Adding a Threat to InsightIDR
Adding a new threat to InsightIDR only takes a few clicks. Start by adding your indicators either in the textbox or as a CSV or XML file. From there, add a Name and Description, and choose who else can see it. For example, if you don't allow third party file sharing sites, you could put in 'storebox.com' and 'shelvebox.com' as indicators, and set it as a private threat you're monitoring.
Next, we'll go ahead and add recent Threat Intelligence that our Managed Detection and Response team curated around the Apache Struts Vulnerability.
Support for CSV & STIX XML
You can mass import indicators that are in a CSV or XML. Simply browse to the folder and upload the file.
Flexibly Add Bad Things
InsightIDR accepts standard types of hashes, URLs, and IP addresses.
InsightIDR will match these indicators against any data sources that could contain these four types.
Control Who Sees the Feed
For each Threat that you add, you can choose who sees it.
Private: Only your organization.
Restricted: Orgs can subscribe, but can't see the individual indicators.
Public: Any org with InsightIDR can view and subscribe to the feed.