Flexible Intel Feed
Spectra Analyze > Administration > Integrations & Connectors > Flexible Intel Feed
When the Flexible Intel Feed is enabled, the appliance uses a configured Spectra Intelligence account to generate a personalized, private, and curated Indicators of Compromise (IoCs) feed. This feed is based on all files submitted to Spectra Intelligence, enriched with metadata from across the ReversingLabs product portfolio, and served in STIX/TAXII format (version 2.1).
Although Spectra Analyze submissions are used to generate the feed, the feed itself is not accessible directly from the appliance.
To handle and manage IoCs efficiently, it is recommended you do either of the following:
- Use a Threat Intelligence Platform (TIP) such as OpenCTI or Anomali. These platforms support the standardized STIX/TAXII protocol for seamless integration with the FIF service.
- Use TCTF-0003 Flexible Intel Feed to consume the feed via API.
Prerequisites
Before you can enable the Flexible Intel Feed, you must configure Spectra Intelligence credentials under Administration > Configuration & Update > Configuration > Spectra Intelligence.
Optionally, on the same page, enable Automatic Upload to Spectra Intelligence to ensure continuous IoC generation. If auto-upload isn't enabled, you can submit files manually by selecting them and checking Threat Intelligence in the analysis settings to trigger submission to Spectra Intelligence.
Enabling FIF
To enroll the appliance into the FIF service, go to Administration > Integrations & Connectors > Flexible Intel Feed and click Enable Feed. When the process completes, a popup window displays the following information:
| Component | Description | Example |
|---|---|---|
| TAXII Discovery | Entry point for clients to discover available TAXII services and API Roots. | https://data.reversinglabs.com/api/taxii/taxii2/ |
| TAXII API Root | Base endpoint that hosts collections containing STIX data. | https://data.reversinglabs.com/api/taxii/flexible-intel-feeds/ |
| Collection ID | Unique collection ID assigned to your Spectra Intelligence account containing your personalized IoCs feed in STIX format. | Generated automatically. |
| Username | Username used to access your FIF containing your Spectra Intelligence username with /fif appended. | u/company/user/a1000/fif |
| Password | Access password shown only once when the feed is enabled. Save it securely. If lost, use the provided link to generate a new password. | Generated automatically. |
The password is displayed only once when the feed is enabled. Save it securely. If lost, use the provided link to generate a new password.
To revisit this information later, go to Administration > Integrations & Connectors > Flexible Intel Feed and click Show Connection Details.
The feed stores information for the last 30 days.