Incoming feed - Intel 471 Vulnerability Intelligence

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Configure incoming feeds general options.


Transport types

Intel 471 Vulnerability Intelligence

Content type

Intel vulnerability 471

Ingested data

Ingests CVE (Common Vulnerabilities and Exposures) reports from Intel 471.

Processed data

  • CVE reports from Intel 471 are ingested as Report entities of “Vulnerability Report” type and named using the convention: “Intel 471 Vulnerability Report - CVE-XXX-X-XXXX”.

  • Each Report has an Exploit Target entity attached to it, named after the CVE.

  • Associated observables are attached ot the Exploit Target entity.


  • Email address registered with Intel 471.

  • Intel 471 API key.

Execution schedule recommendation

The Execution schedule field allows you to set the feed to run automatically at specified intervals. Running the feed too frequently can strain resources and exhaust API rate limits. Follow your feed provider’s recommendations when setting the Execution schedule.

The Execution schedule field is set to None by default.

Intel 471 recommends that you:

  • Manually run the incoming feed. Set the Execution schedule to None.

  • Or automatically run the incoming feed a maximum of once every 30 minutes:

    1. Set the Execution schedule to: Every [n] minutes

    2. Then, select 30 from the drop-down menu that appears below so that the line reads:

      “Every 30 minutes”

Configure the incoming feed

  1. Create or edit an incoming feed.

  2. Under Transport and content, fill out these fields:

    Required fields are marked with an asterisk (*).



    Transport type*

    Select Intel 471 Vulnerability Intelligence from the drop-down menu.

    Content type*

    Select Intel vulnerability 471 from the drop-down menu.

    API URL*

    Set this to the Intel 471 REST API endpoint.

    By default, this is set to

    API key*

    Set this to your Intel 471 API key.


    Set this to the email address associated with your Intel 471 account.

    SSL verification

    Selected by default. Select this option to enable SSL for this feed.

    Path to SSL certificate file.

    Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.

    Start ingesting from*

    Ingest data from the feed source starting from this date and time. Use the drop-down calendar to select the date and time you want to start ingesting feed data from.

  3. Under Schedule, set an Execution schedule according to instructions in the Execution schedule recommendation section.

  4. Store your changes by selecting Save.