Incoming feed - MalwareBazaar

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

	Specifications
Transport type	Malware Bazaar Recent Additions Incoming Feed
Content type	Malware Bazaar JSON
Ingested data	Retrieves Indicators with Observables
Processed data	Indicator with related Observables.
Description	Retrieve and process information on indicators

Configure the Incoming feed

1. Create an Incoming feed.

2. From the Transport type drop-down menu, select Malware Bazaar Recent Additions Incoming Feed.

3. From the Content type drop-down menu, select Malware Bazaar JSON.

4. The API URL field is automatically filled in with the default domain for the endpoint: 'https://mb-api.abuse.ch/api/v1/.
   You can add a proxy or set up ports according to your needs.
   

5. In the API key field, enter your Malware Bazaar API key.

6. From the Selector drop-down menu, select filter for anonymous tag: show all (True & False), only True, or only False.

7. From the Anonymous drop-down menu, select query type: fetch samples from the past hour or the most recent 100 uploads

8. Select the Start ingesting from field, use the drop-down calendar to select a start date, and set a start time. The feed will fetch content from the stream starting from the time you specified.

9. To store your changes, select Save.