Silent Push’s Organization Exports give enterprise users a single, centralized place to search for, download, and automate exports of all custom threat indicator feeds created by your team. This makes it easy to get the latest threat data into your security tools for better detection and faster response.
This is how you efficiently handle your organization's threat intelligence feeds, whether you need a quick snapshot or ongoing automated updates.
Find Your Feeds Quickly
Use the built-in search and filters to find the exact feed you need, no matter how many your organization has created.
From the left navigation menu, select Data Export > Organization Exports.
In the Search by Name box, enter the name (or part of the name) of the feed you’re looking for.
(Optional) Filter results by file types.
(Optional) Filter results by tags associated with a feed.
This gets you straight to the right feed in seconds.
Download a Feed for On-Demand Use
Grab a one-time snapshot of the current indicators in any feed – perfect for ad hoc analysis, reporting, or creating static blocklists.
Supported formats:
CSV: Comma-separated values for easy import into spreadsheets or tools.
JSON: Structured, human-readable format ideal for APIs and scripts.
TXT: Simple plain-text list of indicators.
RPZ: Response Policy Zone format for DNS firewalls.
STIX: Standard for sharing structured cyber threat intelligence.
Just navigate to Organization Exports (as above), find your feed, and click Download in the format you need.
Automate Exports for Live Threat Intelligence
Set up automated pulls of your feeds that update every three hours with the latest indicators. This is the best way to keep your SIEM, SOAR, or other tools fed with fresh data without any manual work.
From the left navigation menu, select Data Export > Organization Exports.
Find and select the feed you want to automate.
Click Automate Export.
Choose your preferred file type (CSV, JSON, TXT, RPZ, or STIX).
Click Copy API Endpoint.
Paste the endpoint into your browser or script to test; you’ll get the latest file immediately.
Now, integrate that endpoint into your automation tools or scripts for regular pulls.
Use Ready-Made Code Snippets to Integrate with Third-Party Tools
Silent Push provides pre-built code examples to make integration even easier.
Access snippets for cURL, Python, or PHP directly in the Automate Export section.
Copy and paste them into your workflows.
This saves time and effort by enabling rapid integration where you can test and deploy endpoints in minutes, offering flexibility that works with virtually any SIEM, SOAR, firewall, or custom tool, eliminating the need for coding from scratch since pre-written snippets reduce errors and speed up setup, and supporting full automation so you can schedule periodic pulls for real-time alerts, dashboard updates, or blocking.
Real-World Example Workflows
Need a quick blocklist for your firewall?
Go to Organization Exports, search for your phishing indicators feed, and download it as RPZ or TXT for immediate import.
Keeping your SIEM up to date with the latest malicious IPs?
Automate the export in CSV, copy the Python snippet, and schedule it to run every few hours – new indicators flow in automatically.
Sharing a custom campaign feed with a partner?
Download in STIX format for standardized, easy exchange of structured threat data.
Tips
Use descriptive names and tags when creating feeds. It makes searching in Organization Exports much faster.
Combine automated exports with your existing orchestration tools (such as Splunk, Sentinel, or custom scripts) for hands-off threat-intel ingestion.
Test the API endpoint in your browser first to verify the format and data before scripting.
For high-volume feeds, start with JSON or CSV; they’re the most versatile for automation.