Customised and automated searches regularly provide the most relevant information to analytic buckets. Find out exactly how below.

How feeds work

A cybernality feed regularly searches our knowledge graph for new information that is relevant to you. If it finds something new, the feed reports this back to the defined analytic bucket.

A feed needs at least the following information for this:

• Search query incl. filter: Represents a search query that the feed sends to the cybernality knowledge graph.

• Search frequency: The time interval at which the feed automatically executes the defined search query.

• Analytic Bucket: Defines the target for storing the information.

Feed example

You are a member of a SOC team and want to keep an eye on a specific APT group and its activities. To do this, you create a feed that takes over this task for you.

→ search query: {“query”: “apt28”}

→ Frequency: 1h

→ Analytic Bucket: “Threat Intelligence”

What does “new” result exactly mean?

The search query is executed for the first time when the feed is created. These results (max. 100) are saved as a baseline on the target analytic buckets. The next time the search query is executed, the new results are compared with the last baseline for each concerned analytic bucket. Search results that are not in the baseline are labelled as new results. The results of the current search also represent the new baseline for the next comparison.

How long does an analytic bucket store the results?

At the moment there is no data retention implemented. But this is planed for the near future.

Where can I find the results?

To see which results have been found for certain analytic buckets go to the dashboard. Here you can select the concerned analytic bucket which filters the result list accordingly.