[KB8315] ESET Threat Intelligence with OpenCTI

Issue

  • You need to utilize the OpenCTI TAXII2 ingester to ingest ESET Threat Intelligence feed data

Solution

Before you proceed

See the list of available TAXII feeds, including the TAXII server URL and TAXII Collection ID.

To find your TAXII credentials, username, or password, see how to activate a TAXII feed.

  1. In the OpenCTI dashboard main menu, click: Data > Ingestion to open the Connectors section.

  2. From the right panel select TAXII Feeds.

  3. Click the (+) icon on the bottom right corner of the screen.

    Figure 1-1
  4.  In the Create a TAXII ingester window, fill in the TAXII feed details.

    • Name Name of the feed (for example, ETI Botnet feed)

    • Description Fill in a description of the feed (optional)
    • TAXII server URL Copy your URL of ESET Threat Intelligence TAXII 2.x API root (for example, https://taxii.eset.com/taxii2/643f4eb5-f8b7-46a3-a606-6d61d5ce223a)

    • TAXII version TAXII 2.1

    • TAXII Collextion Copy your TAXII Collection ID (for example, 0abb06690b0b47e49cd7794396b76b20)

    • Authentication type Select Basic user/password from the drop-down menu

    • Username and Password to get your credentials follow How to activate a TAXII feed

    • User responsible for data creation You can leave this field empty
    • Import from date Select a date no earlier than the previous day

     

  5. Click Create to create a new feed.

    OpenCTI

    For a list of all available OpenCTI integrations, see OpenCTI Documentation.

    For information on how to set up OpenCTI ingesters, see OpenCTI Connectors.

    Figure 1-2