SIEM Rules Docs
RegisterLog In
Search
K
Links

EclecticIQ Intelligence Center

Ingest detection rules from SIEM Rules into the EclecticIQ Intelligence Center.

Prerequisites

Setup

EclecticIQ incoming feed setup
  1. 1.
    Navigate to the incoming feed setup page
  2. 2.
    Select add new feed
  3. 3.
    You can set most fields as you wish, the key ones are
    1. 1.
      Transport type: TAXII 2.1 poll
    2. 2.
      Content type: STIX 2.1
    3. 3.
      API Root URL: https://app.siemrules.com/taxii/taxii2/A-GROUP-UUID (A-GROUP-UUID can be obtained on the theme list view in the SIEM Rules web app)
    4. 4.
      Collection ID: THEME-UUID (THEME-UUID can be obtained on the theme list view in the SIEM Rules web app)
    5. 5.
      Username: SIEM Rules username
    6. 6.
      Password: SIEM Rules API key
    7. 7.
      Added after: should be no more than 7 days because our TAXII feed does not return any more data than this
    8. 8.
      Objects per run (max): 50
    9. 9.
      Download time frame: advancing
Now click save, and you should see intelligence being ingested.

Usage

Once incoming feed is enabled, the ingested detection rules can be used in the EclecticIQ Intelligence Center.
Developers - Previous
Intro to our API's
Last modified 1yr ago