node-feed

Loads the threat intelligence data synchronized with the control node in the data node. This command is available only in the data node.

Syntax

node-feed name=FEED_ID
Required Parameter
name=FEED_ID

Identifier of the threat intelligence feed to query for synchronization. The name=FEED_ID and type=TYPE options cannot be used at the same time. Use either one.

See the following table for available identifiers.

FEED_IDTypeDescription
otxIP addressReal-time IP address reputation feed in the format of OTX (Open Threat Exchange)
torIP addressTor exit node IP address information feed
mdl_domainDomainMalicious domain name (e.g. C&C domain) feed
mdl_ipIP addressMalicious domain name (e.g. C&C IP address) feed
abusechDomainMalicious domain name (e.g. C&C domain) feed provided by abuse.ch
malc0deMD5Malware database provided by malc0de.com

Usage

  1. Look up OTX feeds synchronized in the data node.

    node-feed name=otx
    
  2. Look up malware IP lists synchronized in the data node.

    node-feed name=mdl_ip