Feedly CDF Demo Transcript Hello I'm going to give a quick overview of ThreatQ’s integration with Feedly The Feedly integration ingests threat intel from articles, blog posts, and RSS feeds coming from Feedly They have a layer of NLP preprocessing that provides a lot of great context about the articles being ingested all in one neat package. The integration parses through this information and builds out reports containing attributes, tags and related objects such as IoCs, CVEs and malware. It then relates the objects together so that everything is easily viewable in the threat library. Alright, so if we go ahead and look at the integration page under My Integrations We can search for Feedly. And we can have it open in a new tab. So this is the configuration page. We have the Feedly API Token. You would simply put your API token for anything in here. Then we have the API stream ID. Now you get this from Feedly itself and go to your team feeds here that you have built Select one Go to your options and go to sharing and it will show your stream ID. Go ahead and copy it over And you can paste that into your feedly API stream ID. We also have other ingestion options such as ingesting keywords as tags, attributes, or both and ingesting CVEs as indicators, vulnerabilities, or both. Then you can select how often you want this integration to run as well as the default indicator status. You would simply click enable and then hit save and you are ready to go I'll go ahead and check out the activity log we've been having this field running for a little while now. You can see that it ran recently. We have it running every hour. Holding one report with one indicator, one malware object and nine attributes. I think there is a better example here. This one for the one report 109 indicators some various objects and 31 report attributes. Because we have it running every hour, it doesn't always ingest something. If we go ahead and take a look at the threat library. You can see I already have a data collection selected. And it shows that in the last day we have 9 reports. If I go ahead and open all these, I have more these open already. Here you can see an example of a report that it has brought in. We have the attributes provided such as the topic and the affected software as well as various contexts from Feedly such as their helpful Feedly Leo summary and the source URL, which is where the article originated from. Down here we have the tags that are brought in. If we Scroll down, you can see the description displays the contents of the article, as it shows on the original source URL. And at the bottom, we have related objects such as the attack patterns, identities and malware. We also have indicators that can be used for scoring or enriching with operations or workflows, or to export to tools such as EDR tool or firewall. Now if we head to the dashboard, you can see I've just put together a quick dashboard for Feedly that displays reports brought in within the last day. As well as easily being able to see what those reports are about using the Leo summary. As well as context about those reports, such as the score that related indicators are being scored on Related Tags on reports As well as just in general, all ingested indicators or topics. And if you have any questions or need more info, you can head to ThreatQ.com. Thank you