There are two types of threat feeds in Cloud SIEM:

  • threat feed is a predefined threat feed. It is included by default and cannot be edited. threat feeds have a feed tag.

  • Private threat feed is a feed that you can add to the Cloud SIEM. You can add, edit or delete a private feed. Private feeds have a Private feed tag.

View threat intelligence feeds

To access the threat intelligence feeds table:

  1. Sign in to

  2. Go to SIEM > Threats overview > Threat intelligence feeds.


Here you can search for a feed using a search bar at the top of the list.


Create a private feed

To create a private feed:

  1. Select + Add private feed.


    • Give the feed a name.

    • Select the feed type from the IOC type menu. This is the data that the feed will contain.


    • Select whether the feed will be a straight list of use STIX.

    • Select the confidence level for the feed.

    • If required, add a description to the feed.

    • Add the connection URL.

    • Add the connection method.

    • If required, add the connection header.

  2. Select Save.