150,000 cybersecurity professionals use Feedly to gather intelligence in regards to the evolving risk panorama.
Threat analysis and assortment are one step of the general risk intelligence, investigation, and response.
The Feedly Cybersecurity API permits safety groups to simply combine the insights they accumulate in Feedly into different methods and purposes. Some groups use the API to extract information about threats and vulnerabilities and feed bigger machine studying threat-prioritization fashions. Some groups use the API to create Jira tickets based mostly on the content material of the Feedly boards to be sure that important vulnerabilities are critiques and patched in a well timed method.
Access to the Feedly API (as much as 200,000 requests monthly) is an add-on included within the Enterprise Edition of the Feedly for Cybersecurity package deal.
In this tutorial, we’ll present you methods to use the Feedly API to entry the content material of your safety feeds, your boards, and your Leo priorities.
When you subscribe to Feedly for Cybersecurity Enterprise Edition, we’ll give you a particular Feedly entry token related together with your account. That token will mean you can entry the content material of your feeds, boards, and priorities and carry out as much as 200,000 requests monthly.
Articles as JSON
The JSON illustration of an article combines a number of the open-source content material included on the RSS or on the web site, CVE/CVSS/Exploit info aggregated from vulnerability and exploit databases, in addition to the outcomes of the Leo cybersecurity fashions.
The title, content material, and visible info offer you entry to the core of the content material of the articles:
The commonTopics array represents Leo’s matter classification. The entities signify CVEs, merchandise, or firms Leo has recognized within the article. The CVE entity contains CVSS and exploits info extracted from vulnerability databases.
The estimatedCVSS represents the results of Leo’s CVSS scoring mannequin. This is beneficial for zero-days and articles which don’t point out a CVE explicitly. In these instances, Leo reads the content material of the article and computes an approximative CVSS rating based mostly on the terminology used within the article or the tweet.
Pro tip: When you could have an article open within the Feedly net software, you should use the Shift+D keyboard shortcut to see and examine the JSON of the article.
Accessing the content material of your feeds
Let’s think about that you’ve a “Security News” feed which comprises a listing of identified and trusted safety sources you wish to observe.
The Feedly API means that you can question Feedly and ask for the final 100 articles aggregated in that feed. The articles are normalized in a JSON format which incorporates the title, the content material, the supply info, in addition to all some cybersecurity metadata (Leo subjects classification, CVE metadata, CVSS metadata, exploit info.
You can use the Stream endpoint to get the final 100 articles revealed in a feed:
The most essential parameter is the streamId. Each feed in your Feedly account has a singular stream id. When you choose the feed within the left navigation bar, you see the streamId as a part of the URL. The stream id is formatted as `enterprise/xxxx/class/xxxx` for staff feeds and `person/xxxx/class/xxxx` for private feeds.
The depend parameter defines the variety of articles the server will return. We suggest that you choose a quantity between 20 and 100. If you want entry to greater than 100 articles, you should use the continuation parameter returned by the response to chain the requests and ask for the subsequent 100 articles.
Finally, the importantOnly parameter means that you can get the record of articles within the stream that has been prioritized by Leo.
- Make certain that the requests you’re making are authenticated utilizing the token you could have acquired from the Feedly staff.
- Make certain that the streamId is URL encoded when it’s handed as a parameter to the Stream endpoint.
Accessing the content material of your boards
Security groups use boards to bookmark important articles everybody within the staff ought to concentrate on. They additionally usually use boards to bookmark articles they wish to share with different purposes.
You can use the identical Stream endpoint to entry the final N articles manually bookmarked by your staff to a board.
The solely distinction would be the streamId. Team Board streamIds are formatted as `enterprise/xxxx/tag/xxxx`. Personal Board streamIds are formatted as `person/xxxx/tag/xxxx`.
If customers have annotated the articles with some notes and highlights whereas saving the article to a board, these notes and highlights can be included within the article JSON construction.
Example: Integrating Feedly together with your ticketing system
Here is an instance of how one can streamline the combination between the analysis and assortment work of your risk intelligence staff and the evaluation and patching work of your operations staff.
The analysis staff creates a Feedly board known as Critical Vulns the place why bookmark articles associated to important vulnerabilities they need the operations staff to remember off and assessment.
Each time the analysis staff finds a important perception, they save that article within the Critical Vulns board, including a observe about why they assume the vulnerability must be reviewed and patched.
Instead of asking the analysis staff to manually create a ticket in your ticketing system (Jira, Service Now, and many others.), you may write a small app which each 5 minutes connect with the Critical Vulns board, requests the final 20 articles bookmarked in that board, and for every new article, used the API of your ticketing system to create a brand new ticket. The app can enrich the ticket with the URL of the article saved within the board, the CVE info, and the notes and highlights from the researcher.
This is a strong method to break the silos between your analysis staff and your operations staff and be sure that important vulnerabilities are patched sooner.
Pro tip: there’s a easy resolution to discovering the brand new articles saved in a board. When your app processes a listing of articles, it ought to save the primary article within the record and the subsequent time it makes use of the Stream Feedly app to get the most recent articles bookmarked to a board, your app can use the newerThan parameter of the /v3/stream/content material and go that article id as a substitute of a timestamp to get newer articles.
The Feedly net software and cellular purposes are constructed on high of the Feedly API. This implies that every bit of knowledge accessible within the software and each motion taken within the software is on the market within the API.
For extra details about the Feedly API, please go to the Feedly Developer Website.
Streamline your open-source intelligence
We are excited to see many safety groups use the Feedly API to streamline their open-source risk intelligence course of. Sign up in the present day and uncover what Feedly for Cybersecurity can do for you!
If you have an interest in studying extra about Leo’s roadmap, you may be a part of the Feedly Community Slack. 2020 can be an exciting yr with new abilities and daring experiments!