Ingest threat data with context from Feedly TI to EclecticIQ

Feedly introduces no-code integration with EclecticIQ

Aug 16, 2024 - 13:10
 0  9
Ingest threat data with context from Feedly TI to EclecticIQ
Threat Intelligence

Ingest threat data with context from Feedly TI to EclecticIQ

Feedly introduces no-code integration with EclecticIQ

15-second summary

EclecticIQ’s Intelligence Center helps teams correlate, visualize, and take action on vast threat intelligence data acquired from internal, commercial, and open sources. However, collecting open-source intelligence presents challenges in minimizing blindspots, ensuring relevance, and adding context.

With Feedly’s no-code EclecticIQ integration, you can:

  • Collect open-source intelligence that’s relevant to your organization and industry from millions of sources, including social media, threat intel blogs, and advisories.
  • Automatically convert intelligence reports and articles into rich STIX exports using Feedly AI.
  • Ingest STIX export into EclecticIQ through a simple, no-code setup.
  • Streamline investigative workflows by correlating and disseminating data in EclecticIQ.

In summary, Feedly for Threat Intelligence helps teams get specific, relevant open-source threat data into EclecticIQ. It provides the context needed to speed up analysis and investigation, assisting teams to rapidly evaluate threats and set up defenses.

Feedly provides relevant open-source threat data to EclecticIQ in a more actionable and contextual way than typical open-source feeds.

David Greenwood, Head of Integrations and Developer Products, EclecticIQ

Irrelevant threat data can distract your analysts and add friction to your investigations

EclecticIQ Intelligence Center is trusted by some of the largest, most-targeted organizations in the world. Why? These organizations need a Threat Intelligence Platform (TIP) that can consume vast amounts of data, correlate it, and disseminate it over complex, custom workflows. To be effective, EcelcticIQ needs a critical mass of quality data from open-source, commercial, and internal sources.

The challenge of collecting open-source threat intel data comes down to relevance. Many open-source feeds are easy to consume, yet include a lot of noise, lack sufficient context, and are too generic to be useful to your specific intel requirements.

Collect open-source intelligence that’s relevant to your organization and industry

Feedly AI scours millions of sources on the open web to provide the intelligence that delivers against your PIRs. At heart are AI Feeds, queries that use over 1000 Threat Intelligence AI Models to find threat data that are relevant to your needs—up to 9x more relevant than keyword searches. You can search for threat actors like Lazarus Group and TTPs or IoCs. You can search across the entire web, focus on Feedly’s curated cybersecurity bundle of sources, or narrow it even further to your favorite trusted sources.

Feedly AI Feed collecting and enriching intelligence about the Lazarus Group.

Automatically convert intelligence reports and articles into rich STIX exports using Feedly AI

An IoC without context, including the related threat actors, malware, or source article, isn’t very useful. Feedly AI identifies the IoCs, TTPs, threat actors, malware, CVEs, and detection rules contained in articles. This data is easily identified at the top of the article and can be exported in rich STIX 2.1 format that EclecticIQ can easily consume.

Feedly for Threat Intelligence collects threat data from across open web sources and integrates it into EclecticIQ.

Ingest STIX export into EclecticIQ through a simple no-code setup

Setting up the integration between Feedly and your EclecticIQ threat intelligence platform is easy. First, identify whether you want to ingest articles saved by your teammates to a Team Board, or if you want to pull all the articles collected by an automated AI Feed.

AI Feeds are likely to produce a higher volume of articles and can be customized to pull only from trusted sources, giving you more control of your threat data. Alternatively, you might prefer to ingest only hand-selected articles saved to a Team Board.

Three-step process for integrating Feedly with EclecticIQ :

  • Generate a Feedly API token
  • Locate the Stream ID
  • Add them to EclecticIQ
Feedly for Threat Intelligence folder settings, showing how to capture a Stream ID.

Streamline investigative workflows

EclecticIQ enables teams to correlate vast amounts of threat data from open sources like Feedly, commercial sources, and internal sources like network logs. The data is automatically enriched, analyzed, and scored. From the customized workbench, cybersecurity analysts can investigate threats, develop intel reports, and track adversary profiles. And with advanced workflows, the data can be automatically routed to your SIEM, firewalls, or EDR tools.

Feedly for Threat Intelligence’s threat data with rich context makes investigation faster.

EclecticIQ workbench for threat actor Lazarus Group, populated from Feedly AI Feeds.

Observables, including IoCs, malware, and TTPs discovered by Feedly, are added to the workbench for the Lazarus Group threat actor.

EclecticIQ workbench for Lazarus Group showing observables like IoCs populated by Feedly AI.

The relationship graph visualizes relationships between the entity and IoCs, malware, and TTPs. To explore these relationships further, you can access source articles (in green) discovered by Feedly.

EclecticIQ workbench showing relationships between Lazarus Group and techniques and sub-techniques from Feedly for Threat Intelligence AI Feeds.

The relationship graph visualizes relationships between the entity and IoCs, malware, and TTPs. To explore these relationships further, you can access source articles (in green) discovered by Feedly.

EclecticIQ’s relationship graph, populated by rich threat data from Feedly for Threat Intelligence.

Speed up your defenses

Feedly’s AI improves the focus of your feeds and enhances articles, extracting rich contextual data that is actionable. The no-code integration with EclecticIQ helps teams gather targeted open-source intelligence, quickly and automatically. And, because the Feedly threat data includes rich context, your threat research will be more productive so you can quickly move to detection and remediation.

Start your 7-day trial

Get an automatic 7-day Feedly for Threat Intelligence trial and start collecting, analyzing, and sharing actionable intelligence up to 7x faster.Try Feedly TI

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow