Incoming feed - CyberInt IOC Daily Feed#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Specifications

Transport types

CyberInt IOC Daily Feed

Content type

CyberInt IOC Feed

Ingested data

Ingests IOCs.

Processed data

  • Creates Indicator entities for each IOCs and observables for it.

Requirements#

  • CyberInt API URL.

  • CyberInt API key.

Configure the incoming feed#

  1. Create or edit an incoming feed.

  2. (Important) Select the Skip extraction of observables from unstructured text option under General.

  3. Under Transport and content, fill out these fields:

    Note

    Required fields are marked with an asterisk (*).

    Field

    Description

    Transport type*

    Select CyberInt IOC Daily Feed from the drop-down menu.

    Content type*

    Select CyberInt IOC Feed from the drop-down menu.

    API URL*

    Set this to the CyberInt REST API endpoint.

    By default, it is not set.

    API key*

    Set this to your CyberInt API key.

    Specify detected activity and IOC type*

    Check this if you want to do a specific search with detected activity and IOC type.

    By default, the extension ingests all the IOC’s. Once you select this option please select the Detected Activity and IOC Type field.

    Detected activity

    Select which detected activity to download and ingest.

    By default, all are considered

    IOC Type

    Select which IOC type to download and ingest.

    SSL verification

    Selected by default. Select this option to enable SSL for this feed.

    Path to SSL certificate file.

    Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.

  4. Store your changes by selecting Save.