07-09-2021 09:03 AM
We are just enabling External Threat Feeds pulling from an aggregated source our security team has created. When I look at the delta pulls each hour, it is pulling thousands of observables. But I am told there are only about 37,000 indicators in the feed we are pulling from. Is there a way to see the data in the threat feed source on the appliance or know how much data is there? Sample log below:
Fri Jul 9 08:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 08:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 08:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 06:27:14.952257 and 2021-07-09 08:27:15.111860
Fri Jul 9 08:29:00 2021 Info: THREAT_FEEDS: 7440 observables were fetched from the source: MineMeldURL
Fri Jul 9 09:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 09:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 09:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 07:27:15.111860 and 2021-07-09 09:27:15.115280
Fri Jul 9 09:28:57 2021 Info: THREAT_FEEDS: 6625 observables were fetched from the source: MineMeldURL
Fri Jul 9 10:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 10:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 10:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 08:27:15.115280 and 2021-07-09 10:27:15.174908
Fri Jul 9 10:28:47 2021 Info: THREAT_FEEDS: 6041 observables were fetched from the source: MineMeldURL
Fri Jul 9 11:27:15 2021 Info: THREAT_FEEDS: A delta poll is scheduled for the source: MineMeldURL
Fri Jul 9 11:27:15 2021 Info: THREAT_FEEDS: A delta poll has started for the source: MineMeldURL, domain: xxxx.nationwide.com, collection: URL_TaxiiFeed
Fri Jul 9 11:27:15 2021 Info: THREAT_FEEDS: Observables are being fetched from the source: MineMeldURL between 2021-07-09 09:27:15.174908 and 2021-07-09 11:27:15.350641
Fri Jul 9 11:29:58 2021 Info: THREAT_FEEDS: 10832 observables were fetched from the source: MineMeldURL
07-09-2021 09:31 AM
unfortunately ETF table content or stats are not available to customers.
request to rise enhancement feature request with TAC on this issue.
07-12-2021 01:38 PM
Hello, making sure I understand, are you saying that this is already a feature request or are you saying I should submit it as a feature request?
07-21-2021 11:09 PM
Hey Tony,
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs89682
An enhancement is opened.
I would definitely recommend opening a TAC case so we can link your company towards this enhancement as well.
Thank you,
Mathew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide