Use Feed Scanner to view all of the enriched feed data in one place and perform quick searches or complex custom queries on the available data.
Build queries with our drop-down Simple Search and perform quick searches, or use SPQL in Advanced Search to build custom queries.
Features
Feed Scanner incorporates the following features for customers to retrieve and view enriched feed data:
Feature | Description |
|---|---|
Enriched Data Display | View all enriched feed data that is available in a single, unified interface. The display is fully customizable |
Customise Display | Results tables can be modified to only display certain data types and it is fully customizable; customer's can choose which data columns are shown. |
Simple Feed Scanner searches offers the same back-end functionality as an advanced search query, but use a graphical UI (instead of command line syntax) | |
Use SPQL to create custom queries that directly facilitate complex searches. | |
Save Search | Save a custom feed search query for future use. Once saved, the search becomes accessible under "My Searches", streamlining repetitive workflows and making data monitoring more efficient. |
Edit Search | Modify and save changes to an existing saved feed search. After running or loading a saved search, users can adjust any part of the query |
Delete Search | The Delete Search feature allows users to permanently remove a previously saved feed search from their list. This is useful for cleaning up outdated, irrelevant, or duplicate searches. |
Clone Search | Create a duplicate of an existing saved search, making it easy to build new searches based on previous ones without starting from scratch. |
Share Search | Share a saved feed search with other team members or collaborators within the platform. This promotes consistency, collaboration, and faster access to relevant queries. |
View Results | Instantly see matching results based on the defined query parameters and copy, export or automate the export the results. |
Automate Export Results | Automate the Feed Scanner search of code snippets that facilitate a connection between your existing security stack, and |
Manual Download Results | Exported data can be used to generate tailored reports for stakeholders, support audit trails, and enable historical tracking of threats. |
Query Storage | Save custom queries that you created for quick retrieval later in My Searches. You can also choose to save column setting. This is ideal to reduce repetitive set-ups. |
My Searches | Use this panel to quickly access example queries, your recent queries, and previously saved queries. |
Expanded Record View | View the full details of a feed for all the contextual information that is associated. |
Use Cases
For more information on how customers use Feed Scanner, refer to the following use cases:
Real-time SOC monitoring
Automated Threat Intelligence Integration
Real-time SOC monitoring
Security Operation Centre (SOC) analysts use Feed Scanner to monitor threat indicators in real time. Analysts can quickly build queries with Simple Search or construct complex precise queries with SPQL in Advanced Search. SOC analysts can filter and drill into enriched feed records, and then expand on individual entries.
With Feed Scanner, SOC analysts respond to incidents quicker, reduce the time to detection, and implement a proactive security workflow.
Automated Threat Intelligence Integration
Security engineers and integration architects use the Feed Scanner to set up and save complex queries to continuously export the latest enriched feed data with an API endpoint. They integrate this threat intelligence into their existing security tools to minimize manual data retrieval, which ensures that critical threat data is always current.
With Feed Scanner, security engineers and integration architects integrate automated workflows to enhance situational awareness and support faster, data-drive decisions during an incidence response.
Get Started
To learn how to use Feed Scanner, select one of the following articles: