Create Custom Threat Intelligence Feeds
Maltiverse offers the possibility of creating Custom Threat Intelligence Feeds. This feature allows you to carefully select the IoCs you are going to disseminate through your security stack, allowing you to maximize your security posture based on the specific needs of your organization.
To create a custom feed, simply login to the Maltiverse Portal and follow the instructions.
1. Head to the left navigation menu and click Search (1) to go to Maltiverse’s Search engine, where you will be able to filter IoCs.
2. Filter the IoCs based on your needed criteria. For example, you can filter IoCs by typing: type:hostname AND classification:malicious AND is_alive:true. Once you type your search query, click Search or press Enter on your keyboard.
Detailed instructions on how to filter IoCs are available in our Maltiverse Search Engine documentation.
If you filter IoCs from the Platform Search, you will only access the IoCs that you have uploaded and not the full list of IoCs available through Maltiverse Intelligence.
3. Now that you have filtered the IoCs you can create a threat feed containing all the IoCs that meet the criteria of your search. To do so, click on the Save Query button (1).
4. Select the Threat Intel Feed option and complete the form by giving it a distinct name and a description that will help your team identify its use. Once you are done click on Save (1).
5. Once you create the custom feed, you will be directed to the feed details where you can review its contents or make use of it by:
- Downloading its contents to help with threat hunting and reporting.
- Integrate it to your security stack to disseminate the IoCs within the feed.
Keep in mind that feeds are updated in real time, meaning that IoCs that no longer fit into the filtering criteria will be removed and new IoCs that fit these criteria will be added.
Related Articles
Getting Started with Maltiverse
Maltiverse by Lumu enhances your cybersecurity stack's Continuous Compromise Assessment by injecting curated threat intelligence feeds, thereby empowering threat detection. This article will guide you through the initial steps to integrate ...Threat Intelligence Feeds Management
Threat Intelligence feeds on Maltiverse can be used to either be integrated within a wide variety of security tools, or can be downloaded in a variety of formats to be used as needed within your organization. This article goes over both approaches in ...Upload Private IoCs via Maltiverse Portal
This feature is only available for the Platform plan users. Maltiverse allows users to upload and manage IoCs directly through the platform. This feature streamlines the process of parsing IoCs from raw text, associating them with relevant metadata, ...Use Case: IoC Dissemination
When talking about securing your operations, speed and coverage are two critical aspects in keeping your data safe. Having access to private or global IoCs is valuable, but their real power comes when they are distributed across your security stack. ...Maltiverse Plans
Maltiverse offers three different subscription plans designed to fit a wide range of security needs, from individuals and small teams just starting with threat intelligence, to large enterprises requiring advanced integrations and full platform ...