Cortex XSOAR: EclectiCIQ Intelligence Center integration#
Install integration#
This integration can be installed from the Cortex XSOAR marketplace: https://cortex.marketplace.pan.dev/marketplace/details/EclecticIQ/
Set up EclecticIQ Intelligence Center#
To start using this integration, you must:
Have a user account with these settings:
read extracts
read entities
Create an API token for this user. Use this token with the integration.
(Optional) Create a dedicated group to act as a source.
User must be a member of this group.
Set up an outgoing feed#
Set up an outgoing feed to allow this integration to ingest and look up intelligence from your Intelligence Center instance.
In the left navigation bar, click Data Configuration |icon-data-configuration| > Outgoing feeds > +.
Set the following fields in your new outgoing feed:
Field name
Description
Feed name*
Enter a descriptive name for the outgoing feed.
Example: Outgoing feed for
Transport type*
Set this to HTTP download
Content type*
Set this to EclecticIQ Observables CSV.
Feed content
Datasets*: Select one or more datasets to include in this outgoing feed.
Update strategy*: Select an update strategy.
This integration supports these update strategies:
REPLACE: Select this option to purge the app KV store before updating it each time the feed runs.
Caution
Not recommended for feeds with large datasets, or feeds with frequent execution schedules.
DIFF: Select this option to send incremental updates through the feed.
Transport configuration
Note
Public feeds are not supported. Make sure Public is not selected
Select one or more groups to make this feed available to.
If you created a group earlier, add that here.
Execution schedule
Set to None by default.
Tip
For more information on configuring HTTP download outgoing feeds, see extensions_intersphinx:generic/http/outgoing-http-download
Save and run the outgoing feed.
Usage#
Usage and reference documentation is on Cortex XSOAR documentation site.