Incoming feed - BFK
This incoming feed is End of Life as of 5th April 2022.
It will continue to be available for download, and is eligible for support until End of Support Life (EOSL) on 5th October 2022. EOSL products receive critical fixes and security updates, but no further improvements.
This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Configure incoming feeds general options.
|
Specifications |
Transport types |
BFK API |
Content type |
BFK Threat Intelligence JSON |
Ingested data |
Reports and NIDs (Network Intrusion Detections). |
Endpoint(s) |
N/A |
Processed data |
Ingested reports are saved as report entities in the platform, whereas ingested NIDs produce indicators with linked TTPs. |
Description |
Retrieve and process reports on cyber threats and activities, as well as information on NIDs (Network Intrusion Detections). |
Configure the incoming feed
Create or edit an incoming feed.
From the Transport type drop-down menu, select BFK API.
From the Content type drop-down menu, select BFK Threat Intelligence JSON.
In the Username field, enter a valid user name to authenticate and be granted the necessary authorization to access the data source and to download/ingest data.
In the Password field, enter a valid password to authenticate and be granted the necessary authorization to access the data source and to download/ingest data.
Contact the intelligence provider to subscribe to the service and to obtain the required authentication and authorization credentials.
Click the Start ingesting from field, and use the drop-down calendar to select an initial date and, where available, an initial time to fetch content from the intelligence provider/data source starting from a specific date in the past.
By default, the max. amount of days in the past per each query/request is set to 60 days.
To store your changes, click Save; to discard them, click Cancel.
Test the feed
In the left navigation bar, click Data Configuration > Incoming feeds.
Click the feed that you just created, using the steps above.
In the Overview view, click Download now.
Click Ingested entities and check that entities have been ingested into the platform.
Or:
In the left navigation bar, click > GO TO SEARCH AND BROWSE.
Click the Entities tab.
In the top-left corner, click .
From the Source drop-down menu, select the incoming feed you have just created, using the steps.
You can also filter also by entity type: from the Entity drop-down menu, select the entity types you want to include in the filtered results.