Have you ever noticed how things that sound really difficult can sometimes be surprisingly simple to do? I am an avid knitter, but I didn’t try knitting a cabled sweater for years because cables look hard. A few months ago, when attempting the feat, it was a pleasant surprise to find that knitting cables looks a lot harder than it actually is!
The same applies to using the InsightIDR REST API. In this blog, I am going to explain how to automate updating threat feeds in InsightIDR by using the REST API. As you will see, it is probably a lot easier than you expected it to be.
In addition to all of the built-in detections in InsightIDR, you can add in your own list of Indicators of Compromise (IoC). You can get more information about this feature here, including the many reasons why you might want to add in your own threat feeds.
It is easy to add in bad IPs, URLs, domains, and hashes into InsightIDR a few at a time, but who wants to update a threat list manually, right? As IoCs often change frequently, you need a way to automate uploading IoCs into your cloud SIEM.
You don’t need any programming experience to use the API
While in later blogs we’ll go over how to write your own scripts for the Rapid7 REST API, this blog focuses on gettin ..
Support the originator by clicking the read the rest link below.
