Incoming feed - NSFocus Feed Packet#

	Specifications
Transport type	NSFocus Feed Packet
Content type	NSFocus Feed Packet JSON
Ingested data	ZIP file archive with data from the NSFocus feed.
Processed data	Indicator entities with related Observables.
Description	Retrieves intelligence about domains, IoCs, IPs, samples (i.e. hashes or emails), and URLs and processes these as Observables related to Indicator entities.

Requirements#

An API key with access to the NSFocus feed.
Sign up and subscribe to the service to obtain this API key.

Configure the incoming feed#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Create or edit an incoming feed.
From the Transport type drop-down menu, select NSFocus Feed Packet.
From the Content type drop-down menu, select NSFocus Feed Packet JSON.
The NSFocus Feed Packet transport type supports only the NSFocus Feed Packet JSON content type.
The intel provider for the feed is NSFocus.
The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default domain: https://nti.nsfocusglobal.com.
In the API key field, enter your API key with access to the NSFocus feed.
Select the Start ingesting from field, and use the drop-down calendar to select an initial date and, where available, an initial time to fetch content from the intelligence provider/data source starting from a specific date in the past.
The SSL verification checkbox is automatically selected.
In the Path to SSL certificate field, enter the path to your PEM file.
To store your changes, select Save.

First time run

The first time the feed is ran, it downloads and ingests the complete contents of the feed. This may take about two or three days.

Subsequent runs only retrieve intelligence that was added or changed since the last run. These update runs won’t take as long as the initial run.