Incomplete enterprise-ioc feeds via API
33 views
Skip to first unread message
Robert van Timmeren
Oct 10, 2023, 3:30:30 AM10/10/23
to Feedly Cloud
Hi Feedly and fellow developers,
I am making use of Feedly to collect indicators of compromise via the API. For this I have setup several feeds. To make API calls to these feeds I am making use of the python-api-client. However, it seems that when using the IoCDownloaderBuilder class it's making use of v3/enterprise/ioc/content API, instead of v3/streams API.
I noticed that when using the v3/enterprise/ioc/content API there seem to be feeds missing, for example: GET on v3/enterprise/ioc/content gives me the following first 6 results (also notice the duplicate entry):
Netscaler Exploitation to Social Engineering: Mapping Convergence o...
Independently Confirming Amnesty Security Lab’s finding of Predator...
IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits
Independently Confirming Amnesty Security Lab’s finding of Predator...
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities
Independently Confirming Amnesty Security Lab’s finding of Predator...
IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits
Independently Confirming Amnesty Security Lab’s finding of Predator...
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities
GET on v3/streams provides the following 6 results:
Netscaler Exploitation to Social Engineering: Mapping Convergence o...
Independently Confirming Amnesty Security Lab’s finding of Predator...
IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits
Independently Confirming Amnesty Security Lab’s finding of Predator...
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities
Independently Confirming Amnesty Security Lab’s finding of Predator...
IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits
Independently Confirming Amnesty Security Lab’s finding of Predator...
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities
How PROPHET SPIDER Exploits Oracle WebLogic
Is the v3/enterprise/ioc/content API not supported or discontinued but still active, or is this some sort of bug?
David Chatenay
Oct 10, 2023, 2:29:02 PM10/10/23
to Robert van Timmeren, Feedly Cloud
Hi Robert,
The IOC/Styx endpoint is still actively developed. It is part of the "Feedly for Threat Intelligence" product. Could you contact your customer success manager, and tell them which stream ids you are using and which parameters you were using? Thanks!
Best regards,
--
David Chatenay
Platform Engineer
Feedly
--
You received this message because you are subscribed to the Google Groups "Feedly Cloud" group.
To unsubscribe from this group and stop receiving emails from it, send an email to feedly-cloud...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/feedly-cloud/69135c06-e0e2-447e-9c1b-0afcd0135d92n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages