Manually upload files#

Manually upload files and archives to EclecticIQ Intelligence Center.

You can upload data files and compressed archives on the fly.

EclecticIQ Intelligence Center ingests and processes uploaded data, and it creates new entities after deduplicating and normalizing it.

Requirements#

  • All the files in an archive must have the same content type.

  • The following archive types are supported: rar, tar, tar.bz2, tar.gz, tar.z, zip

  • The maximum file size you can manually upload is 100 MB.

    You can modify this value in platform_settings.py.

Usage#

To manually upload files or archives to EclecticIQ Intelligence Center :

  1. In the left navigation bar:

    1. Select Search Search icon > GO TO SEARCH AND BROWSE > Files.

    2. Select + Upload in the top left.

    Or,

    1. In the left navigation bar, select + Create > Upload Upload

  2. Select upload icon Upload in the pop-up to browse your network for files/archives, or drag and drop files to the pop-up.

    Note

    To delete a file from the upload list, click the x to the right of its name.

  3. Select a content type for each file you’re uploading. You can also upload ZIP archives containing multiple files of a single content type.

  4. In the Source field, select EclecticIQ Intelligence Center user group associated with the data that you are going to upload.

  5. Select the options that apply:

    • Override source reliability: Set a source reliability for all incoming objects.

    • Skip extraction of observables from unstructured text: See Observables extracted from unstructured text.

    • Password protected archive: Allows you to provide one password for password protected archives.

      If you have multiple password protected archives, upload them separately using this option.

    • Add information source details:

      See Add information source details

    • Override TLP: Override TLP values for all incoming objects.

  6. Click Upload.

Content types#

You can upload files in the following formats:

Content type

Description

CAPEC XML

Categorized and enumerated attack patterns, attack mechanisms, strategies, tactics and techniques retrieved from the CAPEC catalog.

EclecticIQ JSON

JSON format representing entity data as JSON objects.

Email message

Plain text emails. Uploaded emails must be in the MIME formats: text/plain or text/html.

MISP JSON

For more information, see Incoming feed - MISP.

PDF

Standard PDF format, preferably native (not scanned).

SpyCloud Breach Data JSON

For more information, see Incoming feed - SpyCloud Watchlist Ingest.

STIX 1.0

STIX data model v. 1.0.

STIX 1.1

STIX data model v. 1.1.

STIX 1.1.1

STIX data model v. 1.1.1.

STIX 1.2

STIX data model v. 1.2.

Text/Plain text value

Plain text format.

This content type enables entering free text and literals, wildcards (where supported), as well as JSON paths to point to specific entity property fields, and regex patterns to filter data.

Add information source details#

Select this to override the Source field of all incoming objects.

When selected, configure these fields:

Field

Description

Description

Source description.

Identity

Name of source.

Roles

Select at least one of the following roles:

  • Initial Author

  • Content Enhancer/Refiner

  • Aggregator

  • Transformer/Translater

References

Set one or more URLs.