Intel 471 Intelligence Engine Integration User Guide

21 Nov 2023
9 Minutes to read

Print
Dark

Light

Intel 471 Intelligence Engine Integration User Guide

Updated on 21 Nov 2023
9 Minutes to read

Print
Dark

Light

Article Summary

Share feedback

Thanks for sharing your feedback!

Software Version

This guide applies to the Intel 471 Intelligence Engine App version 1.0.x.

Overview

The ThreatConnect^® integration with Intel 471 Intelligence ingests Reports, Adversaries, Breaches, Malware, Vulnerabilities, and Indicators from Intel 471 into ThreatConnect. These Groups and Indicators are stored and associated in ThreatConnect with select relevant context.

Important

The first time you set up the Feed API Service for the Intel 471 Intelligence Engine App, the data will backfill to 30 days. During the process of backfilling data for the prior 30 days, you may reach your Intel 471 API daily limit. To increase the API limit for your account, contact Intel 471. Note that this daily limit resets at midnight GMT.

If you continue to reach the Intel 471 API daily limit after the App backfills data for the last 30 days, it is recommended to select a greater value for the App’s Update Time Interval In Hours setting.

Dependencies

ThreatConnect Dependencies

Active ThreatConnect Application Programming Interface (API) key

Note

All ThreatConnect dependencies will be provided by default to subscribing ThreatConnect Cloud customers. Customers on Dedicated Cloud and On-Premises instances can enable these settings on the Account Settings screen within their ThreatConnect instance.

Intel 471 Dependencies

Active Intel 471 API key
Active Intel 471 report subscriptions
- Adversary Intelligence
- Breach Intelligence
- Malware Intelligence
- Vulnerability Intelligence

Note

The Intel 471 Intelligence Engine may seem like it is running for a subscription that you may not have. In this scenario, contact Intel 471 for assistance with subscribing to a new report.

Application Setup and Configuration

Log into ThreatConnect with a System Administrator account.
Install the Intel 471 Intelligence Engine App via TC Exchange™.
Use the ThreatConnect Feed Deployer to set up and configure the Intel 471 Intelligence Engine App.

Configuration Parameters

Parameter Definitions

The parameters defined in Table 1 apply to the configuration parameters available when using the Feed Deployer to configure the App.

Name	Description	Required?
Sources to Create	The name of the Source to be created.	Yes
Owner	The Organization in which the Source will be created.	Yes
Launch Server	Select tc-job as the launch server for the Service corresponding to the Feed API Service App.	Yes
Intel Reports to Ingest	Select one or more Intel 471 report subscriptions from which data will be ingested. Available choices include the following: Adversary Breach Malware Vulnerability	Yes
Intel 471 API Username	The Intel 471 username.	Yes
Intel 471 API Key	The Intel 471 API key.	Yes
Update Time Interval in Hours	Select the interval, in hours, at which the App will ingest Intel 471 data. Available choices include the following: 4 8 12 24	Yes

Intel 471 Intelligence Engine App UI

After successfully configuring and activating the Feed API Service in ThreatConnect, you can access the Intel 471 Intelligence Engine App user interface (UI). This UI allows you to interact with and manage ThreatConnect's Intel 471 integration.

Follow these steps to access the Intel 471 Intelligence Engine App UI:

Log into ThreatConnect with a System Administrator account.
On the top navigation bar, hover over Playbooks and select Services. The Services tab of the Playbooks screen will be displayed.
Locate the Intel 471 Intelligence Engine Feed API Service and then click the link in the Service’s API Path field. The DASHBOARD screen of the Intel 471 Intelligence Engine UI will open in a new browser tab.

The following screens are available in the Intel 471 Intelligence Engine App UI:

DASHBOARD
JOBS
TASKS
DOWNLOAD
REPORT

DASHBOARD

The DASHBOARD screen (Figure 1) provides an overview of the total number of Adversaries, Adversary Reports, Breach Reports, Indicators, Malware, Malware Reports, Signatures, and Vulnerabilities retrieved from Intel 471.

Figure 1_Intel 471 Intelligence Engine Integration User Guide_Software Version 1.0

Note

The numbers displayed on the DASHBOARD screen represent the count of threat intelligence objects that were processed by the App, including objects that were updated or processed again, and may not match the count of objects in ThreatConnect.

JOBS

The JOBS screen (Figure 2) breaks down the ingestion of Intel 471 data into manageable Job-like tasks.

Job Type: If desired, select a Job type by which to filter Jobs. Available types include ad-hoc and scheduled.
Status:If desired, select a Job status by which to filter Jobs. Available statuses include the following:
1. Download In Progress
2. Download Complete
3. Convert In Progress
4. Convert Complete
5. Upload In Progress
6. Upload Complete
Request ID: If desired, enter text into this box to search for a specific Job by its request ID.
+ Add Request: Click this button to display the ADD REQUEST window (Figure 3). On this window, you can specify the date range and object types for an ad-hoc Job request. After a Job request is added, it will be displayed in the table on the JOBS screen (Figure 2), and its Job type will be listed as ad-hoc.

TASKS

The TASKS screen (Figure 4) is where you can view and manage the Tasks for each Job.

DOWNLOADS

The DOWNLOADS screen (Figure 5) is where you can view data for Adversaries, Breaches, Malware Families, and Vulnerabilities exactly as they appear in Intel 471.

Type: Select the type of object to download. Available options include Adversary, Breach, Malware Families, and Vulnerability.
ID(s): Enter the Intel 471 ID(s) for the object(s) to download. Data will be retrieved in JavaScript^® Object Notation (JSON) format.
Convert: Select this checkbox to convert the threat intelligence data to ThreatConnect batch format.
Enrich: Select this checkbox to submit the threat intelligence data to the ThreatConnect Batch API.

REPORTS

The REPORTS screen provides two views: BATCH ERRORS and REPORT UPLOAD TRACKER. The BATCH ERRORS screen (Figure 6) displays batch errors for each request in a tabular format. Details provided for each error include the error’s code, message, and reason.

The REPORT UPLOAD TRACKER screen (Figure 7) is where you can view attempts ThreatConnect made to download reports from Intel 471. The table on this screen displays the most recent date on which ThreatConnect attempted to download a report, the number of times an attempt to download the report was made, and whether the report was downloaded successfully. You can also search for reports by ID on this screen, which can be useful if you do not see an Intel 471 report in ThreatConnect as expected.

Data Mappings

The data mappings in Table 2 through Table 11 illustrate how data are mapped from Intel 471 Intelligence API endpoints into the ThreatConnect data model.

Actor

ThreatConnect object type: Adversary Group

Intel 471 API Field	ThreatConnect Field
uid	Attribute: "External ID"
handles	Attribute: "Aliases" (one Attribute per handle)
links/forumTotalCount	Attribute: "Total Count of Forums"
links/forumPrivateMessageTotalCount	Attribute: "Total Count of Private Messages"
links/forumPostTotalCount	Attribute: "Total Count of Posts"
links/reportTotalCount	Attribute: "Total Count of Reports"
links/instantMessageServerTotalCount	Attribute: "Total Count of IM Servers"
links/instantMessageChannelTotalCount	Attribute: "Total Count of IM Topics"
links/instantMessageTotalCount	Attribute: "Total Count of IMs"
links/instantMessageServers/{index}/uid	Attribute: "IM Server" (one concatenated Attribute per grouping) uid: %uid% serviceType: %serviceType% name: %name%
links/instantMessageServers/{index}/serviceType
links/instantMessageServers/{index}/name
links/forums/{index}/forum	Attribute: "Forum" (one concatenated Attribute per grouping) Forum ID: %uid% Forum Name: %name% Actor Handle: %actorHandle% Contact Type: %type% Contact Value: %value% TimeZone: %timeZone%
links/forums/{index}/uid
links/forums/{index}/name
links/forums/{index}/actorHandle
links/forums/{index}/timeZone
links/forums/{index}/contactInfo
links/forums/{index}/contactInfo/{index}/item/value
links/forums/{index}/contactInfo/{index}/item	N/A
links/forums/{index}/contactInfo/{index}/item/type	N/A
links/reports	Adversary-to-Report Association
links/reports/{index}/report	Adversary-to-Report Association
links/reports/{index}/actorHandle	Attribute: "Aliases" (one Attribute per handle)
activeFrom	Attribute: "First Seen"
activeUntil	Attribute: "Last Seen"
lastUpdated	Attribute: "External Date Last Modified"

