Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1467
Views
5
Helpful
3
Replies

Can I tell how many items are in an ETF source?

Tony Kilbarger
Level 1
Level 1

‎07-09-2021 09:03 AM

We are just enabling External Threat Feeds pulling from an aggregated source our security team has created.  When I look at the delta pulls each hour, it is pulling thousands of observables.  But I am told there are only about 37,000 indicators in the feed we are pulling from.  Is there a way to see the data in the threat feed source on the appliance or know how much data is there?  Sample log below:

 

Fri Jul 9 08:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 08:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 08:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 06:27:14.952257 and 2021-07-09 08:27:15.111860
Fri Jul 9 08:29:00 2021 Info: THREAT_FEEDS: 7440 observables were fetched from the source: MineMeldURL
Fri Jul 9 09:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 09:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 09:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 07:27:15.111860 and 2021-07-09 09:27:15.115280
Fri Jul 9 09:28:57 2021 Info: THREAT_FEEDS: 6625 observables were fetched from the source: MineMeldURL
Fri Jul 9 10:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 10:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 10:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 08:27:15.115280 and 2021-07-09 10:27:15.174908
Fri Jul 9 10:28:47 2021 Info: THREAT_FEEDS: 6041 observables were fetched from the source: MineMeldURL
Fri Jul 9 11:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 11:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 11:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 09:27:15.174908 and 2021-07-09 11:27:15.350641
Fri Jul 9 11:29:58 2021 Info: THREAT_FEEDS: 10832 observables were fetched from the source: MineMeldURL

Labels:
3 Replies 3

SriramV
Cisco Employee
Cisco Employee

‎07-09-2021 09:31 AM

unfortunately ETF table content or stats are not available to customers.

request to rise enhancement feature request with TAC on this issue. 

0 Helpful

Tony Kilbarger
Level 1
Level 1

‎07-12-2021 01:38 PM

Hello, making sure I understand, are you saying that this is already a feature request or are you saying I should submit it as a feature request?

 

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to Tony Kilbarger

‎07-21-2021 11:09 PM

Hey Tony,

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs89682

An enhancement is opened.

I would definitely recommend opening a TAC case so we can link your company towards this enhancement as well.

 

Thank you,

Mathew

0 Helpful
Customers Also Viewed These Support Documents