Skip to main content

Hunt.io

Notice

This integration supports the new feed channel, Fetch IOC Hunter Feeds, available to users on Intel Exchange v3.7.6.2 and above.

Connector Category: API Feed Source

About Hunt.io

Hunt.io integration with Intel Exchange provides actionable threat intelligence by tracking malicious infrastructure across the Internet. With this integration, organizations gain the tools and context needed to proactively identify hidden threats and defend against advanced cyberattacks.

Intel Exchange integrates with Hunt.io to retrieve threat intel feeds about the following threat objects:

  • Infrastructure

  • Malware

  • Observed Data (Autonomous System Observable)

  • Location

  • Indicator

  • Vulnerability

  • Threat Actor

  • Report

  • Identity

  • File

Configure Hunt.io

Integrate with Hunt.io as a feed source and start receiving threat intel in Intel Exchange. You can use the following sections for more information:

Configure Hunt.io as API Feed Source

Configure Hunt.io as an API feed source in Intel Exchange to receive threat data feeds from Hunt.io.

Before you Start

  • You must have the View API Feed, View Feed Source, Create Feed Source, and Update Feed Source permissions in Intel Exchange.

  • You must have the base URL and API key of your Hunt.io account.

    Note

    Ensure that the API key includes the permissions to retrieve threat data. If the API key does not have permission to retrieve a threat data feed, then the respective feed channel is disabled automatically and displays a connection error.

Steps

To configure Hunt.io as an API feed source in Intel Exchange, follow these steps:

  1. Go to Administration > Integration Management. In FEED SOURCES, click APIs.

  2. Click Add API Source.

  3. Search and select Hunt.io.

  4. Click Add Instance and enter the following details:

    • Instance Name: Enter a unique name to identify the instance. For example, Prod-Hunt.io.

    • Base URL: Enter the base URL of your Hunt.io instance. The default base URL is https://api.hunt.io.

    • API Token: Enter the API token to authenticate with Hunti.io.

    • Verify SSL: Select this to verify the SSL certificate and secure the connection between the Intel Exchange and Hunt.io servers. By default, verification is enabled.

      Note

      Enabling SSL verification is recommended. If you disable this option, it may result in the use of an expired SSL certificate while configuring the instance. This may not establish the connection properly, and you will not be notified in case of a broken or improper connection.

  5. Click Save.

After the Hunt.io is configured successfully, you can view the feed channels. You can configure multiple instances by clicking Manage > Add More.

Configure Hunt.io Feed Channels

Configure the feed channels to retrieve threat data feeds from Hunt.io and store them in collections with Intel Exchange.

Steps

To configure the Fetch IOC Hunter Feeds channel, follow these steps:

  1. Go to Administration > Integration Management. In FEED SOURCES, click APIs.

  2. Search and select the Hunt.io.

  3. Click the vertical ellipsis and select Manage.

  4. Click Manage Feed Channels.

  5. Select a feed channel and turn on the toggle. Use the following information while configuring the channel:

    • Select the number of days to retrieve data: Select the number of days for which you want to retrieve IOC Hunter feed data. Intel Exchange fetches threat data published within the selected time range.

      Note

      This field is not applicable to the Fetch C2 Feeds channel. This channel does not support date-based filtering, and polling always retrieves the latest available data.

    • Collection Name: Enter the name of the collection to group the feed data. For example, Hunti.io Feeds. Intel Exchange created the collection and stores all the feeds from the feed channel.

    • Polling Cron Schedule: Select from one of the following Polling Cron Schedule types to define when to poll the data:

      • Manual: Allows you to manually poll from the source collection.

      • Auto: Allows you to automatically poll for threat intel from sources at specific time intervals. The default polling cron schedule is Auto. Enter a frequency in minutes between 240 and 21600 minutes in Polling Time. The default polling time is 1440 minutes.

    • TLP: Set the TLP for the feeds that do not have a TLP already assigned. The default TLP is Amber. Alternatively, you can select None to ensure that no TLP is assigned to the feeds.

    • Default Source Confidence: Enter the confidence score for the feeds that do not have a confidence score already assigned. The default confidence score is 100.

    • Deprecated after: Specify the number of days after which the threat data (indicator) will be marked as deprecated, unless the source defines its own expiry duration. The allowed range is 1-180 days.

    • Custom Score: Select the Relevance and Severity Score for the channel.

    • Default Tags: Select any tags to identify and categorize the feeds.

  6. Click Save.

The feed channel is configured, and you can poll feeds from the channel. You can enable the other feed channels, poll feeds, and view the feeds.

Hunt-io.png

Test Feed Channel Connectivity

Test the connectivity of the Hunt.io API feed channels to ensure that the connection with the correct API endpoint is established and that you have permission to poll feeds.

Before you Start

  • Ensure that the Hunt.io API integration is enabled.

  • Ensure that the feed channel for which you want to test connectivity is enabled.

Steps

To test the connectivity of a feed channel, follow these steps:

  1. Go to Administration > Integration Management. In FEED SOURCES, click APIs.

  2. Search and select the Hunt.io app.

  3. On a feed channel, click the vertical ellipses and select View Details.

  4. In the Working Status section, click Test Connectivity.

If the connection is established, then the working status shows Running. If the connectivity is broken, then the working status shows a Connection Error. Hover over the tooltip next to Connection Error to view the error code.

Note

When a feed channel loses connectivity, it is automatically disabled, and the system attempts to restore connectivity three times per hour. If the connectivity is successfully restored, the feed channel is automatically re-enabled.

To understand the error code and troubleshoot broken connectivity, see Troubleshoot Integrations.

Hunt.io Feed Channels

The following table lists the feed channel and the API endpoint used to retrieve feeds from Hunt.io:

Feed Channel

API URL

Fetch C2 Feeds

{{base_url}}/v1/feeds/c2

Fetch IOC Hunter Feeds

{{base_url}}/v1/feeds/ioc-hunter

Changelog

The following table lists the changelog for each version of this integration:

Version

Release Date

Changes

v3.7.6.2

10 March, 2026

Introduces a new feed channel, Hunter IOC Feeds, which enables the retrieval of IOC data from the Hunt.io API feed. This channel is disabled by default and must be enabled during configuration to start polling data.

v3.6.3.3

-

Introduces the initial release of the Hunt.io integration in Intel Exchange.