Incoming feed - BFK API#

Caution

This incoming feed is End of Life as of 5th April 2022.

It will continue to be available for download, and is eligible for support until End of Support Life (EOSL) on 5th October 2022. EOSL products receive critical fixes and security updates, but no further improvements.

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Specifications

Transport types

BFK API

Content type

BFK Threat Intelligence JSON

Ingested data

Reports and NIDs (Network Intrusion Detections).

Endpoint(s)

N/A

Processed data

Ingested reports are saved as report entities in the platform, whereas ingested NIDs produce indicators with linked TTPs.

Description

Retrieve and process reports on cyber threats and activities, as well as information on NIDs (Network Intrusion Detections).

Configure the incoming feed#

  1. Create or edit an incoming feed.

  2. From the Transport type drop-down menu, select BFK API.

  3. From the Content type drop-down menu, select BFK Threat Intelligence JSON.

  4. In the Username field, enter a valid user name to authenticate and be granted the necessary authorization to access the data source and to download/ingest data.

  5. In the Password field, enter a valid password to authenticate and be granted the necessary authorization to access the data source and to download/ingest data.

    Contact the intelligence provider to subscribe to the service and to obtain the required authentication and authorization credentials.

  6. Click the Start ingesting from field, and use the drop-down calendar to select an initial date and, where available, an initial time to fetch content from the intelligence provider/data source starting from a specific date in the past.

    By default, the max. amount of days in the past per each query/request is set to 60 days.

  7. To store your changes, click Save; to discard them, click Cancel.

Test the feed#

  1. In the left navigation bar, click Data Configuration Data configuration icon> Incoming feeds.

  2. Click the feed that you just created, using the steps above.

  3. In the Overview view, click Download now.

  4. Click Ingested entities and check that entities have been ingested into the platform.

Or:

  1. In the left navigation bar, click Search icon > GO TO SEARCH AND BROWSE.

  2. Click the Entities tab.

  3. In the top-left corner, click Filter.

  4. From the Source drop-down menu, select the incoming feed you have just created, using the steps.

  5. You can also filter also by entity type: from the Entity drop-down menu, select the entity types you want to include in the filtered results.