Configuring Outbound Intel Sharing Profiles
Use this section to create new Outbound Intelligence Profiles. The outbound intelligence profiles specify the endpoint details to which threat intelligence data is sent.
Vorbereitungen
Role required: sn_sec_tisc.admin
Prozedur
- Navigate to Workspaces > Threat Intelligence Security Center > Administration > Outbound Intel Sharing.
- Select Outbound Intel Sharing Profiles.
- Select New to create an Outbound Intelligence Profile.
-
On the form, fill in the fields.
Tabelle : 1. Create New Outbound Intelligence Profile Field Description Name Name of the outbound intelligence profile. Industry Select the industry category such as Aerospace, Agriculture for which the outbound intelligence profile is applicable to. Description Description of the outbound intelligence profile. Outbound Intelligence Settings Data Format Supported data formats for outbound intelligence sharing profile. Currently, the following two data formats are supported for outbound intelligence sharing:- STIX 2.1: Supports various endpoint types, including basic authentication endpoints and open-source endpoints. To accommodate this, two authentication types are available for STIX 2.1.
- MISP: For MISP, authentication is handled exclusively through an API key.
- When MISP is selected as the format, the Authentication Required option is automatically enabled.
- The authentication type is fixed as API Key, and users must provide a valid API key to connect to the MISP instance.
API Endpoint URL Enter the API endpoint URL to which the data needs to be sent. Authentication Required Select this check box if the authentication is required. Authentication Type Select the required option from the drop down list if the authentication is required. The available option is: Basic: Select this option to provide user name and password.
Headers to be passed with request Any headers to be passed with the requests can be provided for the outbound intelligence profile. Header should be provided in key-value pair separated by colon(':'). Each header key value pair should be provided in a new line. For providing authentication parameters as header values, enclose the required authentication with '${' and '}$'. (for example : username:${Username}$)
- Once the profile and authentication details are provided, click Save.
-
Select Validate Connection to confirm the setup by testing the endpoint URL configured under Intelligence Outbound Sharing.
This option enables you to provide a request body to validate the specific endpoint defined in the profile section.
Hinweis:A sample request body is displayed based on the selected format, and you can modify it as needed.Make the necessary changes to the request body and click Save and Validate button. In case if you want to reset to the original sample request body then you can select Reset button to reset it back to the original request body.
A confirmation message is displayed indicating that the connection to endpoint is successful.
If the connection to the endpoint is not successful, then check the error logs and resolve any issues before retrying.
-
Select the Enable button to enable the outbound intelligence sharing profile.
Hinweis:Whenever you create a sharing profile, Enable button appears only when the connection is successfully validated otherwise this button will not be visible until the connection to the endpoint is successful.When you select Enable button, then the validation to the end point checks occur automatically.A confirmation message is displayed indicating the sharing profile is successfully enabled.Hinweis:You must enable the sharing profile to use it for sharing intelligence.
- Additionally, select Disable to disable the profile if it is not needed for sharing intelligence.