-
Go to Threat Intelligence > Feed Management.
The Feed Management screen appears.
-
Click Add.
The Add Intelligence Feed screen appears.
- Enable the intelligence feed.
- Type a name for this intelligence feed.
-
Select the server version for this intelligence
feed.
Note:
The server version cannot be modified once the intelligence feed has been added.
- Type the discovery URL for this intelligence feed.
- (Optional) Select Use server certificate if the server uses it, and then click Select to locate the server certificate file.
- (Optional) Select Specify authentication credentials if the server requires it, and then type the user name and password used for authentication.
- (Optional) Select Server requires client authentication if the server requires it, and then click Select to locate the client certificate file.
- (Optional) Type the client certificate passphrase.
- Click Discover to find and then select an available collection.
- Select the frequency at which the intelligence feed is polled for information.
- Select how far in the past you want to begin polling information from.
-
Click Add.
The intelligence feed appears in the Feed Management list. Polled information that contains IP addresses, domains, URLs, SHA-1 hash values, and SHA-256 hash values will be added to the User-Defined Suspicious Objects list. Registered appliances receive the updated User-Defined Suspicious Objects list during the next synchronization.
Note:-
When using TAXII 1.x, only Indicators whose Confidence is not Medium, Low, None, or Unknown will be added to the User-Defined Suspicious Objects list.
-
When using TAXII 2.0, only "indicator" type objects that are not labeled as "anomalous-activity", "anonymization", "benign", or "compromised", and that are not revoked will be added to the User-Defined Suspicious Objects list.
-
When using TAXII 2.0, there are certain specifications to ensure server compatibility. For more information visit the following site:
http://docs.oasis-open.org/cti/taxii/v2.0/cs01/taxii-v2.0-cs01.html
-
Views: