Use Feed Search to view all of the enriched feed data in one place and perform quick searches or complex custom queries on the available data.
Build queries with our drop-down Simple Search and perform quick searches, or use SPQL in Advanced Search to build custom queries.
Features
Feed Search incorporates the following features for customers to retrieve and view enriched feed data:
Feature | Description |
|---|---|
Enriched Data Display | View all enriched feed data in a single, unified interface. The display is fully customizable. |
Customize Display | Results tables can be modified to display specific data types, and they are fully customizable; customers can choose which data columns are displayed. |
Simple Feed Search offers the same back-end functionality as an advanced search query, but uses a graphical UI (instead of command line syntax). | |
Use SPQL to create custom queries that facilitate complex searches directly. | |
Save Search | Save a custom feed search query for future use. Once saved, the search becomes accessible under My Searches, streamlining repetitive workflows and making data monitoring more efficient. |
Edit Search | Modify and save changes to an existing saved feed search. After running or loading a saved search, users can adjust any part of the query. |
Delete Search | The Delete Search feature enables users to remove a previously saved feed search from their list permanently. This is useful for cleaning up outdated, irrelevant, or duplicate searches. |
Clone Search | Create a duplicate of an existing saved search, making it easy to build new searches based on previous ones without having to start from scratch. |
Share Search | Share a saved feed search with other team members or collaborators within the platform. This promotes consistency, collaboration, and faster access to relevant queries. |
View Results | Instantly see matching results based on the defined query parameters and copy, export, or automate the export of the results. |
Automate Export Results | Automate the Feed Scanner search for code snippets that facilitate a connection between your existing security stack and |
Manual Download Results | Exported data can be used to generate tailored reports for stakeholders, support audit trails, and enable historical tracking of threats. |
Query Storage | Save custom queries that you created for quick retrieval later in My Searches. You can also choose to save column settings. This is ideal for reducing repetitive setups. |
My Searches | Use this panel to access example queries quickly, your recent queries, and previously saved queries. |
Expanded Record View | View the full details of a feed for all the contextual information associated with it. |
Use Cases
For more information on how customers use Feed Search, refer to the following use cases:
Real-time SOC monitoring
Automated Threat Intelligence Integration
Real-time SOC monitoring
Security Operation Centre (SOC) analysts utilize Feed Scanner to monitor threat indicators in real-time. Analysts can quickly build queries with Simple Search or construct complex, precise queries with SPQL in Advanced Search. SOC analysts can filter and drill into enriched feed records, and then expand on individual entries.
With Feed Search, SOC analysts respond to incidents quickly, reduce the time to detection, and implement a proactive security workflow.
Automated Threat Intelligence Integration
Security engineers and integration architects utilize the Feed Scanner to set up and save complex queries, enabling continuous export of the latest enriched feed data via an API endpoint. They integrate this threat intelligence into their existing security tools to minimize manual data retrieval, ensuring that critical threat data is always up-to-date.
With Feed Scanner, security engineers and integration architects integrate automated workflows to enhance situational awareness and support faster, data-driven decisions during an incident response.
Get Started
To learn how to use Feed Scanner, select one of the following articles: