Versions Compared

Old Version 10

changes.mady.by.user John Hall

Saved on

compared with

New Version 11

changes.mady.by.user John Hall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Create a default job profile for your feed using ThreatConnect PartnerStage. Once your app has been installed for testing, manually create a job with all of the parameters that you expect to be provided. Export this job as an example template. Name this file the same as the name you specified for jobFile for your feeds block within install.json. Place the new file alongside your install.json file.

Within the example you created, update the value of the owner parameter with the same name of your feed as defined in the sourceName field for your feeds block within install.json. Add the parameter “preventUpdates” and a value of true.

...

The default value of tc_owner in this file should match the value of the sourceName parameter inside the “feeds” section of the install.json file. In other words, the default value of tc_owner should match install.json: feeds[0] -> sourceName. This must be hard-coded in this job file.

Custom Attributes

Any custom attributes that you create must be prefixed with the name of your organization as shown in the example below.

Please see the data mapping guide for more information about attributes. For any custom attributes required, you must define these within a new file (called attributes.json). If you create this file, you must also reference it within the feeds block in install.json (see notes above). An example of two custom attributes to be used in a threat intelligence feed is provided below:

Code Block
languagejson
{
  "types": [
  {
    "allowMarkdown": false,
    "description": "The name of the Threat detected by SecuLast Malware Threat Intelligence in this indicator.",
    "errorMessage": "Max length of SecuLast Threat Name attribute is 100 characters.",
    "indicators": [
      "Address",
      "Host",
      "File"
    ],
    "maxLength": 100,
    "name": "SecuLast Threat Name",
    "system": false,
    "version": 1
  },
  {
    "allowMarkdown": false,
    "description": "The category of the Threat detected by SecuLast Malware Threat Intelligence in this indicator.",
    "errorMessage": "Max length of SecuLast Category attribute is 100 characters.",
    "indicators": [
      "Address",
      "Host",
      "File"
    ],
    "maxLength": 100,
    "name": "SecuLast Category",
    "system": false,
    "version": 1
  }]
}

The custom attributes fields in this file match those available in the Attributes Type under Organization Config within the ThreatConnect PlatformFollow the steps in the References - Creating Custom Attributes document in order to create a new custom attributes JSON file to include with your integration. This file must be named attributes.json when included in your integration and should live in the same folder as the install.json file.