Cortex XSOAR: EclectiCIQ Intelligence Center integration#

Install integration#

This integration can be installed from the Cortex XSOAR marketplace: https://cortex.marketplace.pan.dev/marketplace/details/EclecticIQ/

Set up EclecticIQ Intelligence Center#

To start using this integration, you must:

  • Have a user account with these settings:

    • read extracts

    • read entities

  • Create an API token for this user. Use this token with the integration.

  • (Optional) Create a dedicated group to act as a source.

    • User must be a member of this group.

  • Set up an outgoing feed

Set up an outgoing feed#

Set up an outgoing feed to allow this integration to ingest and look up intelligence from your Intelligence Center instance.

  1. In the left navigation bar, click Data Configuration |icon-data-configuration| > Outgoing feeds > +.

  2. Set the following fields in your new outgoing feed:

    Field name

    Description

    Feed name*

    Enter a descriptive name for the outgoing feed.

    Example: Outgoing feed for

    Transport type*

    Set this to HTTP download

    Content type*

    Set this to EclecticIQ Observables CSV.

    Feed content

    • Datasets*: Select one or more datasets to include in this outgoing feed.

    • Update strategy*: Select an update strategy.

      This integration supports these update strategies:

      • REPLACE: Select this option to purge the app KV store before updating it each time the feed runs.

        Caution

        Not recommended for feeds with large datasets, or feeds with frequent execution schedules.

      • DIFF: Select this option to send incremental updates through the feed.

    Transport configuration

    Note

    Public feeds are not supported. Make sure Public is not selected

    Select one or more groups to make this feed available to.

    If you created a group earlier, add that here.

    Execution schedule

    Set to None by default.

    Tip

    For more information on configuring HTTP download outgoing feeds, see extensions_intersphinx:generic/http/outgoing-http-download

  3. Save and run the outgoing feed.

Usage#

Usage and reference documentation is on Cortex XSOAR documentation site.