The Indicator of Future Attack (IOFA) Exports feature provides Enterprise customers with a centralized solution to access all IOFA Feed data through a single endpoint, including existing and newly added feeds. It enables users to consolidate Threat data by retrieving all IOFA-based threat indicators in a single download, automate updates to continuously receive the latest indicators without manual retrieval, and integrate the data into third-party tools via API endpoints in formats such as Python, cURL, and PHP for up to 3 hours post-generation.
An API key is required to view and utilize this threat intelligence data; further details are available in the knowledge base.
View your IOFA Exports
From the left navigation menu, select Data Export > IOFA Exports.
Use the following table to learn what information is accessible from IOFA Exports:
Information Type | Description |
|---|---|
Name | Name of the feed |
Observable | Total amount of observables that are in the feed |
Observable Type | Type of observables that are in the feed. For example, IOFAs or IOCs |
Resource Type | Type of creation of the feed (Manual, URL) |
Vendor | The name of the owner of the feed |
Description | Description that the creator of the feed adds when saving the feed |
Tags | Tags and labels that are assigned to the indicator to provide additional context |
Export an API URL
IOFA Feeds can also be exported as a 3-hour time-limited API URL, which you can use to call the JSON.
From the left navigation menu, select Threat Intelligence Management > IOFA Feeds.
Click View on your chosen feed.
Click the Export button on the top right.
Click Automate Export.
Select your chosen export method:
Python
cURL
pHp
Click the Copy API endpoint.