Configure the API Source Plugin
To enable the API Source plugin, in Cloud Exchange go to Settings > Plugins and click on API Source (CTE). Once configured this will enable the API interface to manage the Indicators of Compromise.
Enter these parameters:
Configuration Name: this parameter is used not only to provide a name for the configuration, but it is also a mandatory parameter that must be provided in the source field of the POST request to the API endpoint used to create an IoC entry (
/api/cte/indicators/).Aging Criteria: Set the expiration time (in days) for the indicator.
Override Reputation: Set whether to override the reputation of the indicators received from this configuration. Set 0 to keep the default.
Enable SSL Verification: Set whether to check the certificate of the SSL connection used to exchange the IoCs.
Use System Proxy: set this parameter if you have configured a proxy for the Cloud Exchange and you want this plugin to use the same proxy.
 |
When finished, click Save. After saving the configuration, you will see this plugin under the Threat Exchange > Plugin section.