Incoming feed - Intelfinder Alert

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

	Specifications
Transport types	Intelfinder Alert
Content type	Intelfinder JSON
Ingested data	Ingests Incident and its associated data
Processed data	Alerts are ingested as Incidents on the platform and related observables are ingested with it.

Requirements

• Intelfinder API URL .

• Intelfinder Client ID & Secret.

Configure the incoming feed

1. Create or edit an incoming feed.

2. Under Transport and content, fill out these fields:

   Note

   Required fields are marked with an asterisk (*).

   Field	Description
   Transport type*	Select Intelfinder Alert from the drop-down menu.
   Content type*	Select Intelfinder JSON from the drop-down menu.
   API URL*	Set this to the Intelfinder REST API endpoint. By default, this is set to https://dash.cyber-ats.com/api.php.
   Client ID*	Set this to your Intelfinder Client ID.
   Client secret*	Set this to your Intelfinder Client secret.
   SSL verification	Selected by default. Select this option to enable SSL for this feed.
   Path to SSL certificate file.	Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.
   Start ingesting from*	Ingest Incident data from the feed source starting from this date and time. Use the drop-down calendar to select the date and time you want to start ingesting feed data from.

3. Store your changes by selecting Save.