Anomali ThreatStream Feed and Sample Management. This pack is designed to fetch, manage, and query threat intelligence feeds and associated samples from Anomali ThreatStream.
What does this pack do?
Indicator Ingestion: The Feed integration facilitates the retrieval of threat indicators directly from the Anomali ThreatStream.
Configurable Fetching Parameters: During setup, administrators can precisely define the criteria for indicator ingestion.
This includes
- Modification/Creation Time: Fetch indicators based on their last modification or initial creation timestamp.
- Source Reliability: Filter indicators by the reliability rating of the intelligence source.
- Traffic Light Protocol (TLP): Apply a specific TLP designation to all indicators retrieved from the integrated feed, ensuring appropriate handling and dissemination guidelines.
- Indicator Reputation: Assign a predetermined reputation level to indicators originating from this integration instance.
- Indicator Expiration Method: Specify the expiration method for fetched indicators, allowing for precise control over their lifecycle within your security environment.
What does this pack do?
Indicator Ingestion: The Feed integration facilitates the retrieval of threat indicators directly from the Anomali ThreatStream.
Configurable Fetching Parameters: During setup, administrators can precisely define the criteria for indicator ingestion.
This includes
- Modification/Creation Time: Fetch indicators based on their last modification or initial creation timestamp.
- Source Reliability: Filter indicators by the reliability rating of the intelligence source.
- Traffic Light Protocol (TLP): Apply a specific TLP designation to all indicators retrieved from the integrated feed, ensuring appropriate handling and dissemination guidelines.
- Indicator Reputation: Assign a predetermined reputation level to indicators originating from this integration instance.
- Indicator Expiration Method: Specify the expiration method for fetched indicators, allowing for precise control over their lifecycle within your security environment.