Adversary Intelligence Report

ThreatConnect object type: Report Group

Intel 471 API Field	ThreatConnect Field
uid	Attribute: "External ID"
documentFamily	N/A
documentType	Attribute: "Report Type"
admiraltyCode	Attribute: "Admiralty Code"
motivation	Attribute: "Adversary Motivation Type"
subject	Name/Summary
researcherComments	Attribute: "Additional Analysis and Context"
rawText	Uploaded File
rawTextTranslated	N/A
executiveSummary	Attribute: "Description"
created	Attribute: "External Date Created"
dateOfInformation	Attribute: "Date of Information"
sourceCharacterization	Attribute: "Source Characterization"
relatedReports/{index}/uid	Report-to-Report Association
relatedReports/{index}/documentFamily	Report-to-Report Association
entities/{index}/type	See Table 11
locations/{index}/link	Attribute: "Region & Country" Region: %: % (region) Country: % (country) Link: % (link)
locations/{index}/region
locations/{index}/country
tags/{index}	Tag
portalReportUrl	Attribute: "Report URL"
lastUpdated	Last Modified
sources/{index}/url	Attribute: "Sources" (one concatenated Attribute per grouping) URL: %: % (url) Title: % (title) Type: % (type)
sources/{index}/title
sources/{index}/type
sources/{index}/index	N/A
actorSubjectOfReport/{index}/handle	N/A
actorSubjectOfReport/{index}/aliases	Attribute: "Aliases"
classification/intelRequirements	Tag: "GIR: %"
reportAttachments/{index}/fileName	Attribute: "Report Attachment" File Name: filename URL: url File Size: fileSize Mime Type: mimeType Description: description Malicious: malicious
reportAttachments/{index}/url
reportAttachments/{index}/fileSize
reportAttachments/{index}/mimeType
reportAttachments/{index}/description
reportAttachments/{index}/malicious

Malware Intelligence Report

ThreatConnect object type: Report Group

Intel 471 API Field	ThreatConnect Field
malwareReportTotalCount	N/A
malwareReportsPartialResult	N/A
malwareReports	N/A
malwareReports/{index}/uid	Attribute: "External ID"
malwareReports/{index}/activity/first	Attribute: "First Seen"
malwareReports/{index}/activity/last	Attribute: "Last Seen"
malwareReports/{index}/meta/version	N/A
malwareReports/{index}/data/threat/uid	N/A
malwareReports/{index}/data/threat/type	N/A
malwareReports/{index}/data/threat/data/family	N/A
malwareReports/{index}/data/threat/data/ malware_family_profile_uid	N/A
malwareReports/{index}/data/threat/data/version	N/A
malwareReports/{index}/malware_report_data/title	Name/Summary
malwareReports/{index}/malware_report_data/text	N/A
malwareReports/{index}/malware_report_data/ attachments	Attribute: "Report Attachment" File Name: fileName URL: url File Size: fileSize Mime Type: mimeType Description: description Malicious: malicious
malwareReports/{index}/malware_report_data/ related_reports	N/A
malwareReports/{index}/malware_report_data/ released_at	Publish Date
malwareReports/{index}/last_updated	Attribute: "External Date Last Modified"

Related Indicators

ThreatConnect object type: Indicator (all types)

Intel 471 API Field	ThreatConnect Field
indicatorTotalCount	N/A
indicators	N/A
indicators/{index}/data/uid	N/A
indicators/{index}/data/source_id	N/A
indicators/{index}/data/threat/type	N/A
indicators/{index}/data/threat/uid	Indicator-to-Malware Association
indicators/{index}/data/threat/data/ malware_family_profile_uid	Indicator-to-Malware Association
indicators/{index}/data/threat/data/family	Indicator-to-Malware Association
indicators/{index}/data/threat/data/version	N/A
indicators/{index}/data/expiration	Attribute: "External Date Expires"
indicators/{index}/data/confidence	Attribute: "Confidence"
indicators/{index}/data/context/description	Attribute: "Description"
indicators/{index}/data/mitre_tactics	Tag: "MITRE Tactic: %"
indicators/{index}/data/indicator_type	Indicator Type
indicators/{index}/data/indicator_data/address	Address Indicator
indicators/{index}/data/indicator_data/url	URL Indicator
indicators/{index}/data/indicator_data/domain	Host Indicator
indicators/{index}/data/indicator_data/mutex	Mutex Indicator
indicators/{index}/data/indicator_data/ windows_registry_key	Registry Key Indicator
indicators/{index}/data/indicator_data/file	File Indicator
indicators/{index}/data/indicator_data/file/sha1	File Indicator
indicators/{index}/data/indicator_data/file/sha256	File Indicator
indicators/{index}/data/indicator_data/file/md5	File Indicator
indicators/{index}/data/indicator_data/file/type	Attribute: "File Type"
indicators/{index}/data/indicator_data/file/size	File Indicator: File Size
indicators/{index}/data/indicator_data/file/ download_url	Attribute: "Sample Download Link"
indicators/{index}/data/intel_requirements	Tag: "GIR: %"
indicators/{index}/meta/version	N/A
indicators/{index}/last_updated	Last Modified
indicators/{index}/uid	Attribute: "External ID"
indicators/{index}/activity/first	Attribute: "First Seen"
indicators/{index}/activity/last	Attribute: "Last Seen"

