Intelligence Center external integrations
Intelligence Center data can be consumed using several third party integrations.
The default feed is available as a MISP feed.
It can be added to an existing MISP instance by following MISP's documentation.
The following field values are required for the feed to work properly:
- Input Source: Network
- Source Format: MISP Feed
Authorization: Bearer <APIKEY>
You then need to make sure you have a scheduled task in place to regularly fetch the feed's content.
An OpenCTI connector is available to consumme a feed. All the instruction to run it are available at the connector GitHub repository: https://github.com/OpenCTI-Platform/connectors/tree/master/sekoia.
In a nutshell:
- Get the SEKOIA.IO API Key
- Install the Analyzer refering to this section of the TheHive documentation
- Connect into Cortex with
- Select your organization on the top right corner
- Move to
Analyser Configand search
- Provide simple configurations
- Enable the Analyzer you would like to use, by clicking on the right side
- If wanted, tailor made your Analyzer with additional details
SEKOIA.IO App for Splunk
An App for Splunk is available to detect threats in your logs based on our feed.
You can find the download links and additional information on the dedicated GitHub repository.