[KB8315] ESET Threat Intelligence with OpenCTI

You need to utilize the OpenCTI TAXII2 ingester to ingest ESET Threat Intelligence feed data

For a list of available TAXII feeds, including TAXII server URL and TAXII Collection ID, refer to: TAXII Feeds.

To find your TAXII credentials, Username, or Password, follow: How to activate a TAXII feed.

In the OpenCTI dashboard main menu, choose: Data > Ingestion to open the Connectors section.
From the right panel choose TAXII Feeds.
Click the (+) icon on the right bottom of the screen.

Figure 1-1
Create a TAXII ingester window will open.
Fill in the TAXII feed details:
- Name: name of the feed f.e. ETI Botnet feed
- TAXII server URL: URL of ESET Threat Intelligence TAXII 2.x API root f.e. https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a
- TAXII version: TAXII 2.1
- TAXII Collextion: TAXII Collection ID f.e. 0abb06690b0b47e49cd7794396b76b20
- Authentication type: Basic user/password
- Fill in Username and Password, to get your credentials follow How to activate a TAXII feed
- Import from date: choose at least yesterday
Click the CREATE button to create a new feed.

Figure 1-2

For a list of all available OpenCTI integrations, see OpenCTI Documentation.

For information on how to set up OpenCTI ingesters, see OpenCTI Connectors.

Last Updated: Mar 26, 2025