GIR Tags

ThreatConnect object type: Tags

Intel 471 API Field	ThreatConnect Field
girs/{index}/data/gir/path	Tag: "GIR: % %" (path, name)
girs/{index}/data/gir/name	Tag: "GIR: % %" (path, name)

Malware

ThreatConnect object type: Malware Group

Intel 471 API Field	ThreatConnect Field
malwareReportTotalCount	N/A
malwareReports/data/threat/uid	Attribute: "External ID"
malwareReports/data/threat/type	Attribute: "Malware Threat Type"
malwareReports/data/threat/data/family	Name/Summary
malwareReports/data/threat/data/ malware_family_profile_uid	Attribute: "External ID"
malwareReports/data/malware_report_data/text	Attribute: "Malware Report Text"
malwareReports/data/malware_report_data/ released_at	Attribute: "Report Published Date"
malwareReports/meta/version	N/A
malwareReports/last_updated	Last Modified
malwareReports/uid	N/A
malwareReports/classification/intelRequirements[]	Tag: "GIR: %"
activity/first	Attribute: "First Seen"
activity/last	Attribute: "Last Seen"

Malware Family YARA Signatures

ThreatConnect object type: Signature Group

Intel 471 API Field	ThreatConnect Field
yaraTotalCount	N/A
yaras/{index}/uid	Attribute: "External ID"
yaras/{index}/data/threat/type	Signature-to-Malware Association
yaras/{index}/data/threat/uid
yaras/{index}/data/threat/data/ malware_family_profile_uid
yaras/{index}/data/threat/data/family
yaras/{index}/data/yara_data/title	Name/Summary
yaras/{index}/data/yara_data/signature	Signature File Contents
yaras/{index}/data/confidence	Attribute: "Confidence"
yaras/{index}/data/intel_requirements	Tag: "GIR: %"
yaras/{index}/meta/version	N/A
yaras/{index}/last_updated	Last Modified
yaras/{index}/activity/first	Attribute: "First Seen"
yaras/{index}/activity/last	Attribute: "Last Seen"

