You can enrich log threat detection by adding your own private feeds to those provided by Logz.io.
This page provides guidelines to help you prepare your private feeds of IOCs so they can be pulled by Logz.io. For help configuring the sync, see Adding a private feed.
Supported IOC types
Supported IOC types include:
- md5/sha1/sha256 hash signatures
- User-Agent headers
- Custom indicators (Custom indicators can be used to create lists of usernames, email addresses, or any other indicators, according to your own use case.)
Each feed should be a list of IOCs of a similar type. This is important to meet the validation requirements, as explained below.
Max number of entities
Your feed can contain as many as 10K entities.
A feed of IOCs can have a variety of formats.
For the default format, every IOC appears on a new line, without delimiters, separators, or additional notes or comments.
Here’s an example for what a feed of malicious IPs might look like when using the default format:
18.104.22.168 22.214.171.124 126.96.36.199
If your feed has another format, please contact our Support team and they will be happy to assist.
Validated format by IOC type
|IP||valid IP address|
|DNS||valid domain name (string)|
|USER-AGENT||max size 2 KB (string)|
|CUSTOM||max size 64 characters (string)|
Allowlist IPs per region
If necessary, allowlist the relevant IPs in your firewalls. These depend on the region where your Logz.io account is hosted. For accounts hosted in the Azure regions West Europe (Netherlands) or West US 2 (Washington), contact our Customer Success team to discuss your requirements.