Data Feeds

Data feeds are available as STIX feeds via TAXII. You can see the list of data feeds in the Data Feeds section.

Click the three dots icon next to the data feed of your choice to display the following options:

•Show Data Feed detail—Opens the side panel, where you can see the collection details and statistics, as well as Download example and Activate this feed options

•Activate feed—Activates the selected feed

Refer to the next chapter to learn how to activate a data feed.

The feeds can be accessed or incorporated into your internal system by a standard TAXII interface. Refer to the sample Python script for accessing data feeds. When downloaded and extracted, open the script in a simple text editor to see further instructions for use.

Additionally, you can access data feeds via the Postman template. To start using it, download the file, import it to Postman and set the variable values as described in the template.

Data retention and filtering

The data feeds retention is two weeks; data older than 14 days is not available for retrieval.

To review the data feeds from a specific period, use the added_after filter parameter with a timestamp value in the "YYYY-MM-DDTHH:MM:SS.ssssssZ" format. This way, the system returns the objects added after the specified timestamp. To learn more information, refer to the TAXII 2.1 specification.

If you do not provide the added_after filter parameter, the system automatically sets the default timestamp: two days before the current date and time. In this case, you receive the data feeds from the past two days.

Feed formats

All data feeds are available in STIX 2.1 format via TAXII 2.1 collections.

To preview a sample feed in the portal, you can download an example. The downloaded JSON file contains a static sample feed that does not have live data; it is not updated.

The discovery link for data feeds is https://taxii.eset.com/taxii2.

You can choose from several types of feeds: