Incoming feed - Silobreaker#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Specifications

Transport type

Silobreaker API

Content type

Silobreaker document JSON

Ingested data

This extension retrieves and ingests documents from your Silobreaker Online account that match the query you provide here.

Processed data

Documents from your Silobreaker Online account are ingested as Collective Threat Intelligence reports on the platform.

Description

Silobreaker is a threat intelligence platform that gathers documents from a variety of open sources, and allows you to query this data to organize this into intelligence you can use.

This extension allows you to query the Silobreaker API and ingest the result as reports on the EclecticIQ Platform.

Requirements#

  • Silobreaker Online account

  • Silobreaker API key and Shared key

Execution schedule recommendation#

The Execution schedule field allows you to set the feed to run automatically at specified intervals. Running the feed too frequently can strain resources and exhaust API rate limits. Follow your feed provider’s recommendations when setting the Execution schedule.

The Execution schedule field is set to None by default.

Silobreaker recommends that you:

  • Manually run the incoming feed. Set the Execution schedule to None.

  • Or automatically run the incoming feed a maximum of once every 30 minutes:

    1. Set the Execution schedule to: Every [n] minutes

    2. Then, select 30 from the drop-down menu that appears below so that the line reads:

      “Every 30 minutes”

Configure the incoming feed#

  1. Create or edit an incoming feed.

  2. Under Transport and content, fill out these fields:

    Note

    Required fields are marked with an asterisk (*).

    Field

    Description

    Transport type*

    Select Silobreaker API from the drop-down menu.

    Content type*

    Select Silobreaker document JSON from the drop-down menu.

    API URL*

    Set this to the Silobreaker API endpoint.

    By default, this is set to https://api.silobreaker.com/search/documents

    API key*

    Set this to your Silobreaker API key.

    Shared key*

    Set this to your Silobreaker Shared key.

    SSL verification

    Selected by default. Select this option to enable SSL for this feed.

    Path to SSL certificate file.

    Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.

    Query*

    Enter a query to retrieve documents from your Silobreaker Online account.

    For more information on the Silobreaker query syntax, see the official Silobreaker search documentation.

    Start ingesting from*

    Ingest data from the feed source starting from this date and time. Use the drop-down calendar to select the date and time you want to start ingesting feed data from.

  3. Under Schedule, set an Execution schedule according to Execution schedule recommendation.

  4. Store your changes by selecting Save.