There are two types of threat feeds in Cloud SIEM:
-
Logz.io threat feed is a predefined threat feed. It is included by default and cannot be edited. Logz.io threat feeds have a Logz.io feed tag.
-
Private threat feed is a feed that you can add to the Cloud SIEM. You can add, edit or delete a private feed. Private feeds have a Private feed tag.
View threat intelligence feeds
To access the threat intelligence feeds table:
-
Sign in to Logz.io.
-
Go to SIEM > Threats overview > Threat intelligence feeds.
Here you can search for a feed using a search bar at the top of the list.
Create a private feed
To create a private feed:
-
Select + Add private feed.
-
Give the feed a name.
-
Select the feed type from the IOC type menu. This is the data that the feed will contain.
-
Select whether the feed will be a straight list of use STIX.
-
Select the confidence level for the feed.
-
If required, add a description to the feed.
-
Add the connection URL.
-
Add the connection method.
-
If required, add the connection header.
-
-
Select Save.