Feed Utility is a console application. You can invoke it from the command line.
Syntax
Feed Utility uses the following syntax in Linux:
./kl_feed_util [options]
Feed Utility uses the following syntax in Windows:
kl_feed_util.exe [options]
Options
The following options are available:
-h [ --help ]
Prints the help message.
-v [ --verbose ]
Enables verbose mode.
If verbose mode is enabled, Feed Utility prints detailed information about its activity to the screen. If verbose mode is disabled, brief information is printed.
-s [ --silent ]
Enables silent mode.
If silent mode is enabled, Feed Utility does not print information about its activity to the screen.
-c [ --config ] arg
Specifies the path to the configuration file. The path must be specified in the arg
argument.
You can use absolute or relative paths. If a relative path is specified, it is calculated relative to the Feed Utilty binary file.
The default value for this parameter is kl_feed_util.conf
. Feed Utility searches for this file in the directory where its binary file is located.
-d [ --download ]
Enables downloading mode.
If this option is specified, Feed Utility downloads feeds, but does not process them.
Downloaded files will be located in the directory specified in the WorkDir
parameter of the Feed Utility configuration file.
-u [ --unpack ]
Unpack downloaded feeds.
If this option is specified, Feed Utility unpacks the feeds after downloading.
This option can be used only in combination with -d
or -p
option.
-p [ --processing ]
Enables processing mode.
If this option is specified, Feed Utility processes feeds, but does not download or unpack them. Feed Utility does not delete the original feed files.
Feed Utility looks for feeds in the directory specified in the WorkDir
parameter of the Feed Utility configuration file.
In processing mode, Feed Utility does not delete the original feed files, located in the WorkDir
directory. This may lead to a situation where this directory contains several versions of one feed file. In this case, Feed Utility will print an error message. To avoid this situation, you must manually delete the original feed files from the WorkDir
directory after they are processed by Feed Utility.
-f [--feed] arg
Download or process the specified feed.
The name of the feed must be specified in the arg
argument. This name must correspond to the value of the Name
parameter specified in feed rules (Feeds
> Feed
> Name
).
You can specify more than one feed. In this case, separate feed names with a semicolon (;
).
This parameter can be used with -d
and -p
parameters.
-i [--input]
Parses an external feed and converts it to JSON format according to parsing rules defined for this feed.
The name of the feed must be specified with -f
format.
--set-proxy username:password@host:port
Writes specified proxy connection settings to the Feed Utility configuration file. The username
and password
parameters are written in encrypted form.
Specify the user name in the username
parameter, password in the password
parameter, and proxy server address and port in the host
and port
parameters.
If a proxy server does not require authentication, use the --set-proxy host:port
format.
--set-taxii username:password@feedname@taxii-address@collectionname
Writes specified TAXII server connection settings to the Feed Utility configuration file. The username
and password
parameters are written in encrypted form.
If a TAXII server does not require authentication, use the feedname@taxii-address@collectionname
format.
--speedtest
Measures the average speed with which Feed Utility downloads feeds from Kaspersky servers.
You can combine this parameter with the -с
parameter to specify the path to the configuration file that will be used.
Syntax examples
The following command runs Feed Utility with default parameters. Feed Utility will download, unpack, and process feeds.
./kl_feed_util |
kl_feed_util.exe |
The following command runs Feed Utility in verbose mode with a configuration file named custom_configuration.conf
, which is located in the same directory as the utility binary file.
./kl_feed_util -v -c 'custom_configuration.conf' |
kl_feed_util.exe -v -c 'custom_configuration.conf' |
The following command makes Feed Utility download and unpack feeds.
./kl_feed_util -d -u |
kl_feed_util.exe -d -u |
With the following command, Feed Utility processes the unpacked feeds. In this case, Feed Utility does not download the feeds; it only looks for the unpacked feed files and processes them.
./kl_feed_util -p |
kl_feed_util.exe -p |
The following command makes Feed Utility unpack and process feeds.
./kl_feed_util -u -p |
kl_feed_util.exe -u -p |
The following command makes Feed Utility download, unpack, and process the specified feed.
