdateAlertConditions/UpdateAlertConditions';
 import { ROUTES } from '../../../../../public/utils/constants';
 
-const { notificationsService, detectorService, openSearchService, ruleService } = services;
+const { notificationsService, detectorsService, opensearchService, ruleService } = services;
 
 export default ({
   detectorHit: detectorHitMock,
-  detectorService: detectorService,
-  opensearchService: openSearchService,
+  detectorService: detectorsService,
+  opensearchService: opensearchService,
   ruleService: ruleService,
   notificationsService: notificationsService,
   notifications: notificationsStartMock,
@@ -23,6 +23,5 @@ export default ({
     state: {
       detectorHit: detectorHitMock,
     },
-    pathname: '',
   },
 } as unknown) as typeof UpdateAlertConditions;
diff --git a/test/mocks/services/notifications/NotificationChannelOption.mock.ts b/test/mocks/services/notifications/NotificationChannelOption.mock.ts
index a8d7cf5f8..ee173b7bc 100644
--- a/test/mocks/services/notifications/NotificationChannelOption.mock.ts
+++ b/test/mocks/services/notifications/NotificationChannelOption.mock.ts
@@ -3,7 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { NotificationChannelOption } from '../../../../public/pages/CreateDetector/components/ConfigureAlerts/models/interfaces';
+import { NotificationChannelOption } from '../../../../types';
 
 export default {
   label: 'some_label',
diff --git a/test/mocks/services/notifications/NotificationChannelTypeOptions.mock.ts b/test/mocks/services/notifications/NotificationChannelTypeOptions.mock.ts
index c18979cf7..d43688c33 100644
--- a/test/mocks/services/notifications/NotificationChannelTypeOptions.mock.ts
+++ b/test/mocks/services/notifications/NotificationChannelTypeOptions.mock.ts
@@ -3,8 +3,8 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+import { NotificationChannelTypeOptions } from '../../../../types';
 import notificationChannelOptionMock from './NotificationChannelOption.mock';
-import { NotificationChannelTypeOptions } from '../../../../public/pages/CreateDetector/components/ConfigureAlerts/models/interfaces';
 
 export default {
   label: 'some_label',
diff --git a/types/Notification.ts b/types/Notification.ts
index d9f3ec9ab..9ed34406e 100644
--- a/types/Notification.ts
+++ b/types/Notification.ts
@@ -44,3 +44,15 @@ export interface GetFeaturesResponse {
   allowed_config_type_list: string[];
   plugin_features: { tooltip_support: boolean };
 }
+
+export interface NotificationChannelTypeOptions {
+  label: string;
+  options: NotificationChannelOption[];
+}
+
+export interface NotificationChannelOption {
+  label: string;
+  value: string;
+  type: string;
+  description: string;
+}
diff --git a/types/ThreatIntel.ts b/types/ThreatIntel.ts
new file mode 100644
index 000000000..22f1a937b
--- /dev/null
+++ b/types/ThreatIntel.ts
@@ -0,0 +1,253 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { ThreatIntelIocType } from '../common/constants';
+import { PeriodSchedule } from '../models/interfaces';
+import { AlertSeverity } from '../public/pages/Alerts/utils/constants';
+import { TriggerAction } from './Alert';
+
+export type ThreatIntelNextStepId = 'add-source' | 'configure-scan';
+
+export interface ThreatIntelNextStepCardProps {
+  id: ThreatIntelNextStepId;
+  title: string;
+  description: string;
+  footerButtonProps: {
+    text: string;
+    disabled?: boolean;
+  };
+}
+
+export enum FeedType {
+  LICENSED,
+  OPEN_SOURCED,
+  S3_CUSTOM,
+  INTERNAL,
+  DEFAULT_OPEN_SOURCED,
+  EXTERNAL_LICENSED,
+  GUARDDUTY,
+}
+
+export type ThreatIntelSourceItem = ThreatIntelSourceSearchHitSourceConfig & {
+  id: string;
+  version: number;
+};
+
+export interface S3ConnectionSource {
+  s3: {
+    bucket_name: string;
+    object_key: string;
+    region: string;
+    role_arn: string;
+  };
+}
+
+export interface FileUploadSource {
+  ioc_upload: {
+    file_name: string;
+    iocs: any[];
+  };
+}
+
+export interface ThreatIntelSourcePayloadBase {
+  name: string;
+  description?: string;
+  format: 'STIX2';
+  store_type: 'OS';
+  enabled: boolean;
+  ioc_types: ThreatIntelIocType[];
+}
+
+export interface ThreatIntelS3CustomSourcePayload extends ThreatIntelSourcePayloadBase {
+  type: 'S3_CUSTOM';
+  schedule: {
+    interval: {
+      start_time: number;
+      period: number;
+      unit: string;
+    };
+  };
+  source: S3ConnectionSource;
+}
+
+export interface ThreatIntelIocUploadSourcePayload extends ThreatIntelSourcePayloadBase {
+  type: 'IOC_UPLOAD';
+  source: FileUploadSource;
+}
+
+export type ThreatIntelSourcePayload =
+  | ThreatIntelS3CustomSourcePayload
+  | ThreatIntelIocUploadSourcePayload;
+
+export interface LogSourceIocConfig {
+  enabled: boolean;
+  fieldAliases: string[];
+}
+
+export type ThreatIntelIocConfigMap = {
+  [k in ThreatIntelIocType]?: LogSourceIocConfig;
+};
+
+export interface ThreatIntelLogSource {
+  name: string;
+  iocConfigMap: ThreatIntelIocConfigMap;
+}
+
+export type ThreatIntelAlertTriggerAction = TriggerAction;
+
+export interface ThreatIntelAlertTrigger {
+  name: string;
+  data_sources: string[];
+  ioc_types: string[];
+  severity: AlertSeverity;
+  actions: ThreatIntelAlertTriggerAction[];
+}
+
+export interface ThreatIntelScanConfig extends ThreatIntelMonitorPayload {
+  id: string;
+}
+
+export type ThreatIntelScanConfigFormModel = Omit<
+  ThreatIntelScanConfig,
+  'per_ioc_type_scan_input_list' | 'id'
+> & { logSources: ThreatIntelLogSource[] };
+
+export interface ThreatIntelIocData {
+  id: string;
+  name: string;
+  type: ThreatIntelIocType;
+  value: string;
+  severity: string;
+  created: number;
+  modified: number;
+  description: string;
+  labels: string[];
+  feedId: string;
+  specVersion: string;
+  version: number;
+  num_findings: number;
+}
+
+export type AddThreatIntelSourcePayload = ThreatIntelSourcePayload;
+export type UpdateThreatIntelSourcePayload = ThreatIntelSourcePayload;
+
+export type ThreatIntelSourceState = string;
+export type ThreatIntelSourceRefreshType = string;
+
+export type ThreatIntelSourceSearchHitSourceConfig = ThreatIntelSourcePayload & {
+  created_by_user: string | null;
+  created_at: string | number;
+  enabled_time: string | number;
+  last_update_time: string | number;
+  state: ThreatIntelSourceState;
+  refresh_type: ThreatIntelSourceRefreshType;
+  last_refreshed_time: string | number;
+  last_refreshed_user: string | null;
+};
+
+export interface ThreatIntelSourceSearchHit {
+  _index: string;
+  _id: string;
+  _version: number;
+  _seq_no: number;
+  _primary_term: number;
+  _score: number;
+  _source: {
+    source_config: ThreatIntelSourceSearchHitSourceConfig;
+  };
+}
+
+export interface ThreatIntelSourceGetHit {
+  _id: string;
+  _version: number;
+  source_config: ThreatIntelSourceSearchHitSourceConfig;
+}
+
+export interface IocFieldAliases {
+  ioc_type: ThreatIntelIocType;
+  index_to_fields_map: {
+    [index: string]: string[];
+  };
+}
+
+export interface ThreatIntelMonitorPayload {
+  name: string;
+  per_ioc_type_scan_input_list: IocFieldAliases[];
+  schedule: PeriodSchedule;
+  indices: string[];
+  enabled: boolean;
+  triggers: ThreatIntelAlertTrigger[];
+}
+
+export interface GetIocsQueryParams {
+  startIndex?: number;
+  size?: number;
+  feedIds?: string;
+  iocTypes?: string;
+  search?: string;
+  sortString?: string;
+}
+
+export interface GetThreatIntelFindingsParams {
+  sortString?: string;
+  sortOrder?: string;
+  missing?: string;
+  size?: number;
+  searchString?: string;
+  startIndex?: number;
+  findingIds?: string;
+  iocIds?: string;
+  startTime?: number;
+  endTime?: number;
+}
+
+export interface ThreatIntelFindingHit {
+  _id: string;
+  _source: {
+    id: string;
+    related_doc_ids: string[];
+    ioc_feed_ids: {
+      ioc_id: string;
+      feed_id: string;
+      index: string;
+    }[];
+    monitor_id: string;
+    monitor_name: string;
+    ioc_value: any;
+    ioc_type: ThreatIntelIocType;
+    timestamp: number;
+    execution_id: string;
+  };
+}
+
+export type ThreatIntelFinding = ThreatIntelFindingHit['_source'];
+
+export type ThreatIntelFindingsGroupByType = 'indicatorType';
+
+export interface GetThreatIntelFindingsResponse {
+  total_findings: number;
+  ioc_findings: ThreatIntelFinding[];
+}
+
+export interface ThreatIntelAlert {
+  id: string;
+  version: number;
+  schemaVersion: number;
+  seqNo: number;
+  primaryTerm: number;
+  user: string;
+  triggerName: string;
+  triggerId: string;
+  state: string;
+  startTime: number;
+  endTime: number;
+  acknowledgedTime: number;
+  lastUpdatedTime: number;
+  errorMessage: string;
+  severity: string;
+  iocValue: string;
+  iocType: ThreatIntelIocType;
+  findingIds: string[];
+}
diff --git a/types/index.ts b/types/index.ts
index 8b0b8c7e6..e73b9b69f 100644
--- a/types/index.ts
+++ b/types/index.ts
@@ -20,3 +20,4 @@ export * from './SecurityAnalyticsContext';
 export * from './DataSourceContext';
 export * from './DataSource';
 export * from './shared';
+export * from './ThreatIntel';