Incoming feed - NSFocus Provider
This procedure describes how to configure incoming feeds for a particular feed data source, transport type, or content type.
For more information about configuring common options shared across all incoming feeds, see Configure incoming feeds general options.
|
Specifications |
Transport type |
NSFocus Provider |
Content type |
NSFocus JSON |
Ingested data |
Retrieves data from the NSFocus Threat Intelligence event library. |
Processed data |
Reports with subsets of related indicators and observables. |
Description |
Retrieve and process reports about compromised IP addresses, domains, URLs, and emails, with a focus on threat actors and groups. |
Requirements
Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials.
Configure the incoming feed
Create or edit an incoming feed.
From the Transport type drop-down menu, select NSFocus Provider.
From the Content type drop-down menu, select NSFocus JSON.
The NSFocus Provider transport type supports only the NSFocus JSON content type.
The intel provider for the feed is NSFocus.The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default value: https://nti.nsfocusglobal.com.In the API key field, enter the API key to access the intelligence provider API and to consume the available services through their API endpoints.
Click the Start ingesting from field, and use the drop-down calendar to select an initial date and, where available, an initial time to fetch content from the intelligence provider/data source starting from a specific date in the past.
The SSL verification checkbox is automatically selected.
In the Path to SSL certificate field, enter the path to your PEM file.
To store your changes, click Save; to discard them, click Cancel.