Incoming feed - Cybercrime Tracker Domain Provider#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Specifications

Transport types

Cybercrime Tracker Domain Provider

Content types

Cybercrime Tracker XML

Ingested data

Cleaned and processed Cybercrime Tracker XML.

Processed data

Indicators with related TTPs and observables.

Endpoints

https://cybercrime-tracker.net/rss.xml (C2 domain)

Description

The Cybercrime Tracker feed provides a feed of hashes, IPs, and domains along with their associated malware variant.

Requirements#

The Cybercrime Tracker feed is compatible with EclecticIQ Platform release 2.3 and later.

Configure the incoming feed#

  1. Create or edit an incoming feed.

  2. From the Transport type drop-down menu, select Cybercrime Tracker Domain Provider.

  3. From the Content type drop-down menu, select Cybercrime Tracker XML.

  4. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://cybercrime-tracker.net/rss.xml.

  5. The SSL verification checkbox is automatically selected.

  6. In the Path to SSL certificate file field, you can enter the path to your PEM file.
    It is also possible to leave the field blank.

  7. To store your changes, click Save; to discard them, click Cancel.

Test the feed#

  1. In the top navigation bar, click Data Configuration > Incoming feeds.

  2. Click the feed that you just created, using the steps above.

  3. In the Overview view, click Download now.

  4. Click Ingested entities and check that entities have been ingested into the platform.

Or:

  1. In the top navigation bar, click Intelligence > All intelligence > Browse.

  2. Click the Entities tab.

  3. In the top-left corner, click Filter.

  4. From the Source drop-down menu, select the incoming feed you have just created, using the steps.

  5. You can also filter also by entity type: from the Entity drop-down menu, select the entity types you want to include in the filtered results.