--- title: "Create and Manage Threat Intelligence Feeds" slug: "create-and-manage-threat-intelligence-feeds" updated: 2026-02-18T15:43:29Z published: 2026-02-18T15:43:29Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Create and Manage Threat Intelligence Feeds Customers can create and import threat intelligence feeds from various sources, including Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Intelligence Information (TAXII) servers, STIX JSON files, other file types (such as CSV, JSON, and TXT), URLs, or empty feeds for custom repositories. These feeds enable automation, organization, and integration with security tools to provide Actionable Intelligence and proactive threat management. ## Feed Creation Options Creating a feed allows you to organize, analyze, and share threat intelligence data in a standardized format. Each feed creation method serves specific use cases: - **STIX TAXII Server Feed**: Automates threat detection and prioritization using a standardized, shareable format for integration with threat intelligence platforms. - **File-Based Feed (CSV, JSON, TXT, STIX)**: Ideal for simple analysis, quick reference, or integration with tools supporting direct file imports. Supports historical analysis, predefined datasets, and offline data use. - **URL-Based Feed**: Provides real-time, dynamic threat intelligence for integration with platforms such as SIEMs and other security tools. - **Empty Feed**: Acts as a personal live repository for manually adding threat intelligence indicators as needed. ## Create Feeds 1. From the left navigation menu, select**** **Defend >** **All Feeds**. 2. Select **Create New Feed** and choose the appropriate feed creation method from the dropdown menu. ## Create a Feed from a TAXII 2.1 Server Create a feed from a TAXII 2.1 server if you have complex security needs that require real-time updates, structured data exchange, and automated workflows. TAXII servers handle large data volumes, automate alerts and reports, and ensure data security and compliance. 1. From the left navigation menu, select **Defend > All Feeds**. 2. Select **Create New Feed**, then choose **From TAXII 2.1**. 3. In the **Feed name** box, enter the name of your feed. 4. In the **Feed type** box, select your feed type. 5. (Optional) In the **Vendor**box, enter the vendor name. 6. (Optional) In the **Description** box, enter a description of the feed. 7. In the **Server URL** box, enter the TAXII server URL. 8. In the **Authorization** box, select the authorization type and enter credentials. 9. Select **Load API Roots**, then in the API Root box, select the desired API root. 10. In the Collection box, select the collection to include the feed in, and then select **Create**. ## Create a Feed from a File (CSV, JSON, TXT, STIX) This method is suited for simple analysis, quick reference, or integration with tools supporting direct file imports. **Supported File Types**: - **CSV**: For sharing and storing data. - **JSON**: Text-based format for storing and exchanging data. - **TXT**: Plain text for unformatted data. - **STIX**: Structured format for sharing CTI. > **Important**: Ensure the file’s columns correspond to the represented data. **Benefits**: - **Historical Analysis**: Store historical threat data to investigate trends, attack behaviors, and evolving threats. - **Predefined Datasets**: Utilize datasets such as malware samples or IP address lists for regulatory analysis. - **Offline Data**: Access data in scenarios with limited or no internet connectivity. 1. From the **Create New Feed** dropdown, select **From File**. 2. Complete the form: - **Feed Name**: Enter a name for your feed. - **Feed Type**: Select the type of feed from the dropdown. - **Vendor (Optional)**: Enter the vendor name. - **Source Score (0-100) (Optional)**: Enter a score for the feed’s reliability. - **Description (Optional)**: Add a description of the feed. - **Tag (Optional**): Select **+ Add Tag**, enter a tag name, and choose it from the dropdown. - **File**: Choose **Select a File**, then upload a CSV, JSON, TXT, or STIX file. 3. Select **Create**. **Use Case**: Useful for users with simple analysis needs, predefined datasets, or offline data requirements. ## Create a Feed from a URL This method provides real-time, dynamic threat intelligence for integration with platforms such as SIEMs and other security tools. 1. From the **Create New Feed**dropdown, select**From URL**. 2. Complete the form: - **Feed Name**: Enter a name for your feed. - **Feed Type**: Select the type of feed from the dropdown. - **Vendor**: Enter the vendor name. - **Tag (Optional)**: Select **+ Add Tag**, enter a tag name, and choose it from the dropdown. - **URL**: Enter the URL for the feed. - **Source Format:** Select the URL’s format from the dropdown. - **Authorization**: Select the authorization type from the dropdown and enter credentials. - Select **Test Access** to verify the URL. 3. Select **Create**. **Use Case**: Ideal for real-time threat intelligence ## Create an empty Feed This method creates a personal live repository for manually adding threat intelligence indicators as they are discovered. 1. From the **Create New Feed** dropdown, select **From File**. 2. Complete the form: - **Feed Name**: Enter a name for your feed. - **Feed Type**: Select the type of feed from the dropdown. - **Vendor (Optional)**: Enter the vendor name. - **Source Score (0-100) (Optional)**: Enter a score for the feed’s reliability. - **Description (Optional)**: Add a description of the feed. - **Tag (Optional)**: Select **+ Add Tag**, enter a tag name, and choose it from the dropdown. 3. Select **Create** without uploading a file. **Use Case**: Ideal for users seeking a flexible and customizable repository for threat indicators. A standardized format for representing and sharing cyber threat intelligence, enabling interoperability and collaboration across security platforms. Precise, timely, and relevant cybersecurity information that enables immediate action to prevent, detect, or mitigate a threat. It includes clear details such as indicators of compromise (IoCs) or mitigation steps. A centralized module in a threat intelligence platform for organizing, searching, and analyzing data from various feeds, enabling efficient threat detection and response workflows.