./kl_feed_util -f Demo_Botnet_CnC_URL_Data_Feed |
kl_feed_util.exe -f Demo_Botnet_CnC_URL_Data_Feed |
The following command specifies proxy connection parameters. These parameters are written to the configuration file.
./kl_feed_util --set-proxy 'user:pass@proxy.example.com:3128' |
kl_feed_util.exe --set-proxy 'user:pass@proxy.example.com:3128' |
The following command specifies proxy connection parameters for a proxy that does not require authentication. These parameters are written to the configuration file.
./kl_feed_util --set-proxy 'proxy.example.com:3128' |
kl_feed_util.exe --set-proxy 'proxy.example.com:3128' |
The following command specifies TAXII server connection parameters. These parameters are written to the configuration file.
./kl_feed_util --set-taxii ' |
kl_feed_util.exe --set-taxii ' |
The following command displays an average speed with which Feed Utility downloads the feeds from Kaspersky servers
./kl_feed_util --speedtest |
kl_feed_util.exe --speedtest |
Output example
The following example demonstrates a typical Feed Utility output. Feed Utility downloads demo feeds, and then unpacks and processes them.
2018-08-03 16:20:31.815 7f9b01c58740 INF KL Feed Utility, version: 1.1.91.0/Release 2018-08-03 16:20:31.815 7f9b01c58740 INF Built at 2018-08-02T15:06:50Z for Linux/x86_64 2018-08-03 16:20:31.815 7f9b01c58740 INF Running at Linux/x86_64 version #1 SMP Debian 3.16.43-2 (2017-04-30) 2018-08-03 16:20:31.815 7f9b01c58740 INF Current locale is en_US.UTF-8 2018-08-03 16:20:31.992 7f9b01c58740 INF feed #85(Demo_Botnet_CnC_URL_Data_Feed) version 2018-08-03T12:47:26.893 is available 2018-08-03 16:20:32.404 7f9b01c58740 INF update of feed #85(Demo_Botnet_CnC_URL_Data_Feed) is extracted to /opt/feed_util/bin/tmp/Demo_Botnet_CnC_URL_Data_Feed.json 2018-08-03 16:20:32.586 7f9b01c58740 INF feed #86(Demo_Malicious_Hash_Data_Feed) version 2018-08-03T12:44:53.82 is available 2018-08-03 16:20:32.992 7f9b01c58740 INF update of feed #86(Demo_Malicious_Hash_Data_Feed) is extracted to /opt/feed_util/bin/tmp/Demo_Malicious_Hash_Data_Feed.json 2018-08-03 16:20:33.172 7f9b01c58740 INF feed #87(Demo_IP_Reputation_Data_Feed) version 2018-08-03T12:57:57.017 is available 2018-08-03 16:20:33.406 7f9b01c58740 INF update of feed #87(Demo_IP_Reputation_Data_Feed) is extracted to /opt/feed_util/bin/tmp/Demo_IP_Reputation_Data_Feed.json 2018-08-03 16:20:34.414 7f9b01c58740 INF 3 of 3 feeds downloaded 2018-08-03 16:20:34.416 7f9afedb9700 INF start processing of feed #87(Demo_IP_Reputation_Data_Feed) 2018-08-03 16:20:34.416 7f9aff5ba700 INF start processing of feed #86(Demo_Malicious_Hash_Data_Feed) 2018-08-03 16:20:34.425 7f9b007ea700 INF start processing of feed #85(Demo_Botnet_CnC_URL_Data_Feed) 2018-08-03 16:20:34.855 7f9b01c58740 INF 3 of 3 feeds processed 2018-08-03 16:20:35.255 7478 INF Starting the speed test... 2018-08-03 16:20:35.874 7478 INF 500.00 MiB downloaded in 14399 ms, average speed is 34.72 MiB/s 2018-08-03 16:20:36.133 7478 INF 500.00 MiB downloaded in 14304 ms, average speed is 34.96 MiB/s 2018-08-03 16:20:36.421 7478 INF 500.00 MiB downloaded in 13402 ms, average speed is 37.31 MiB/s 2018-08-03 16:20:36.679 7478 INF Overall average speed was 35.66 MiB/s |