About apps
The installation process includes only core extensions:
These core extensions must be already installed on the target system for the platform to correctly recognize and configure other extensions.
After completing installing the platform and the core extensions, you can proceed to manually install enrichers.
After installing the core extensions, there is no specific installation order for subsequent feed and enricher extensions.
By default, only feeds with generic transport types are preinstalled.
Proprietary feeds are not available right out of the box.
You can install them manually in no particular order.
To download feed packages, go to https://downloads.eclecticiq.com/Extensions/.
To install downloaded feed packages, follow the appropriate procedure for the OS your platform instance runs on: CentOS, RHEL, or Ubuntu.
By default, enrichers are not preinstalled.
You can install them manually in no particular order.
To download enricher packages, go to https://downloads.eclecticiq.com/Extensions/.
To install downloaded enricher packages, follow the appropriate procedure for the OS your platform instance runs on: CentOS, RHEL, or Ubuntu.
EclecticIQ Platform ships with a set of built-in extensions, such as feeds and enrichers.
They expand platform functionality by enabling interoperability with external systems, intelligence providers, and data sources.
You can download and install more extensions to add incoming and outgoing feed transport and content types, as well as enrichers.
This modular approach allows implementing as many, or as few, integrations as needed, based on your organization requirements and goals.
You can download extensions to add more feeds and enrichers to the platform from https://downloads.eclecticiq.com/Extensions/.
You can integrate the platform with upstream products that make intelligence available for ingestion and analysis, as well as with downstream products that can consume intelligence they receive from the platform.
The standard way to integrate a data source or a data provider with the platform is through incoming feeds and enrichers:
Incoming feeds enable ingesting intelligence that is processed and stored in the platform as entities and observables.
Enrichers enable ingesting intelligence that adds context information to existing entities and observables.
To use the platform as a data source to disseminate intelligence, you can create outgoing feeds.
You can also use a dedicated app to exchange observables and sightings between EclecticIQ Platform and a Splunk instance, as well as connect two platform instances to exchange intelligence information.
The lists below provide an overview of the available platform integrations, divided by type: feeds, enrichers, and other integrations such as platform-to-platform and apps.