Editing configured threat intelligence feeds

You can edit the threat intelligence feeds that are listed in the Configured Threat Intelligence Feeds section.

About this task

On each threat intelligence feed, you can view general information including supported TAXII version, certificate and key status, collection, observable type, and reference set.

Procedure

  1. From the navigation menu on the Threat Intelligence dashboard, click the Feeds Downloader icon (Icon for Feeds Downloader).
  2. From the Configured Threat Intelligence Feeds section, find the threat feed that you want to edit, and then click Icon for editing (the Edit icon)
    1. On theConnection tab in the Edit TAXII Feed window, enter your Password. Make your changes, such as uploading a client certificate or client key, and click Discover.
    2. On theParameters tab in the Edit TAXII Feed window, make the necessary changes.
  3. You can click the name of the Reference Set to view the Reference Set Editor window.
  4. To see the scanning results in Long Activity or Network Activity for the selected threat feed in QRadar®, click Icon for View Result (the View Result icon) .
    Note: You must install the Advanced Threat Protection Feed (ATPF) license to use this function.
  5. To delete the threat feed, click Icon for Delete (the View Result icon).
  6. To maximize performance, TAXII feeds can poll only one feed at a time, but you can override the polling interval if necessary. Click Poll Now to override the predefined polling interval. The polling start time, date, and status displays during polling. The end date displays after the polling is finished.