Threat intel integration

Team,

I have installed Filebeat 7.14.X agent and have enabled the threatintel module but unable to get feeds from all the threat intel. Could you please help us out on this?

You need to go to the filebeat modules folder and set the API keys for each info feed integration, for example: otx.alienvault. If you don't know how, I can explain this in more detail and post some pictures of where to get the API key for each feed site.

Don't forget the "filebeat setup" at the end of the process and restart the service.

Hey @wallacepalace,

Thank you for your reply. It would be great if you could share something related to MISP.

1 Like

#MeToo - I'm struggling to get the MISP feeds working with my local MISP server.