Feeds

Defines how events must be checked against feeds.

Path

Feeds

Attributes

This element has the following attributes:

Feeds element attributes

Attribute

Description

per_scan_detect_limit

This attribute specifies how many times a field from an event can be matched against feeds.

For example, a certain URL can match many feed records, so there will be many detection events. The per_scan_detect_limit attribute is used to limit the number of generated events.

This attribute is optional. If it is omitted, the number of generated events is not limited.

update_frequency

This attribute specifies the update period (in minutes) for the feeds.

You can use one of the following values: 0, 30, 60, 120, 240, 480, 960, or 1440.

The value 0 means that Kaspersky CyberTrace does not update feeds automatically.

This attribute is optional. If it is omitted, the value 30 is used by default.

Nested elements

This element is a container for the following nested element:

Example

The following is an example of this element.

<Feeds per_scan_detect_limit="10000" update_frequency="30">

<Feed filename="Demo_Botnet_CnC_URL_Data_Feed.json" enabled="true" confidence="100">

...

</Feed>

<Feed filename="Demo_Malicious_Hash_Data_Feed.json" enabled="true" confidence="100">

...

</Feed>

<Feed filename="Demo_IP_Reputation_Data_Feed.json" enabled="true" confidence="100">

...

</Feed>

</Feeds>

Page top