ESET Online Help

Search
Select the category
Select the topic

ESET Threat Intelligence and Stellar Cyber

ESET Threat Intelligence

ESET Threat Intelligence (ETI) provides evidence-based information and actionable advice about an existing or emerging threat. ETI services warn users about malicious software or activity that might threaten their organization or its customers. This information is analyzed and presented in a structured manner to help inform decisions about your security policy.

Stellar Cyber's Threat Intelligence Platform

Stellar Cyber's Threat Intelligence Platform helps users find and respond to cyber threats by collecting and analyzing data from different sources in one place.

Adding custom feeds to Stellar Cyber's Threat Intelligence Platform enables users to bring in threat data of their choice, which can help detect targeted attacks, provide more context about threats, help analysts understand risks faster and make informed decisions.

Custom feeds can be ingested to the Stellar Cyber's Threat Intelligence Platform using the Trusted Automated eXchange of Intelligence Information (TAXII) format, the framework for transmitting threat intelligence data.

How to add ESET Threat Intelligence TAXII feeds to Stellar Cyber's Threat Intelligence Platform

If you are a user of the ESET Threat Intelligence Portal and would like to ingest the ESET Threat Intelligence TAXII feeds to Stellar Cyber's Threat Intelligence Platform, follow the steps below:

1.Ensure you have TAXII credentials generated and desired TAXII feeds activated. The detailed guide on how to activate TAXII feeds and generate TAXII credentials is available on the ESET Threat Intelligence Portal Online Help page.

2.Configure feeds and add ESET Threat Intelligence TAXII feeds as custom feeds to Stellar Cyber's Threat Intelligence Platform using the Configuring Feeds in the Threat Intelligence Platform article. Provide the following details on the Stellar Cyber side:

Category—the category of your feed. Select TAXII.

Name—the name of your feed.

Collection URL—the URL of the TAXII feed collection you would like to ingest. The list of collections and collection URLs are available on the ESET Threat Intelligence Portal TAXII Feeds Online Help page.

Username and Password—your TAXII credentials, the username and password to access TAXII feeds.

Polling Frequency—indicates how often the platform checks and retrieves new data from integrated threat intelligence feeds; for example, one hour.

Backfill days—indicates how many days of historical data the platform retrieves when a new threat intelligence feed is integrated; for example, two days.

Retention Period—indicates how long the collected data is stored within the platform; for example, two or more days.