Incoming feed - SFTP download#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Specifications

Transport type

SFTP download

Content type

  • Eclectic JSON

  • Email message

  • MISP JSON

  • PDF

  • SpyCloud Breach Data JSON

  • STIX 1.0

  • STIX 1.1

  • STIX 1.1.1

  • STIX 1.2

  • STIX 2.1

  • Text

Ingested data

Structured and unstructured data in JSON, PDF, STIX, and plain text format data found on the designated source location.

Processed data

The platform ingests retrieved data based on the configured content type for the feed.

Description

Securely transfer data from selected SFTP servers.

Configure the incoming feed#

  1. Create or edit an incoming feed.

  2. From the Transport type drop-down menu, select SFTP download.

  3. From the Content type drop-down menu, select the content type for the data you want to ingest.
    The content type should match the data source format. This can vary, depending on the intel sources you retrieve the data from.

  4. In the SFTP URL field, enter the location on the SFTP server where the data source for the feed is made available (incoming feeds) or where the feed content is being published to (outgoingfeeds).
    It needs to adhere to the following format: sftp://\({sftp\_server}:\){port}/${path_to_target_directory}
    Example: sftp://sftp.server.com:22/source-data/for-the-feed.

  5. In the Username field, enter a valid user name to authenticate and be granted the necessary authorization to access the data source and to download/ingest data.

  6. In the Password field, enter a valid password to authenticate and be granted the necessary authorization to access the data source and to download/ingest data.

  7. Select the Use SSH key checkbox to enable logging in through SSH to apply this security layer to the incoming feed.

  8. In the SSH private key field, paste the private SSH key you want to use to access the data source of the SFTP download incoming feed.
    Example:

    -----BEGIN RSA PRIVATE KEY-----
    MIIEpQIBAAKCAQEA3Tz2mr7SZiAMfQyuvBjM9Oi..Z1BjP5CE/Wm/Rr500P
    RK+Lh9x5eJPo5CAZ3/ANBE0sTK0ZsDGMak2m1g7..3VHqIxFTz0Ta1d+NAj
    wnLe4nOb7/eEJbDPkk05ShhBrJGBKKxb8n104o/..PdzbFMIyNjJzBM2o5y
    5A13wiLitEO7nco2WfyYkQzaxCw0AwzlkVHiIyC..71pSzkv6sv+4IDMbT/
    XpCo8L6wTarzrywnQsh+etLD6FtTjYbbrvZ8RQM..Hg2qxraAV++HNBYmNW
    kbJ+q+rsJxQlaipn2M4lGuQJEfIxELFDyd3XpxP..Un/82NZNXlPmRIopXs
    2T91jiLZEUKQw+n73j26adTbteuEaPGSrTZxBLR..yssO0wWomUyILqVeti
    +PK+aXKwguI6bxLGZ3of0UH+mGsSl0mkp7kYZCm..OTQtfeRqP8rDSC7DgA
    kHc5ajYqh04AzNFaxjRo+M3IGICUaOdKnXd0Fda..QwfoaX4QlRTgLqb7AN
    ZTzM9WbmnYoXrx17kZlT3lsCgYEAm757XI3WJVj..WoLj1+v48WyoxZpcai
    uv9bT4Cj+lXRS+gdKHK+SH7J3x2CRHVS+WH/SVC..DxuybvebDoT0TkKiCj
    BWQaGzCaJqZa+POHK0klvS+9ln0/6k539p95tfX..X4TCzbVG6+gJiX0ysz
    Yfehn5MCgYEAkMiKuWHCsVyCab3RUf6XA9gd3qY..fCTIGtS1tR5PgFIV+G
    engiVoWc/hkj8SBHZz1n1xLN7KDf8ySU06MDggB..hJ+gXJKy+gf3mF5Kmj
    DtkpjGHQzPF6vOe907y5NQLvVFGXUq/FIJZxB8k..fJdHEm2M4=
    -----END RSA PRIVATE KEY-----
    
  9. In the SSH key password field, enter the password to unlock the SSH key, if your SSH key is password-protected.
    If your SSH key is not password-protected, you can leave this field empty.

  10. Select the Host authentication mode checkbox to automatically add and save the new host name and the new host key to the local Paramiko HostKeys dictionary.

  11. To store your changes, click Save; to discard them, click Cancel.