Showing results for 
Search instead for 
Did you mean: 

Re: Cyber Threat Feeds

It's simply a name, or Label. Its recommended you use something descriptive based on either source or function.

Level 10
Report Inappropriate Content
Message 22 of 25

Re: Cyber Threat Feeds

I don't think this is supposed to be an empty list. I found the feed that its looking at.

Not sure how this is being parsed that it doesn't see the list of domains

I know what comes from hail a taxxi bsed on the name of the watchlist being populated and the name of the threat feed

Re: Cyber Threat Feeds

Was anyone ever able to resolve porting the output of the threat feeds from the Soltra VM into McAfee SIEM?  Is there a way to get the FS-ISAC feed directly into the SIEM without needing the VM?

Level 10
Report Inappropriate Content
Message 24 of 25

Re: Cyber Threat Feeds

We have been able to get the following Taxii feeds working with the exception of the phishtank.domain feed:



Level 7
Report Inappropriate Content
Message 25 of 25

Re: Cyber Threat Feeds

If you are using this example:
then just wait for a bit. In our case it took quite some time until the Server delivered all the values. Also don´t Forget to put in the Collection Name. We tried a few different Settings and it only worked with the correct Collection Name. But i guess the most important part of it is that it takes some time to deliver all the values to your System. But it definetly works.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator