Create Intel from X (Twitter) Feeds
You can directly create intel for the IOCs received in a X (Twitter) feed.
To create intel from the X (Twitter) feeds, follow these steps:
From Main Menu, open X (Twitter) Feeds under Collection.
From the Home Timeline, select a feed, and click Parse.
You can view the list of extracted threat data objects that are categorized into various STIX object types. You can edit an object to modify the object value. You can also add new objects if no object is extracted or add more objects to the intel. You can add new object types and add objects to an extracted object type.
To add a new object type, follow these steps:
In STIX Data, click Add Object.
Select an object type. For example, Ipv4 addr.
Enter a valid value for the selected object type. For example, 1.1.1.1.
Click Save.
To add an object to an object type, follow these steps:
In STIX Data, select an object type and click Add. For example, Domain.
Enter a valid value for the selected object type. For example, sampledomain.com.
Click Save.
To add additional information about the feed, click + Add Metadata and enter the following details:
Enter the title and description for the feed.
Select a TLP and confidence score.
Set the default custom score values.
To identify and categorize feeds, add tags.
By default, CTIX collects all this information from the feed and allows you to modify or add more information if required.
Click Create Intel.
If you are creating intel for the first time from this feed, CTIX automatically creates a new report object. Whereas if you are creating intel again with the same feed, CTIX prompts you to choose a report object to store the intel:
Add to Existing Report: Select to create the intel in an existing report.
Create New Report: Select to create a new report object to create the intel.
You can also create intel from partially processed IOCs. This enables you to utilize the available IOCs and track.
Click Save.
You can view the intel created in Threat Data by the given report name.