Vulnerability Report Search

ThreatConnect object type: Vulnerability Group

Intel 471 API Field	ThreatConnect Field
cveReportsTotalCount	N/A
partialResult	N/A
cveReports/{index}/uid	Attribute: "External ID"
cveReports/{index}/data/cve_report/name	Name/Summary
cveReports/{index}/data/cve_report/cve_type	Attribute: "CVE Type"
cveReports/{index}/data/cve_report/risk_level	Attribute: "CVE Threat Level"
cveReports/{index}/data/cve_report/vendor_name	Attribute: "Vulnerable Vendor"
cveReports/{index}/data/cve_report/product_name	Attribute: "Vulnerable Product"
cveReports/{index}/data/cve_report/cve_status	Attribute: "CVE Status"
cveReports/{index}/data/cve_report/interest_level/ disclosed_publicly	Attribute: "Interest Level" (one Attribute per grouping)
cveReports/{index}/data/cve_report/interest_level/ researched_publicly
cveReports/{index}/data/cve_report/interest_level/ exploit_sought
cveReports/{index}/data/cve_report/activity_location/ location_opensource	Attribute: "Activity Location" (one Attribute per grouping)
cveReports/{index}/data/cve_report/activity_location/ location_underground
cveReports/{index}/data/cve_report/activity_location/ location_private
cveReports/{index}/data/cve_report/exploit_status/ available	Attribute: "Exploits" (one Attribute per grouping)
cveReports/{index}/data/cve_report/exploit_status/ weaponized
cveReports/{index}/data/cve_report/exploit_status/ productized
cveReports/{index}/data/cve_report/exploit_status/ not_observed
cveReports/{index}/data/cve_report/cvss_score/v2	Attribute: "CVSS v2 Score"
cveReports/{index}/data/cve_report/cvss_score/v3	Attribute: "CVSS v3 Score"
cveReports/{index}/data/cve_report/patch_status	Attribute: "Patch Status"
cveReports/{index}/data/cve_report/detection	Attribute: "Detection"
cveReports/{index}/data/cve_report/ underground_activity	Attribute: "Underground Activity"
cveReports/{index}/data/cve_report/ underground_activity_summary	Attribute: "Summary"
cveReports/{index}/data/cve_report/summary	Attribute: "Description"
cveReports/{index}/data/cve_report/titan_links/ {index}/title	Attribute: "External References" Note Due to this Attribute Type's length limit, each link will be in its own Attribute.
cveReports/{index}/data/cve_report/titan_links/ {index}/url
cveReports/{index}/data/cve_report/poc	Attribute: "External References" Note Due to this Attribute Type's length limit, each link will be in its own Attribute.
cveReports/{index}/data/cve_report/poc_links/ {index}/title
cveReports/{index}/data/cve_report/poc_links/ {index}/url
cveReports/{index}/data/cve_report/ counter_measures	Attribute: "Course of Action Recommendation" (one concatenated Attribute per grouping) Counter Measures: counter_measures Counter Measure Title: title Counter Measure URL:URL
cveReports/{index}/data/cve_report/ counter_measure_links/{index}/title
cveReports/{index}/data/cve_report/ counter_measure_links/{index}/url
cveReports/{index}/data/cve_report/ patch_links/{index}/title	Attribute: "Course of Action Taken" (one concatenated Attribute per grouping) Patch Links Title: title Patch Links URL: URL
cveReports/{index}/data/cve_report/ patch_links/{index}/url
cveReports/{index}/data/cve_report/cpe/ cve_data_version	Attribute: "Vulnerable CPE" (one concatenated Attribute per grouping) CVE Data Version: cve_data_version Operator: operator CPE Match Vulnerable: vulnerable CPE Match 23 uri: cpe23Uri
cveReports/{index}/data/cve_report/cpe/ nodes/{index}/operator
cveReports/{index}/data/cve_report/cpe/ nodes/{index}/cpe_match/{index}/vulnerable
cveReports/{index}/data/cve_report/cpe/ nodes/{index}/cpe_match/{index}/cpe23Uri
cveReports/{index}/classification/ intel_requirements	Tags: "GIR: %"
cveReports/{index}/last_updated	Last Modified
cveReports/{index}/activity/first	Attribute: "First Seen"
cveReports/{index}/activity/last	Attribute: "Last Seen"

Breach Alerts

ThreatConnect object type: Report Group

Intel 471 API Field	ThreatConnect Field
breach_alerts/activity/first	Attribute: "First Seen"
breach_alerts/activity/last	Attribute: "Last Seen"
breach_alerts/lastupdated	Attribute: "External Date Last Modified"
breach_alerts/uid	Attribute: "External ID"
breach_alerts/data/uid	N/A
data/breach_alerts/date_of_information	Attribute: "Date of Discovery"
data/breach_alerts/confidence/level	Attribute: "Confidence"
data/breach_alerts/summary	Attribute: "Description"
data/breach_alerts/intel_requirements	Tags: "GIR: %"
data/breach_alerts/released_at	Publish Date
data/breach_alerts/title	Attribute: "Report Title"
data/breach_alerts/victim	Attribute: "Breach Alert Victim" (one concatenated Attribute per grouping) Name: name Industry: industry Sector: sector URL: urls Country: country Revenue: revenue Region: region
data/breach_alert/victim/name
data/breach_alert/victim/industries/industry
data/breach_alert/victim/industries/sector
data/breach_alert/victim/urls
data/breach_alert/victim/country
data/breach_alert/victim/revenue
data/breach_alert/victim/region
data/breach_alerts/sources/url	Attribute: "Source" (one concatenated Attribute per grouping) Date: date Source Type: source type Title: title Urls: urls Type: type
data/breach_alerts/sources/source_type
data/breach_alerts/sources/date
data/breach_alerts/sources/title
data/breach_alerts/sources/type
data/breach_alerts/actor_or_group	Attribute: "Actor or Group"
data/entities/type	Attribute: "Additional Analysis and Context" Entity Type: type Entity value: value
data/entities/value
data/breach_alerts/	N/A

