Automate update lists (threat intelligence)

I have some lists which i use in some correlations.
Ussually i update this lists manually. Is there some way to do this automatically?

Heya @VellayLoket,

For value lists that can be used in rule exceptions there's a dedicated API in Kibana: Lists API | Elastic Security Solution [7.15] | Elastic

Threat indicators that are normally used in conjunction with Indicator Match rules can be uploaded to your indicator indices via a regular Elasticsearch API. Threat Intel module | Filebeat Reference [7.15] | Elastic is able to upload some of the indicators automatically.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.