One of the key features of Maltiverse is the ability to create customized Threat Intelligence feeds. These feeds can be tailored to include Indicators of Compromise (IoCs) specific to an organization’s needs, whether they’re drawn from the user’s private database or the extensive public Maltiverse dataset. This documentation guides you through the process of creating a Threat Intelligence feed within the Maltiverse platform.
Step 1: Access IoC Search #
- Navigate to IoC Search: Begin by locating the navigation menu on the left-hand side of the Maltiverse interface. Click on “Search IoC” to access the search engine. This is where you can input queries to find IoCs that match specific conditions or criteria.
Step 2: Select Instance #
- Choose the Instance: Once in the IoC search engine, you’ll find an instance selector. Use this to switch between “private” and “public” instances depending on the source of IoCs you wish to include in your feed:
- Private: Select this option to create a Threat Intelligence feed with IoCs that belong to the user and were previously uploaded. These are contained in your dedicated, private database.
- Public: Choose this option to create a feed that includes IoCs from the Maltiverse database.
Step 3: Create Threat Intelligence Feed #
- Write your query with the conditions you require. Take into account that all the IoCs that no longer match the query will be removed from the feed in real time. The same applies for new IoCs uploaded that are matching the query conditions, they will be included in the feed in real time.
- Save the Query as a Threat Intelligence Feed
- Click on the plus (+) button. A menu will appear.
- Select the “Threat Intel Feed” button to start the feed creation process.
- Complete the Form:
- Name: Assign a name to your Threat Intelligence feed. Choose a name that is descriptive and easily identifiable.
- Description: Provide a detailed description of your feed. This should include information about the type of IoCs it contains, its purpose, and any other relevant details that will help users understand its scope and use.
- After filling out the form, click “Save.”
Step 4: Access Your Threat Intelligence Feed #
- View and Download: After saving, you will be redirected to the newly created Threat Intelligence feed view. Here, you can review the contents of your feed, download it, or integrate it into your security infrastructure using any of the technologies available in the Maltiverse integration catalogue.
Integration and Usage #
The created Threat Intelligence feed can be seamlessly integrated into various security tools and platforms. Maltiverse’s integration catalogue offers compatibility with a wide range of technologies, enabling you to leverage your custom feed across your cybersecurity ecosystem for enhanced threat detection, analysis, and response. Now this feed is also available in your feed catalogue:
Conclusion #
Creating a customized Threat Intelligence feed in Maltiverse is a straightforward process that significantly enhances your ability to monitor and respond to cyber threats. By selecting relevant IoCs from either your private database or the Maltiverse public dataset, you can tailor feeds to meet your organization’s specific security requirements. This customization, combined with Maltiverse’s integration capabilities, empowers security teams to optimize their threat intelligence operations effectively.