Incoming feed - Recorded Future Analyst Note Feed#
Note
This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.
Specifications |
|
---|---|
Transport types |
Recorded Future Analyst Note Feed |
Content type |
Recorded Future JSON |
Ingested data |
Ingests Analyst Note reports from Recorded Future. |
Endpoint(s) |
|
Processed data |
Produces Report entities, and associated Indicators, TTPs, and Observables. |
Requirements#
Email address registered with Recorded Future.
Recorded Future API key.
Configure the incoming feed#
Create or edit an incoming feed.
Under Transport and content, fill out these fields:
Note
Required fields are marked with an asterisk (*).
Field
Description
Transport type*
Select Recorded Future Analyst Note Feed from the drop-down menu.
Content type*
Select Recorded Future JSON from the drop-down menu.
API URL*
By default, this is set to
https://api.recordedfuture.com/v2/analystnote/search
.API key*
Set this to your Recorded Future API key.
SSL verification
Selected by default. Select this option to enable SSL for this feed.
Path to SSL certificate file.
Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.
For more information, see SSL certificates.
Start ingesting from*
Ingest data from the feed source starting from this date and time. Use the drop-down calendar to select the date and time you want to start ingesting feed data from.
Store your changes by selecting Save.
SSL certificates#
To use an SSL certificate, it must be:
Accessible on the EclecticIQ Intelligence Center host.
Placed in a location that can be accessed by the
eclecticiq
user.Owned by
eclecticiq:eclecticiq
.
To make sure that EclecticIQ Intelligence Center can access the SSL certificate:
Upload the SSL certificate to a location on the EclecticIQ Intelligence Center host.
On the EclecticIQ Intelligence Center host, open the terminal.
Change ownership of the SSL certificate by running as root in the terminal:
chown eclecticiq:eclecticiq /path/to/cert.pem
Where
/path/to/cert.pem
is the location of the SSL certificate EclecticIQ Intelligence Center needs to access.