Feeds explained in detail

Feeds explained in detail

Customised and automated searches regularly provide you with the most relevant information. Find out exactly how below.

How feeds work

A cybernality feed regularly searches our search index for new information that is relevant to you. If it finds something new, the feed reports this back to you.

A feed needs at least the following information for this:

• Search query incl. filter: Represents a search query that the feed sends to the cybernality search index.

• Search frequency: The time interval at which the feed automatically executes the defined search query.

• Notification Option (optional): Defines the transmission path for notifications and their destination.

Feed example

You are a member of a SOC team and want to keep an eye on a specific APT group and its activities. To do this, you create a feed that takes over this task for you.

→ search query: {“query”: “apt28”}

→ Frequency: 1h

→ Notification Option: My Blue Team

What does “new” result exactly mean?

The search query is executed for the first time when the feed is created. These results (max. 150) are saved as a baseline. The next time the search query is executed, the new results are compared with the last baseline. Search results that are not in the baseline are labelled as new results. The results of the current search also represent the new baseline for the next comparison.

How long does a feed store the results it finds?

Each feed has a retention time as a property. You can define this when creating the feed and also change it later. The setting options are:

• one day

• one week

• one month

• one quarter

Where can I find the feed results?

You can manage all your feeds in the "Manage Feeds" section. On the feed cards displayed there, you will find a list view button in the bottom bar. If this is displayed in blue, the feed has current results based on the retention time. Click there to display these results.