node-feed
Loads the threat intelligence data synchronized with the control node in the data node. This command is available only in the data node.
Syntax
node-feed name=FEED_ID
Required Parameter
name=FEED_ID
-
Identifier of the threat intelligence feed to query for synchronization. The
name=FEED_ID
andtype=TYPE
options cannot be used at the same time. Use either one. -
See the following table for available identifiers.
FEED_ID Type Description otx
IP address Real-time IP address reputation feed in the format of OTX (Open Threat Exchange) tor
IP address Tor exit node IP address information feed mdl_domain
Domain Malicious domain name (e.g. C&C domain) feed mdl_ip
IP address Malicious domain name (e.g. C&C IP address) feed abusech
Domain Malicious domain name (e.g. C&C domain) feed provided by abuse.ch malc0de
MD5 Malware database provided by malc0de.com
Usage
-
Look up OTX feeds synchronized in the data node.
node-feed name=otx
-
Look up malware IP lists synchronized in the data node.
node-feed name=mdl_ip