Creating an HTTP Feed

Last Updated: Oct 29, 2018 03:06PM EDT
Organization Administrator
A Source administered by the Organization

Overview

Organization Administrators can set up an ad hoc HTTP Feed (also known as a “screen scrape”) for sources of information in ThreatConnect®. This ability is particularly useful when a more in-depth feed integration with ThreatConnect does not exist. In order for this feature to work adequately, the source of information should be updated with some regularity. When the Feed Monitor finds Indicators at the designated URL, it will import the Indicators according to the configuration.

Steps

  1. Log in with an Owner account valid for the desired Source.
  2. On the top navigation bar (Figure 1), click POSTS to access the Posts screen (Figure 2).
  3. From the HOME drop-down menu, or from the Intelligence Sources menu on the left-hand side of the page, select a Source, and the Source Profile screen will appear (Figure 3).
  4. Click on the Source Config  icon, and the Source Config screen will appear with the Attribute Types tab selected (Figure 4).
  5. Click the Data tab, and the Data screen will appear (Figure 5).
  6. Click the + NEW button under HTTP Feeds, and the Create Source Feed window will appear (Figure 6).
    • Name: Click inside the box to enter a name for the Source Feed.
    • URL: Click inside the box to enter the URL to monitor for Indicators.
    • Exclude Indicators: Click inside the box to enter Indicators to be excluded from ingestion by the Source Feed, separated by commas. For instance, threatconnect.com may be present on a web page, but not desired for import.
    • Tags (comma separated): Click inside the box to enter Tags to associate with all Indicators imported by the Source Feed, separated by commas.
    • Description: Click in the box to enter a general description to be added to the Description Attribute on Indicators imported by the Source Feed.
    • Source: Click in the box to enter a Source description to be added to the Source Attribute on Indicators imported by the Source Feed.
    • Use this feed for Deletion: Check the checkbox to specify that the Source Feed should use its input to delete Indicators. Uncheck the checkbox to specify that the Source Feed should use its input to create Indicators.
    • Choose Import Options: Click on the dropdown menu and then click the checkboxes corresponding to the Indicators for which the Source Feed should search.
    • Default Threat Rating: Click on one of the skulls to select the default Threat Rating for Indicators imported by the Source Feed.
    • Default Confidence Rating: Slide the bar to select a default Confidence Rating for Indicators imported by the Source Feed.
    • Next Execution Time: Click in the box to set the next date and time that the Source Feed will run.
    • Collection Interval (hours): Click in the box to enter the interval, in hours, at which the feed should collect data, or use the plus and minus signs to adjust the given interval.
    • Beginning Buffer: Click in the box to enter the number of lines at the top of the web page at the URL to exclude from Indicator parsing, or use the plus and minus signs to adjust the given interval.
    • Ending Buffer: Click in the box to enter the number of lines at the bottom of the web page at the URL to exclude from Indicator parsing, or use the plus and minus signs to adjust the given interval.
  7. Click the SAVE button, and the new feed will appear in the HTTP Feeds section (Figure 7).

20072-01 EN Rev. B

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete