Manually upload files and archives to the Intelligence Center.

You can upload data files and compressed archives on the fly.
The Intelligence Center ingests and processes uploaded data, and it creates new entities after deduplicating and normalizing it.

Content types

You can upload files in the following formats:

Content type	Description
CAPEC XML	Categorized and enumerated attack patterns, attack mechanisms, strategies, tactics and techniques retrieved from the CAPEC catalog.
EclecticIQ JSON	JSON format representing entity data as JSON objects.
Email message	Plain text emails. Uploaded emails must be in the MIME formats: `text/plain` or `text/html`.
MISP JSON	For more information, see Incoming feed MISP.
PDF	Standard PDF format, preferably native (not scanned).
RSS HTML from Link	For more information, see Incoming feed - RSS version 2.0.
SpyCloud Breach Data JSON	For more information, see Incoming feed - SpyCloud Watchlist Ingest.
STIX 1.0	STIX data model v. 1.0.
STIX 1.1	STIX data model v. 1.1.
STIX 1.1.1	STIX data model v. 1.1.1.
STIX 1.2	STIX data model v. 1.2.
Text/Plain text value	Plain text format. This content type enables entering free text and literals, wildcards (where supported), as well as JSON paths to point to specific entity property fields, and regex patterns to filter data.