Skip to main content

Cyware Threat Intelligence eXchange

SecneurX

Connector Category: API Feed Source

About Integration

CTIX integrates with SecneurX to provide actionable threat intelligence feeds that help in enrichment, investigation, and drawing context.

Use Cases

  • Offers real-time access to unique and up-to-date STIX 2.1 threat data such as indicator, malware, and their associated relationships.

  • Offers access to threat data that spans a broad spectrum of threats targeting mobile malware and the Internet of Things (IoT) or Operational Technology (OT) infrastructure.

  • Offers insights into threats, attack methods, and the possible consequences.

Benefits

  • Assists organizations in protecting their infrastructure.

  • Quickly identify threats that are lesser known and mostly concealed within an organization.

  • Provide visibility of the active threats and help identify which threats require immediate attention.

Configure SecneurX as an API Feed Source

Configure SecneurX as a feed source to receive data feeds in CTIX. You can configure multiple instances for an API source.

Before you Start

  • You must have View API Feed, View Feed Source, Create Feed Source, and Update Feed Source permissions.

  • You must have the base URL and API key of your SecneurX account.

Steps

  1. Navigate to Administration, select Integration Management, and select APIs under FEED SOURCES.

  2. Click Add API Source.

  3. Search for SecneurX and click on the app.

  4. Click Add Instance.

  5. Enter a unique name to identify the instance. For example, SecneurX-prod.

  6. Enter the base URL to directly connect to the application's server. The base URL is the consistent part of the website's address, such as https://www.secneurx.com/.

  7. Enter the API key of your SecneurX account. An API key is a combination of alphanumeric values, such as za1CELgL3.

  8. Select Verify SSL to verify and secure the connection between the CTIX and SecneurX servers.

    If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection. It is recommended to select this option.

  9. Click Save.

Configure Feed Channels for SecneurX Integration

The data received from the feed channels are stored in separate collections. Indicators, malware, and their associated relations are fetched from this integration.

Steps

  1. Navigate to Administration, select Integration Management, and select APIs under FEED SOURCES.

  2. Search for SecneurX and click on the app.

  3. Click the ellipsis on the top right corner, and select Manage.

  4. Click Manage Feed Channels.

  5. Select a feed channel and enable the toggle switch.

  6. Enter the date and time to start polling feeds. This date must be within the last 15 days of the current date.

  7. Enter the collection name to group the feed data. The system creates a new collection and groups all the feeds received from SecneurX.

  8. Select from the following Polling Cron Schedule to specify the polling type:

    • Select Manual to manually poll the data on a need basis.

    • Select Auto to automatically poll the data at a defined period of time. In Polling Time, enter the frequency in minutes for automatic polling.

  9. Set the default TLP and confidence score to assign to the incoming feeds. These set values are useful in case the incoming feed does not have a TLP or confidence score already assigned to them.

  10. Select tags to identify and categorize the feeds.

  11. Enable Broken Collection Retry Policy to allow CTIX to re-attempt any failed connection to your SecneurX account.

    • Enter the retry interval in minutes, days, or weeks, and specify the retry count.

    • Enable Exponential Backoff Entry to progressively extend the wait time between the connection attempts for consecutive error responses. For example, for a 10-minute exponential retry interval, the system re-attempts to connect in 10, 100, 1000, 10000, and so on till the retry count is met. Use this option to give your system resources some breathing time and resolve any service overload issues.

  12. Click Save.

Poll for SecneurX Feeds Manually

To poll feeds automatically, enable auto polling while configuring the feed channels. However, if you want to poll for feeds manually, use the following procedure:

Steps

  1. Navigate to Administration, select Integration Management, and select APIs under FEED SOURCES.

  2. Select SecneurX and select a feed channel.

  3. Click the feed ellipsis and select Poll Now.

View SecneurX Feeds in CTIX

After configuring the SecneurX integration, you can view the intel received on the CTIX application.

Steps

  1. Navigate to Administration, select Integration Management, and select APIs under FEED SOURCES.

  2. Select SecneurX and select a feed channel.

  3. Click the feed ellipsis and select View Intel. You can view the intel received from SecneurX in Threat Data.