150,000 cybersecurity professionals use Feedly to gather intelligence concerning the evolving menace panorama.
Menace analysis and assortment are one step of the general menace intelligence, investigation, and response.
The Feedly Cybersecurity API permits safety groups to simply combine the insights they gather in Feedly into different programs and purposes. Some groups use the API to extract knowledge about threats and vulnerabilities and feed bigger machine studying threat-prioritization fashions. Some groups use the API to create Jira tickets primarily based on the content material of the Feedly boards to guarantee that essential vulnerabilities are critiques and patched in a well timed method.
Entry to the Feedly API (as much as 200,000 requests per thirty days) is an add-on included within the Enterprise Version of the Feedly for Cybersecurity package deal.
On this tutorial, we are going to present you methods to use the Feedly API to entry the content material of your safety feeds, your boards, and your Leo priorities.
Whenever you subscribe to Feedly for Cybersecurity Enterprise Version, we are going to offer you a particular Feedly entry token related together with your account. That token will mean you can entry the content material of your feeds, boards, and priorities and carry out as much as 200,000 requests per thirty days.
Articles as JSON
The JSON illustration of an article combines a number of the open-source content material included on the RSS or on the web site, CVE/CVSS/Exploit info aggregated from vulnerability and exploit databases, in addition to the outcomes of the Leo cybersecurity fashions.
The title, content material, and visible info provide you with entry to the core of the content material of the articles:
The commonTopics array represents Leo’s matter classification. The entities characterize CVEs, merchandise, or firms Leo has recognized within the article. The CVE entity contains CVSS and exploits info extracted from vulnerability databases.
The estimatedCVSS represents the results of Leo’s CVSS scoring mannequin. That is helpful for zero-days and articles which don’t point out a CVE explicitly. In these circumstances, Leo reads the content material of the article and computes an approximative CVSS rating primarily based on the terminology used within the article or the tweet.
Professional tip: When you’ve an article open within the Feedly net software, you should use the Shift+D keyboard shortcut to see and examine the JSON of the article.
Accessing the content material of your feeds
Let’s think about that you’ve got a “Safety Information” feed which incorporates a listing of identified and trusted safety sources you wish to comply with.
The Feedly API means that you can question Feedly and ask for the final 100 articles aggregated in that feed. The articles are normalized in a JSON format which incorporates the title, the content material, the supply info, in addition to all some cybersecurity metadata (Leo subjects classification, CVE metadata, CVSS metadata, exploit info.
You should utilize the Stream endpoint to get the final 100 articles revealed in a feed:
An important parameter is the streamId. Every feed in your Feedly account has a novel stream id. When you choose the feed within the left navigation bar, you see the streamId as a part of the URL. The stream id is formatted as `enterprise/xxxx/class/xxxx` for group feeds and `consumer/xxxx/class/xxxx` for private feeds.
The rely parameter defines the variety of articles the server will return. We suggest that you choose a quantity between 20 and 100. When you want entry to greater than 100 articles, you should use the continuation parameter returned by the response to chain the requests and ask for the subsequent 100 articles.
Lastly, the importantOnly parameter means that you can get the record of articles within the stream that has been prioritized by Leo.
- Make it possible for the requests you make are authenticated utilizing the token you’ve acquired from the Feedly group.
- Make it possible for the streamId is URL encoded when it’s handed as a parameter to the Stream endpoint.
Accessing the content material of your boards
Safety groups use boards to bookmark essential articles everybody within the group ought to concentrate on. Additionally they typically use boards to bookmark articles they wish to share with different purposes.
You should utilize the identical Stream endpoint to entry the final N articles manually bookmarked by your group to a board.
The one distinction would be the streamId. Workforce Board streamIds are formatted as `enterprise/xxxx/tag/xxxx`. Private Board streamIds are formatted as `consumer/xxxx/tag/xxxx`.
If customers have annotated the articles with some notes and highlights whereas saving the article to a board, these notes and highlights will probably be included within the article JSON construction.
Instance: Integrating Feedly together with your ticketing system
Right here is an instance of how one can streamline the mixing between the analysis and assortment work of your menace intelligence group and the evaluation and patching work of your operations group.
The analysis group creates a Feedly board known as Crucial Vulns the place why bookmark articles associated to essential vulnerabilities they need the operations group to bear in mind off and evaluate.
Every time the analysis group finds a essential perception, they save that article within the Crucial Vulns board, including a be aware about why they assume the vulnerability must be reviewed and patched.
As a substitute of asking the analysis group to manually create a ticket in your ticketing system (Jira, Service Now, and so forth.), you’ll be able to write a small app which each 5 minutes connect with the Crucial Vulns board, requests the final 20 articles bookmarked in that board, and for every new article, used the API of your ticketing system to create a brand new ticket. The app can enrich the ticket with the URL of the article saved within the board, the CVE info, and the notes and highlights from the researcher.
It is a highly effective solution to break the silos between your analysis group and your operations group and guarantee that essential vulnerabilities are patched quicker.
Professional tip: there’s a easy answer to discovering the brand new articles saved in a board. When your app processes a listing of articles, it ought to save the primary article within the record and the subsequent time it makes use of the Stream Feedly app to get the newest articles bookmarked to a board, your app can use the newerThan parameter of the /v3/stream/content material and move that article id as a substitute of a timestamp to get newer articles.
The Feedly net software and cell purposes are constructed on prime of the Feedly API. Which means that each piece of data obtainable within the software and each motion taken within the software is accessible within the API.
For extra details about the Feedly API, please go to the Feedly Developer Website.
Streamline your open-source intelligence
We’re excited to see many safety groups use the Feedly API to streamline their open-source menace intelligence course of. Enroll in the present day and uncover what Feedly for Cybersecurity can do for you!
In case you are focused on studying extra about Leo’s roadmap, you’ll be able to be part of the Feedly Community Slack. 2020 will probably be an exhilarating 12 months with new expertise and daring experiments!