Adding an Intelligence Feed

  1. Go to Threat Intelligence > Feed Management.

    The Feed Management screen appears.

  2. Click Add.

    The Add Intelligence Feed screen appears.

  3. Enable the intelligence feed.
  4. Type a name for this intelligence feed.
  5. Type the discovery URL for this intelligence feed.
  6. (Optional) Select Use server certificate if the server uses it, and then click Select to locate the server certificate file.
    Note:

    The key of the certificate must be at least 1024 bit.

  7. (Optional) Select Specify authentication credentials if the server requires it, and then type the user name and password used for authentication.
  8. (Optional) Select Server requires client authentication if the server requires it, and then click Select to locate the client certificate file.
    Note:

    The key of the certificate must be at least 1024 bit.

  9. (Optional) Type the client certificate passphrase.
  10. Click Discover to find and then select an available collection.
  11. Select the frequency at which the intelligence feed is polled for information.
  12. Select how far in the past you want to begin polling information from.
  13. Click Add.

    The intelligence feed appears in the Feed Management list. Polled information that contains IP addresses, domains, URLs and SHA-1 hash values will be added to the User-Defined Suspicious Objects list. Registered appliances receive the updated User-Defined Suspicious Objects list during the next synchronization.