Feedly
Connector Category: API Feed Source
About Feedly
Feedly for Threat Intelligence helps security teams collect, analyze, and share open-source threat intelligence faster using AI. Feedly AI extracts insights from articles and threat intelligence reports, such as IoCs, threat actors, malware, CVEs, and TTPs. Intel Exchange (CTIX) integrates with Feedly to retrieve extracted insights from the Feedly Team Feeds and Team Boards you have configured.
Use Cases
Enables security analysts to monitor vulnerabilities that could be exploited by threat actors using malware and employing certain attack patterns.
Perform research to retrieve specific threat actors and malware.
Analyze threat patterns to make timely and informed decisions on critical threats that target your organization.
Configure Feedly as an API Feed Source
Configure Feedly as an API feed source to retrieve team and board feeds from Feedly.
Before you Start
You must have the View API Feed, View Feed Source, Create Feed Source, and Update Feed Source permissions in Intel Exchange.
You must have the base URL and API token of your Feedly account. To generate an API token, sign in to Feedly and go to the following URL: https://feedly.com/i/team/api.
Important
Ensure that the bearer token includes the permissions to retrieve the team and board feeds. If the bearer token does not have permission to retrieve a specific feed, then the respective feed channel is disabled automatically and displays a connection error.
Steps
To configure Feedly as an API feed source in Intel Exchange, follow these steps:
Go to Administration > Integration Management and select APIs under FEED SOURCES .
Click Add API Source.
Search and select the Feedly app.
Click Add Instance and enter the following details:
Name: Enter a unique name to identify the instance. For example, Prod-Feedly.
Base URL: Enter the base URL of your Feedly instance. The default base URL is
https://feedly.com/v3/.Bearer Token: Enter the bearer token to authenticate communication between the Intel Exchange and Feedly servers.
Verify SSL: Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchange and Feedly servers. By default, Verify SSL is selected.
Note
Cyware recommends you select Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
Click Save.
After the Feedly instance is configured successfully, you can view the Feedly feed channels. You can configure multiple instances by clicking Manage > Add More.
Configure Get Team Feeds Feed Channels
Configure the Get Team Feeds feed channel to retrieve feeds from the team feeds you have configured in Feedly.
Steps
To configure the Get Team Feeds feed channel, follow these steps:
Go to Administration > Integration Management and select APIs under FEED SOURCES.
Search and select the Feedly app.
Click the ellipsis on the top right corner and select Manage.
Click Manage Feed Channels.
Select the Get Team Feeds feed channel and turn on the toggle to enable the channel.
Enter the following details:
Start Date and Time: Enter the date and time within 15 days from the current time from which Intel Exchange will start polling feeds.
Collection Name: Enter the collection name to group the feeds retrieved from Feedly. For example, Feedly Team Feeds. Intel Exchange creates the collection and stores all the feeds retrieved from the feed channel.
Feed List Type: Select the team feed folders you have configured in Feedly. Only feeds from the selected folders will be retrieved. For example, Cyber Attacks and Vulnerabilities.
Polling Cron Schedule: Select from one of the following Polling Cron Schedule types to define when to poll the data:
Manual: Allows you to manually poll from the source collection.
Auto: Allows you to automatically poll for threat intel from sources at specific time intervals. The default polling cron schedule is Auto. Enter a frequency in minutes between 60 and 10080 minutes in Polling Time. The default polling time is 240 minutes.
Default TLP: Set a default TLP to assign to the feeds that do not include a source TLP. By default, the default TLP is set to Amber.
Default Source Confidence: Set a default Confidence Score to assign to the feeds that do not include a source Confidence Score. By default, the default Confidence Score is set to 100.
Default Tags: Select the tags to identify and categorize the feeds.
Click Save.
The feed channel is configured and you can poll feeds from the channel. Similarly, you can configure the Get Team Boards feed channel and define the team boards from which you want to retrieve feeds. For more information about polling feeds and viewing the ingested feeds, see API Integrations.
Test Feedly Feed Channel Connectivity
Test the connectivity of the Feedly API feed channels to ensure that the connection with the correct API endpoint is established and you have permission to poll feeds.
Before you Start
Ensure that the Feedly API integration is enabled.
Ensure that the feed channel you want to test connectivity is enabled.
Steps
To test the connectivity of a feed channel, do the following:
Go to Administration > Integration Management and select APIs under FEED SOURCES.
Search and select the Feedly app.
On a feed channel, click the vertical ellipses and select View Details.
In the Working Status section, click Test Connectivity.
If the connection is established, then the working status shows Running. If the connectivity testing results in an error, then the working status shows a Connection Error. Hover over the tooltip next to Connection Error to view the error code.
Note
When the connectivity of a feed channel breaks, Intel Exchange disables the channel and re-attempts to restore the connectivity three times every hour. After a successful re-attempt to restore the connectivity, Intel Exchange enables the feed channel automatically.
To understand the error code and troubleshoot broken connectivity, see Troubleshoot Integrations.
Feedly Feed Channels
The following table lists all the feed channels and the Feedly API endpoints used for each feed channel.
Feed Channel | API URL |
|---|---|
Get Team Feeds |
|
Get Team Boards |