ESET Online Help

Search
Select the category
Select the topic

TAXII feeds


note

Function availability based on the service level of subscription

Access to this functionality is dependent on the service level of your subscription. Not all functionality described in this topic is available to all users.

Data feeds are available as STIX feeds and JSON feeds via TAXII. The feeds can be accessed in the TAXII FEED section or you can incorporate it into your internal system by standard TAXII interface. See our sample python script for accessing TAXII feeds . Once downloaded and extracted, open the script in a simple text editor to see further instructions for use.

JSON and STIX feed formats

In the TAXII feed section each feed is available in 2 formats. For example:

ei.botnet (json) — JSON feed format

ei.botnet (stix2) — STIX version 2.0 feed

To preview feeds in the portal, select a report collection and then select one of the available options, or click the corresponding number under Last 1h, Last 5h or Last day column.

eti_taxii_01

Alternatively, click a report link under More blocks, then click a data range of non-zero Volume under Blocks.

eti_taxii_02

If you click Download, the feed opens in a new tab. Right-click the new feed and select Save.

You can choose from several types of feeds:

Botnet feed

Domain feed

Malicious files feed

URL feed

IP feed

APT feed