Incoming feed - NSFocus Provider


This procedure describes how to configure incoming feeds for a particular feed data source, transport type, or content type.
For more information about configuring common options shared across all incoming feeds, see Configure incoming feeds general options.



Specifications

Transport type

NSFocus Provider

Content type

NSFocus JSON

Ingested data

Retrieves data from the NSFocus Threat Intelligence event library.

Processed data

Reports with subsets of related indicators and observables.

Description

Retrieve and process reports about compromised IP addresses, domains, URLs, and emails, with a focus on threat actors and groups.

Requirements

Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials.

Configure the incoming feed

  1. Create or edit an incoming feed.

  2. From the Transport type drop-down menu, select NSFocus Provider.

  3. From the Content type drop-down menu, select NSFocus JSON.
    The NSFocus Provider transport type supports only the NSFocus JSON content type.
    The intel provider for the feed is NSFocus.

  4. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://nti.nsfocusglobal.com.

  5. In the API key field, enter the API key to access the intelligence provider API and to consume the available services through their API endpoints.

  6. Click the Start ingesting from field, and use the drop-down calendar to select an initial date and, where available, an initial time to fetch content from the intelligence provider/data source starting from a specific date in the past.

  7. The SSL verification checkbox is automatically selected.

  8. In the Path to SSL certificate field, enter the path to your PEM file.

  9. To store your changes, click Save; to discard them, click Cancel.

See also