Custom feed subscription to threat intelligence
We have a subscription to a Threat Intelligence service and they offer an API service to download their IOC feeds.
Is there a way to create a recurring feed subscription to their API within Security Analytics.
The output received from a query is in JSON format.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
I'd like to bump this thread as we are looking at more and more json formatted feeds both from api calls to SA's web interface we'd like to turn back into feeds or other $vendor threat intel feeds published in json. So far I have only seen the customization in live's custom feed interface take csv formatting. Any plans to expand this or can we import json feeds another way?
I'd also like to see enhancements in this area. Custom / 3rd party feed integration is all the rage these days and RSA SA could stand to have more integration options, such as with STIX TAXII support. One other feature request is to have a recurring custom feed be accessible from a file share as opposed to requiring a URL. ~Thanks
I agree that Security Analytics should be able to D/L a csv or json IOCS from a third-party web site.
In the meantime, you can use a Python script to download the IOCs, save as .csv, and have SA update daily from an internal web server.