Defines how events must be checked against feeds.
Path
Feeds
Attributes
This element has the following attributes:
Feeds element attributes
Attribute |
Description |
|---|---|
|
This attribute specifies how many times a field from an event can be matched against feeds. For example, a certain URL can match many feed records, so there will be many detection events. The This attribute is optional. If it is omitted, the number of generated events is not limited. |
|
This attribute specifies the update period (in minutes) for the feeds. You can use one of the following values: The value This attribute is optional. If it is omitted, the value |
Nested elements
This element is a container for the following nested element:
Every Feed element describes a feed.
A configuration file must contain at least one Feed element.
Example
The following is an example of this element.
<Feeds per_scan_detect_limit="10000" update_frequency="30"> <Feed filename="Demo_Botnet_CnC_URL_Data_Feed.json" enabled="true" confidence="100"> ... </Feed> <Feed filename="Demo_Malicious_Hash_Data_Feed.json" enabled="true" confidence="100"> ... </Feed> <Feed filename="Demo_IP_Reputation_Data_Feed.json" enabled="true" confidence="100"> ... </Feed> </Feeds> |