Skip to main content

Preparing a Feed

You can enrich log threat detection by adding your own private feeds to those provided by Logz.io.

This page provides guidelines to help you prepare your private feeds of IOCs so Logz.io can pull them. For help configuring the sync, see Adding a private feed.

Supported IOC types

Supported IOC types include:

  • IPs
  • md5/sha1/sha256 hash signatures
  • Domains
  • URLs
  • User-Agent headers
  • Custom indicators (Custom indicators can be used to create lists of usernames, email addresses, or any other indicators, according to your own use case.)

General guidelines

  • IOC-specific

    Each feed should be a list of IOCs of a similar type. This is important to meet the validation requirements, as explained below.

  • Max number of entities

    Your feed can contain as many as 10K entities.

  • Format

    A feed of IOCs can have a variety of formats.

    For the default format, every IOC appears on a new line, without delimiters, separators, or additional notes or comments.

    Here's an example of what a feed of malicious IPs might look like when using the default format:

    1.1.1.1
    2.2.2.2
    3.3.3.3

    If your feed has another format, please contact our Support team and they will be happy to assist.

Validated format by IOC type

IOC typeFormat
IPvalid IP address
DNSvalid domain name (string)
URLvalid URL
MD532 characters
SHA140 characters
SHA25664 characters
USER-AGENTmax size 2 KB (string)
CUSTOMmax size 64 characters (string)

Allowlist IPs per region

If necessary, allowlist the relevant IPs in your firewalls. These depend on the region where your Logz.io account is hosted. For accounts hosted in the Azure regions West Europe (Netherlands) or West US 2 (Washington), contact our Customer Success team to discuss your requirements.

note

us-east-1 IP address has recently changed. Make sure you update your configuration accordingly to ensure uninterrupted access to Logz.io.

RegionAllowlisted IPCloud
us-east-13.218.102.38AWS
eu-central-152.28.84.118AWS
ca-central-13.97.162.114AWS
eu-west-218.168.65.253AWS
ap-southeast-23.104.195.194AWS
ap-northeast-154.238.45.227AWS
note

Azure Hosting is now deprecated; however, Azure Shipping and Azure Marketplace remain active and will continue to be supported.