Manage Your Threat Feeds
There are two types of threat feeds in Cloud SIEM:
Logz.io threat feed is a predefined threat feed. It is included by default and cannot be edited. Logz.io threat feeds have a Logz.io feed tag.
Private threat feed is a feed that you can add to the Cloud SIEM. You can add, edit or delete a private feed. Private feeds have a Private feed tag.
View threat intelligence feeds
To access the threat intelligence feeds table:
Sign in to Logz.io.
Go to SIEM > Threats overview > Threat intelligence feeds.
Here you can search for a feed using a search bar at the top of the list.
Create a private feed
To create a private feed:
Select + Add private feed.
Give the feed a name.
Select the feed type from the IOC type menu. This is the data that the feed will contain.
Select whether the feed will be a straight list of use STIX.
Select the confidence level for the feed.
If required, add a description to the feed.
Add the connection URL.
Add the connection method.
If required, add the connection header.
- Select Save.