Entity

Intel 471 API Field	ThreatConnect Field
ActorDomain	Host Indicator
ActorOtherWebsite	URL Indicator
AIM	Attribute: "Social Media: AIM"
AutonomousSystem	ASN Indicator
BitcoinAddress	Attribute: "Bitcoin Address"
BitcoinTransactionID	Attribute: "Bitcoin Transaction ID"
CveID	Vulnerability Group
Discord	Attribute: "Social Media: Discord"
Ecurrency	Attribute: "Ecurrency"
EmailAddress	Email Address Indicator
Facebook	Attribute: "Social Media: Facebook"
FileName	Attribute: "File Name"
FileSize	Attribute: "File Size"
FileType	Attribute: "File Type"
GitHub	Attribute: "Github"
Handle	Adversary Group
ICQ	Attribute: "Social Media: ICQ"
Instagram	Attribute: "Social Media: Instagram"
IPAddress	Address Indicator
IPv4Prefix	Attribute:" IPv4 Prefix"
IPv6Prefix	Attribute: "IPv6 Prefix"
Jabber	Attribute: "Social Media: Jabber"
LinkedIn	Attribute: "Social Media: LinkedIn"
MaliciousDomain	Host Indicator
MaliciousURL	URL Indicator
MD5	File Indicator
MoiMir	Attribute: "Social Media: Moimir"
MSN	Attribute: "MSN"
Odnoklassniki	Attribute: "Social Media: Odnoklassniki"
OtherCryptoCurrencies	Attribute: "Other CryptoCurrencies"
Password	Attribute: "Password"
PasswordHash	Attribute: "Password Hash"
PerfectMoneyID	Attribute: "Perfect Money ID"
PGPKey	Attribute: "PGP Key"
PGPKeyID	Attribute: "PGP Key ID"
Phone	Attribute: Phone
QiwiWallet	Attribute: "QIWI Wallet"
QQ	Attribute: "Social Media: QQ"
SHA1	File Indicator
SHA256	File Indicator
Skype	Attribute: "Social Media: Skype"
SSLCertificate	Attribute: "SSL Certificate"
SSLCertificateFingerprint	Attribute: "SSL Certificate Fingerprint"
SSLCertificateID	Attribute: "SSL Certificate ID"
Tag	Tag
Telegram	Attribute: "Social Media: Telegram"
Tox	Attribute: "Social Media: Tox"
Twitter	Attribute: "Social Media: Twitter"
URL	URL Indicator
VK	Attribute: "Social Media: VK"
WebMoneyID	Attribute: "WebMoney ID"
WebMoneyPurse	Attribute: "WebMoney Purse"
WeChat	Attribute: "Social Media: WeChat"
Wickr	Attribute: "Social Media: Wickr"
YahooIM	Attribute: "Social Media: YahooIM"
YandexMoney	Attribute: "Yandex.Money"

Frequently Asked Questions (FAQ)

Are there any limitations I should be aware of?

The first time you set up the Feed API Service, the data will backfill to 30 days. During the process of backfilling data for the prior 30 days, you may reach your Intel 471 API daily limit. To increase the API limit for your account, contact Intel 471. Note that this daily limit resets at midnight GMT.

If you continue to reach the Intel 471 API daily limit after the App backfills data for the last 30 days, it is recommended to select a greater value for the App's Update Time Interval In Hours setting.

How can I tell which Intel 471 report an Indicator is from?

Any data ingested from Intel 471 will have one of these four Tags applied to them:

"Source: Intel 471 Adversary Intelligence Feed"
"Source: Intel 471 Breach Intelligence Feed"
"Source: Intel 471 Malware Intelligence Feed"
"Source: Intel 471 Vulnerability Intelligence Feed"

Why do I want to use the + Add Request button on the Jobs screen?

The + Add Request button on the Jobs screen allows you to make ad-hoc requests from a certain date range. To retrieve reports for specific object types, use the Downloads screen.

How does the Intel 471 Intelligence Engine Feed API Service App differ from the previous Intel 471 Job App?

See Feed API Services for more information on how Feed API Service Apps function.

No new data are being ingested from Intel 471 into my ThreatConnect instance. What happened?

As you approach your Intel 471 API daily limit, Intel 471 will handle only one request per minute and then eventually return a 429 error until the daily limit resets at midnight GMT. Similarly, if there are multiple requests occurring at the same time, Intel 471 will handle one request per minute until the daily limit resets at midnight GMT. To increase the API limit for your account, contact Intel 471.

ThreatConnect^® is a registered trademark, and TC Exchange™ is a trademark, of ThreatConnect, Inc.
JavaScript^® is a registered trademark of Oracle Corporation.

30078-02 EN Rev. A

Was this article helpful?

What's Next

Intel 471 Adversary Intelligence Integration Configuration Guide

Table of contents

Overview
Dependencies
Application Setup and Configuration
Configuration Parameters
Intel 471 Intelligence Engine App UI
Data Mappings
Frequently Asked Questions (FAQ)

Company

Sales and Support