...
Input parameters that you’ve defined for use primarily by your application logic (such as the last_run parameter) should not be displayed in Feed Deployer.
Creating the Default Job Configuration
Create a default job profile for your feed using ThreatConnect PartnerStage. Once your app has been installed for testing (without Feed Deployer components), manually create a job with all of the parameters that you expect to be provided. Export this job as an example template. Name this file the same as the name you specified for jobFile for your feeds block within install.json. Place the new file . Follow these steps to create your job:
From the top menu of the system, select the Cogwheel icon and select Org Settings.
On the Org Settings screen that appears, select Apps from the available tabs:
On the Apps screen, select the Plus icon on the right-hand side:
You will be presented with the Add Job wizard. Complete the parameters in the wizard with the default values that should be used for production executions of your feed with this guidance:
Most jobs should run once per day (don’t worry about the time as this will be overridden when the job is deployed).
If your job requires running more frequently, you can configure it to run every X hours. The maximum frequency that your job should run is every 2 hours. This should be based on how frequently your data sources are updated.
Once the job has been completed, execute the job as a test by clicking the Play icon in the job listing next to the job. It is not necessary to activate the job in order to manually run it.
If your job successfully executes, remove any notification parameters you may have configured and then export the job file using the dots menu and the Export Job function:
Save the file that is produced as the name you specified earlier in your
install.jsonfile (<name>-intel-job.json). Include this file in your package alongside yourinstall.jsonfile.
Within the example you created, edit the file and update the value of the owner parameter with the same name of your feed as defined in the sourceName field for your feeds block within install.json. Add the parameter “preventUpdates” and a value of true.
You will need to remove all of the default values from this file for any string inputs unless you intend for these to go directly to customers as defaults. Things like API keys and last_run timestamps should be removed.
...
An example of this configuration is below for reference only:
| Note |
|---|
Do not copy the example below. You must export your configuration file to ensure that the field values in this file are correct. |
| Code Block | ||
|---|---|---|
| ||
{
"programName": "SecuLast Malware Threat Intelligence v1.0",
"programVersion": "1.0.2",
"jobName": "SecuLast Malware Threat IntelligenceDo-Not-Copy-This-Example-File",
"allowOnDemand": true,
"publishAuth": false,
"scheduleType": "Daily",
"scheduleCronFormat": "0 0 19-23/2,0-18/2 ? * *",
"scheduleStartDate": 1571756361381,
"enableNotifications": false,
"notifyOnFailure": false,
"notifyOnPartialFailure": false,
"notifyOnComplete": false,
"notifyEmail": "",
"notifyIncludeLogFiles": false,
"params": [
{
"name": "tc_owner",
"preventUpdates": true,
"default": "SecuLast Malware Threat Intelligence"
},
{
"name": "feed_type",
"preventUpdates": false,
"default": "C2Addresses|C2Hosts|Files"
},
{
"name": "api_key",
"encrypt": true,
"preventUpdates": false
},
{
"name": "tc_log_level",
"preventUpdates": false,
"default": "warning"
}
]
} |
...