In addition to ingesting cyber intel through a feed or extension, you can also upload it into the Intelligence Center manually. To manually upload files to the Intelligence Center, follow the steps below.
All the files in an archive must have the same type.
The following archive types are supported: rar, tar, tar.bz2, tar.gz, tar.z, zip
The maximum file size you can manually upload is 100 MB.
You can modify this value in the /etc/eclecticiq/platform_settings.py .
For more information, see Check package size limits.
To manually upload files or archives to the Intelligence Center :
In the left navigation bar, go to Search > GO TO SEARCH AND BROWSE > Files.
Select Upload + in the top left.
To include files/archives for uploading, either click the icon in the pop-up to browse your network for files/archives, or drag and drop files to the pop-up.
To delete a file from the upload list, click the to the right of its name.
Select a type for each file you're uploading (e.g. Eclecticiq JSON, PDF, STIX 1.2, etc.). You can also upload ZIP archives containing multiple files in a single file type.
In the Source field, select the Intelligence Center user group associated with the data that you are going to upload.
Select the options that apply:
Override source reliability: enables you to specify your own evaluation of the trustworthiness of the data source
Skip extraction of observables from unstructured text : if you select this option, the Intelligence Center will filter out observable data contained in unstructured text fields (such as titles and analysis) but keep data structured in in CybOX fields. It will also filter out observables that have relationships but lack link names.
Password protected archive : if you select this option, you will be prompted for a single password for all the archives in the upload list.
Add information source details: enables you to provide additional details for the source that you selected.
Override TLP: enables you to override any TLP values—including missing ones—with your own value.