Draft feeds can be used to gather and organize threat intelligence information from multiple sources into curated collections, before pushing them live.
Customers use Draft Feeds to review, modify, and enhance the information, for example:
- Curate Threat Data: Group together relevant indicators, alerts, and other intelligence from diverse sources.
- Review and Edit: Assess the incoming data, filter out noise, and enrich details with additional context.
- Streamline Workflows: Prepare and publish feeds that integrate seamlessly with SIEM, SOAR, and TIP systems.
- Collaborate: Share curated collections with team members for joint analysis and decision-making.
Features
Draft Feeds incorporates the following features for customers to create and manage:
| Feature | Description |
|---|---|
| Card Interface | View draft feeds, in the All Feeds, that are available in a single, unified interface. |
| Editing and Annotation Tools | Edit, tag, and annotate threat data to ensure that only high‑quality intelligence is published. |
| Collaboration Capabilities | Share drafts with colleagues to gather feedback and collaboratively curate threat intelligence before publication. |
| Seamless Integration | Once the draft feeds are published, they can be integrate with SIEM, SOAR, and TIP systems, ensuring enriched intelligence is immediately actionable. |
How it Works
The following process briefly explains how customers use draft Feeds and benefit from the feature:
- Data Ingestion
- Data Enrichment
- Draft and Publish Data
- Workflow Integration
1. Data Ingestion
Customers use the Draft Feeds feature to view and create feeds of threat data from the following sources:
- File
- URL
- TAXII 2.1
- Empty
For example, you can use the Create a Feed from a URL feature to ingest live data from CrowdStrike or other threat intelligence platforms. After choosing to creating a new feed, customers then:
- Configure a feed by specifying the data endpoint.
- The platform then investigates the source at regular intervals to ensure customers always receive the latest data.
2. Data Enrichment
Than Draft feeds are enriched through Silent Push's enrichment tools to add context, risk scores, and annotations.
3. Draft and Publish Data
When the draft feed meets customer requirements, they publish the draft feed to make it available to their security workflows.
Customers:
- Use the Draft Feeds card interface to manage their draft feeds that are not yet live or available for security workflow integration.
- Track revisions made to the draft feeds and collaborate with their team before final publication.
4. Workflow Integration
Now with a draft feed published, live, and located in Feeds, customers can then integrate the published feeds into your existing security systems so that enriched threat intelligence flows directly into your SIEM, SOAR, or TIP platforms. Customers then:
- Configure their integration settings to automatically route the published feed data into their security dashboards.
- Customize alerts and automated responses based on the enriched intelligence.
Use Cases
For more information on how customers use Draft Feeds, refer to the following use cases:
Security Operation Centre (SOC) Analysts: Filter and enrich raw threat data so that only the most critical alerts reach the Security Operations Center for real‑time monitoring and response.
Threat Analysts (TAs): Curate, tag, and annotate threat indicators to prioritize risks and refine intelligence reports.
Indicate Response (IR) Teams: Prepare tailored feeds focusing on specific attack vectors or incidents, providing rapid, actionable insights during an incident.
Get Started
Enhance your cybersecurity posture by curating, enriching, and integrating threat intelligence with Draft Feeds. Explore our detailed guides to learn more about each step of the process: