App Vendor: Feedly
App Category: IT Services
Connector Version: 1.1.0
API Version: 1.0.0
The Feedly app is an integration that allows you to collect, analyze, and share threat intelligence using the Feedly REST API.
The Feedly app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Alert Details | This action retrieves the details of an alert. |
Get Alerts | This action retrieves all the alerts. |
Get CVE Metadata for Multiple CVEs | This action retrieves metadata for multiple CVEs. |
Get Enterprise Info | This action retrieves information about your enterprise. |
Get Entry Content | This action retrieves the content of an entry. |
Get IOCs with Rich Context | This action retrieves Indicators of Compromise (IOCs) from the specified Feedly stream. |
Get Malware Detection Rules | This action retrieves detection rules for a specified malware family. |
Get Malware Relationships | This action retrieves relationships between a specified malware family and other threat intelligence entities. |
Get Stream Contents | This action retrieves the content of a stream. |
Get Threat Actor Relationships | This action retrieves the relationship information for a specific threat actor. |
Get Threat Entity Metadata | This action retrieves metadata for a threat intelligence entity, such as a CVE, malware, or threat actor. |
Get Trending Attackers | This action retrieves trending attackers. |
Get Trending New Malware | This action retrieves trending new malware families based on recent threat intelligence activity. |
Get Trending Vulnerabilities | This action retrieves a list of trending vulnerabilities from the Feedly Threat Landscape Dashboard. |
Search | This action searches all Feedly feeds, stream content, entities, and topics. |
Generic Action | This is a generic action used to make requests to any endpoint. |
The following configuration parameters are required for the Feedly app to communicate with the Feedly enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Token | Enter the API key to connect to a Feedly instance. | Text | Required |
This action retrieves the details of an alert.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the Feedly alert ID to retrieve alert details. Example: "6de1f8c5-1f26-44de-bd7f-9d68b92b35b3" | Text | Required | You can retrieve the Alert ID using the action Get Alerts. |
Example Request
[
{
"alert_id": "6de1f8c5-1f26-44de-bd7f-9d68b92b35b3"
}
]This action retrieves all the alerts.
Action Input Parameters
This action does not require any input parameter.
This action retrieves metadata for multiple CVEs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CVE IDs | Enter a list of CVE IDs to retrieve metadata. Example: $LIST[CVE-2025-6098,CVE-2025-33053] | List | Required | |
With Statistics | Choose true to include additional statistics such as references and chatter articles. | Boolean | Optional | Default value: false |
Example Request
[
{
"cve_ids": [
"CVE-2025-6098",
"CVE-2025-33053"
]
}
]This action retrieves information about your enterprise.
Action Input Parameters
This action does not require any input parameter.
This action retrieves the content of an entry.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Entry ID | Enter the ID of an entry to retrieve its content. Example: "xne8uw/iuizhv1euo2zmzirc2ak6nlhgjboz+yk0rj8=_1523699cbb3:2aa0463:e47a7aef" | Text | Required | You can retrieve a search ID using the search action. |
Example Request
[
{
"entry_id": "xne8uw/iuizhv1euo2zmzirc2ak6nlhgjboz+yk0rj8=_1523699cbb3:2aa0463:e47a7aef"
}
]This action retrieves Indicators of Compromise (IOCs) from the specified Feedly stream.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Stream ID | Enter the stream ID to retrieve enterprise IOCs. Example: feed/https://feedly.com/f/alert/69d33173-b4e8-4838-bf4a-3b84ba09fcad | Text | Required | You can retrieve the Stream ID using the action Get Entry Content. |
Newer Than | Enter a time (in epoch format) after which you need to retrieve the alerts. Example: 664824960 | Integer | Optional | |
Count | Enter the maximum number of alerts to retrieve. Example: 50 | Integer | Optional | Default value: 100 |
Continuation | Enter the continuation token to paginate through results beyond the first 100 results. Example: 1976a35d8ea:28045a2:cfb2748 | Text | Optional | You can find this token in the Link header of the previous response. |
Example Request
[
{
"count": "50",
"stream_id": "feed/https://feedly.com/f/alert/69d33173-b4e8-4838-bf4a-3b84ba09fcad",
"newer_than": "1638559522"
}
]This action retrieves detection rules for a specified malware family.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware ID | Enter the malware ID to retrieve detection rules generated for that malware family. Example: nlp/f/entity/gz:mal:4f16fe2b-238e-4cbf-b29e-4ee38da6e89b | Text | Required | You can retrieve this using the action Get Trending New Malware. |
Example Request
[
{
"malware_id": "nlp/f/entity/gz:mal:4f16fe2b-238e-4cbf-b29e-4ee38da6e89b"
}
]This action retrieves relationships between a specified malware family and other threat intelligence entities.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware ID | Enter the ID of the malware family to retrieve its relationships. Example: nlp/f/entity/gz:mal:4f16fe2b-238e-4cbf-b29e-4ee38da6e89b | Text | Required | You can retrieve this using the action Get Trending New Malware. |
Interval Type | Enter the time period for which relationships should be retrieved. Example: LAST_7_DAYS | Text | Required | Allowed values: LAST_7_DAYS, LAST_30_DAYS, LAST_3_MONTHS, LAST_6_MONTHS, LAST_1_YEAR, FOREVER Default value: FOREVER |
Example Request
[
{
"malware_id": "nlp/f/entity/gz:mal:4f16fe2b-238e-4cbf-b29e-4ee38da6e89b",
"interval_type": "LAST_7_DAYS"
}
]This action retrieves the content of a stream.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Stream ID | Enter the ID of the stream to retrieve its content. Example: "feed/http://daringfireball.net/index.xml" | Text | Required | You can retrieve the Stream ID using the action Get Entry Content. |
Example Request
[
{
"stream_id": "feed/http://daringfireball.net/index.xml"
}
]This action retrieves the relationship information for a specific threat actor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Threat Actor ID | Enter the threat actor ID to retrieve the information. Example: nlp/f/entity/gz:ta:3b238f3a-c67a-4a9e-b474-dc3897e00129 | Text | Required | You can retrieve this using the action Get Trending Attackers. |
Interval Type | Enter the time period for which relationships should be retrieved. Example: LAST_7_DAYS | Text | Optional | Allowed values: LAST_7_DAYS, LAST_30_DAYS, LAST_3_MONTHS, LAST_6_MONTHS, LAST_1_YEAR, FOREVER Default value: FOREVER |
Example Request
[
{
"interval_type": "LAST_7_DAYS",
"threat_actor_id": "nlp/f/entity/gz:ta:3b238f3a-c67a-4a9e-b474-dc3897e00129"
}
]This action retrieves metadata for a threat intelligence entity, such as a CVE, malware, or threat actor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Entity ID | Enter the ID to retrieve metadata details. You can enter a CVE ID, malware ID, or threat actor ID. Example: CVE-2025-6098 | Text | Required | You can retrieve the malware ID using the Get Trending New Malware action and the threat actor ID using the Get Trending Attackers action. |
Example Request
Get CVE Metadata
[
{
"object_id": "CVE-2025-6098"
}
]Get Malware Metadata
[
{
"object_id": "nlp/f/entity/gz:mal:4f16fe2b-238e-4cbf-b29e-4ee38da6e89b"
}
]Get Threat Actor Metadata
[
{
"object_id": "nlp/f/entity/gz:ta:3b238f3a-c67a-4a9e-b474-dc3897e00129"
}
]This action retrieves trending attackers.
Action Input Parameters
No input parameters are required for this action.
This action retrieves trending new malware families based on recent threat intelligence activity.
Action Input Parameters
No input parameters are required for this action.
This action retrieves a list of trending vulnerabilities from the Feedly Threat Landscape Dashboard.
Action Input Parameters
No input parameters are required for this action.
This action searches all the Feedly feeds, stream content, entities, and topics.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter a search term to look for. Example:
| Text | Required | |
Limit | Enter the maximum number of results that you need to retrieve. Example: 30 | Integer | Optional | Default value: 20 |
Locale | Enter the locale of the alerts to return. Example: "en_us" | Text | Optional |
Example Request
[
{
"query": "fireball",
"limit": 30,
"locale": "en_us"
}
]This is a generic action used to make requests to any Feedly endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /incident/search | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key_value | Optional | |
Payload | Enter the payload to pass to the API | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key_value | Optional | Allowed keys: payload_json, headers, custom_output, download, filename, files, retry_wait, retry_count, response_type |