Skip to main content
Version: Spectra Analyze 9.5.0

Flexible Intel Feed

When the Flexible Intel Feed is enabled, the appliance uses the configured Spectra Intelligence account to generate a personalized, private, and curated IOC (Indicators of Compromise) feed. This feed is based on all files submitted to Spectra Intelligence, enriched with metadata from across the ReversingLabs product portfolio, and served in STIX/TAXII format (version 2.1).

The Flexible Intel Feed configuration page

important

Although Spectra Analyze submissions are used to generate the feed, the feed itself is not accessible directly from the appliance. Instead, it must be consumed via API (refer to the TCTF-0003 Flexible Intel Feed documentation) or through compatible threat intelligence platforms such as OpenCTI.

The feed stores information for the last 30 days.

This feature relies on files being submitted to Spectra Intelligence. Ensure that Spectra Intelligence is correctly configured on the appliance and that Automatic Uploads to Spectra Intelligence are enabled.

Once Spectra Intelligence is configured, click Enable Feed to enroll the appliance into the Flexible Intel Feed service.

When the process completes, a popup window will display the following information:

  • TAXII Discovery:
    https://data.reversinglabs.com/api/taxii/taxii2/
    The entry point for clients to discover available TAXII services and API Roots.

  • TAXII API Root:
    https://data.reversinglabs.com/api/taxii/flexible-intel-feeds/
    The base endpoint that hosts one or more collections containing STIX data.

  • Collection:
    A single, unique collection ID assigned to your Spectra Intelligence account. This collection contains your personalized feed of IOCs in STIX format.

  • Username:
    The username used to access your Flexible Intelligence Feed. It is your Spectra Intelligence username with /fif appended.

    Example: u/company/user/a1000 > u/company/user/a1000/fif

  • Password:
    Shown only once when the feed is enabled. Save it securely. If lost, use the provided link to generate a new password.

To revisit this information later, click Show Connection Details on the Flexible Intel Feed page.

note

Disabling the feed does not remove the configuration; it stops the feed from being generated until it is re-enabled.