Describes a feed or supplier.
Path
Feeds > Feed
Attributes
This element has the following attributes:
Feed element attributes
Attribute |
Description |
---|---|
|
Specifies if the feed or supplier is enabled globally (across all tenants). |
|
The name of the supplier or the file name of the feed in the directory specified in the ServiceSettings > Bases element. This attribute is mandatory. |
|
The level of confidence of the feed or supplier. You can use values in the range of This attribute is mandatory. |
|
The period (in hours) following the last feed update, after which a notification about the outdated feed ( To turn off notifications for this feed, set this parameter to We recommend that you set this parameter to For third-party suppliers, this parameter is set to This attribute is optional. |
|
The period (in hours), after which indicators of compromise from the feed or supplier are removed from the database. If the indicator is detected on the basis of the incoming event, it is not removed from the database, but the feed that contains this indicator or the supplier that provided it can no longer be used in the matching process. To enable an infinite time limit for the feed or supplier invalidation, set this attribute to This attribute is mandatory (except for Kaspersky Threat Data Feeds). |
|
Name of the feed or supplier vendor. This attribute is optional. |
|
Specifies if the indicators from the feed or supplier must be used for retrospective scan. If the indicators must be used for retrospective scan, the value of this attribute is If the indicators must not be used for retrospective scan, the value of this attribute is |
|
Indicates that the supplier was added with the REST API. If the supplier was added with the REST API, the value of this attribute is This attribute is optional. |
Nested elements
This element is a container for the following nested elements:
This element is obsolete starting from Kaspersky CyberTrace version 4.0.
A Field element specifies the rules for checking an event against the records of the feed.
For more information about this element, see section "About feed matching rules".
Defines actionable fields.
Example
The following is an example of this element.
<Feed filename="Demo_Botnet_CnC_URL_Data_Feed.json" enabled="true" confidence="100"> <ActionableFields> ... </ActionableFields> </Feed> |