Flat File - Anomali
Device Details
Vendor | Anomali |
|---|---|
Device Type | Threat Feed |
Supported Model Name/Number | N/A |
Supported Software Version(s) | 7.x |
Collection Method | STIX/TAXII, added in early 2018 |
Configurable Log Output? | LogRhythm Threat Intelligence Service |
Log Source Type | Flat-file |
Log Processing Policy | None |
Exceptions | N/A |
Additional Information | URL Normalization with the TIS Feed can massage how the URL List would come out and match the format of the URL field of the log source. URL Normalization Regex is discussed on the LogRhythm Community. |
Prerequisites
- Active subscription to the Anomali threat feed
- LogRhythm’s free Threat Intelligence Service installed
Device Configuration Checklist
Setup the TAXII feed with Anomali. You must first have a valid subscription.
For more information, see https://www.anomali.com/blog/generating-your-own-threat-intelligence-feeds-in-threatstream.
Configure the TIS service according to the instructions in the Threat Intelligence Service User Guide, available under Documentation & Downloads on the LogRhythm Community.
Enable and download the TIS: Anomali KB.
Enable and download the TIS: Anomali KB.
Verify the relevant lists are populating. Create new lists as needed for auto-import. For assistance, contact Professional Services.
