Incoming feed - Threat Recon

Requirements

Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials.

Configure the incoming feed

1. Create or edit an incoming feed.

2. From the Transport type drop-down menu, select Threat Recon JSON API

3. From the Content type drop-down menu, select Threat Recon.

4. The API URL field is automatically filled in with the default domain for the endpoint.
   You can add a proxy or set up ports according to your needs.
   Default value: https://api.threatrecon.co/api/v1/search/date.

5. In the API key field, enter your Threat Recon API key.
   Contact Threat Recon to receive an API key, and then enter it in the corresponding input field.

6. To store your changes, click Save; to discard them, click Cancel.

Test the feed

1. In the top navigation bar, click Data Configuration > Incoming feeds.

2. Click the feed that you just created, using the steps above.

3. In the Overview view, click Download now.

4. Click Ingested entities and check that entities have been ingested into the platform.

Or:

1. In the top navigation bar, click Intelligence > All intelligence > Browse.

2. Click the Entities tab.

3. In the top-left corner, click .

4. From the Source drop-down menu, select the incoming feed you have just created, using the steps.

5. You can also filter also by entity type: from the Entity drop-down menu, select the entity types you want to include in the filtered results.

See also

• Configure the general options

• Set a schedule

• About TLP overrides

• Set half-life values

• Start and stop incoming feeds

• Purge incoming feeds

• Delete incoming feeds

• List of incoming feeds