Skip to main content

Configure Rules and API Credentials in Intel Exchange

Before configuring the Cyware Intel Exchange integration in Google SecOps SIEM, configure the required rules and generate API credentials in Cyware Intel Exchange. These credentials enable secure authentication between Cyware Intel Exchange and Google SecOps SIEM.

Create a Rule in Intel Exchange to Poll Threat Intel in Google SecOps SIEM

To enable Google SecOps SIEM to retrieve threat intelligence from Intel Exchange, create a rule that collects and stores the required indicator data. This rule uses the Save Result Set V3 action to generate a result set that Google SecOps SIEM can poll using the Intel Exchange API.

Before you Start

Ensure that you have the Create Rule, View Rule, and View & Update Rule permissions in Intel Exchange.

Steps

To create a rule, follow these steps:

  1. Sign in to Intel Exchange.

  2. From the Main Menu, select Rules under Actions.

  3. Enter a title for the rule and click Add.

  4. Define the source and collections to specify the data that Google SecOps SIEM should retrieve.

  5. Define the condition based on which the rule is triggered. For more information about defining sources, collections, and conditions, see Automation Rules.

  6. To define the action, use the following information:

    1. Action: Select Save Result Set V3 as the action from the drop-down menu. The Save Result Set V3 action stores data from the Intel Exchange application and acts as a collection from which Google SecOps can poll data.

    2. Application: Select CTIX as the application to implement the rule.

    3. Account: Select an account to identify the instance to run the rule.

    4. TLP Version: Select a TLP version to implement the rule.

    5. Tags: Select tags to associate with indicators. Use the same tags while configuring Google SecOps SIEM to retrieve these indicators.

  7. Click Save.

Generate API Credentials in Intel Exchange

Generate API credentials in Intel Exchange to allow Google SecOps SIEM to securely authenticate and retrieve threat intelligence data.

Before you Start

Ensure that you have Create and Update permissions for CTIX Integrators.

Steps

To generate the API credentials, follow these steps:

  1. Sign in to Intel Exchange.

  2. Go to Administration > Integration Management, and select CTIX Integrators under THIRD PARTY DEVELOPERS.

  3. Click Add New and use the following information:

    • Name: Enter a unique name for the API credentials.

    • Description: Enter key details in the description for the API integration.

    • Expiry Date: Select an expiry date for open API keys. To apply an expiration date for the credentials, you can select Expires On and select the date. To ensure the credentials never expire, you can select Never Expire.

  4. Click Add New.

  5. Click Download to download the API credentials in CSV format. You can also click Copy to copy the endpoint URL, secret key, and access ID.

    Important

    It is recommended to download the API credentials since you cannot recover them later.