Smartcities RSS

Feedly for Cybersecurity includes an API that allows cybersecurity teams to share the threat intelligence they collect in Feedly with other applications.

150,000 cybersecurity professionals use Feedly to collect intelligence about the evolving threat landscape. 

Threat research and collection are one step of the overall threat intelligence, investigation, and response.

The Feedly Cybersecurity API allows security teams to easily integrate the insights they collect in Feedly into other systems and applications. Some teams use the API to extract data about threats and vulnerabilities and feed larger machine learning threat-prioritization models. Some teams use the API to create Jira tickets based on the content of the Feedly boards to make sure that critical vulnerabilities are reviews and patched in a timely manner.

Access to the Feedly API (up to 200,000 requests per month) is an add-on included in the Enterprise Edition of the Feedly for Cybersecurity package.

TRY FEEDLY FOR CYBERSECURITY

In this tutorial, we will show you how to use the Feedly API to access the content of your security feeds, your boards, and your Leo priorities.

Authentication

When you subscribe to Feedly for Cybersecurity Enterprise Edition, we will provide you with a special Feedly access token associated with your account. That token will allow you to access the content of your feeds, boards, and priorities and perform up to 200,000 requests per month.

Articles as JSON

The JSON representation of an article combines some of the open-source content included on the RSS or on the website, CVE/CVSS/Exploit information aggregated from vulnerability and exploit databases, as well as the results of the Leo cybersecurity models.

The title, content, and visual information give you access to the core of the content of the articles:

JSON representation of the core of the article

The commonTopics array represents Leo’s topic classification. The entities represent CVEs, products, or companies Leo has identified in the article. The CVE entity includes CVSS and exploits information extracted from vulnerability databases.

The estimatedCVSS represents the result of Leo’s CVSS scoring model. This is useful for zero-days and articles which do not mention a CVE explicitly. In those cases, Leo reads the content of the article and computes an approximative CVSS score based on the terminology used in the article or the tweet.

Leo enrichment of the article

Pro tip: When you have an article open in the Feedly web application, you can use the Shift+D keyboard shortcut to see and inspect the JSON of the article.

Use keyboard shortcut SHIFT+D to see the preview of the article JSON

Accessing the content of your feeds

Let’s imagine that you have a “Security News” feed which contains a list of known and trusted security sources you want to follow.

The Feedly API allows you to query Feedly and ask for the last 100 articles aggregated in that feed. The articles are normalized in a JSON format which includes the title, the content, the source information, as well as all some cybersecurity metadata (Leo topics classification, CVE metadata, CVSS metadata, exploit information.

You can use the Stream endpoint to get the last 100 articles published in a feed:

Overview of the stream endpoint

The most important parameter is the streamId. Each feed in your Feedly account has a unique stream id. When you select the feed in the left navigation bar, you see the streamId as part of the URL. The stream id is formatted as `enterprise/xxxx/category/xxxx` for team feeds and `user/xxxx/category/xxxx` for personal feeds.

Finding the streamId of a feed

The count parameter defines the number of articles the server will return. We recommend that you select a number between 20 and 100. If you need access to more than 100 articles, you can use the continuation parameter returned by the response to chain the requests and ask for the next 100 articles.

Finally, the importantOnly parameter allows you to get the list of articles in the stream that has been prioritized by Leo.

Troubleshooting tips:

Make sure that the requests you are making are authenticated using the token you have received from the Feedly team.Make sure that the streamId is URL encoded when it is passed as a parameter to the Stream endpoint.

Accessing the content of your boards

Security teams use boards to bookmark critical articles everyone in the team should be aware of. They also often use boards to bookmark articles they want to share with other applications.

You can use the same Stream endpoint to access the last N articles manually bookmarked by your team to a board.

The only difference will be the streamId. Team Board streamIds are formatted as `enterprise/xxxx/tag/xxxx`. Personal Board streamIds are formatted as `user/xxxx/tag/xxxx`.

Finding the streamId of a board

If users have annotated the articles with some notes and highlights while saving the article to a board, those notes and highlights will be included in the article JSON structure.

JSON of notes and highlights

Example: Integrating Feedly with your ticketing system

Here is an example of how you can streamline the integration between the research and collection work of your threat intelligence team and the analysis and patching work of your operations team.

The research team creates a Feedly board called Critical Vulns where why bookmark articles related to critical vulnerabilities they want the operations team to be aware off and review.

Each time the research team finds a critical insight, they save that article in the Critical Vulns board, adding a note about why they think the vulnerability needs to be reviewed and patched.

Instead of asking the research team to manually create a ticket in your ticketing system (Jira, Service Now, etc.), you can write a small app which every 5 minutes connect to the Critical Vulns board, requests the last 20 articles bookmarked in that board, and for each new article, used the API of your ticketing system to create a new ticket. The app can enrich the ticket with the URL of the article saved in the board, the CVE information, and the notes and highlights from the researcher.

This is a powerful way to break the silos between your research team and your operations team and make sure that critical vulnerabilities are patched faster.

Pro tip: there is a simple solution to finding the new articles saved in a board. When your app processes a list of articles, it should save the first article in the list and the next time it uses the Stream Feedly app to get the latest articles bookmarked to a board, your app can use the newerThan parameter of the /v3/stream/content and pass that article id instead of a timestamp to get newer articles.

A lot more…

The Feedly web application and mobile applications are built on top of the Feedly API. This means that every piece of information available in the application and every action taken in the application is available in the API.For more information about the Feedly API, please visit the Feedly Developer Website.

Streamline your open-source intelligence

We are excited to see many security teams use the Feedly API to streamline their open-source threat intelligence process. Sign up today and discover what Feedly for Cybersecurity can do for you!

TRY FEEDLY FOR CYBERSECURITY

If you are interested in learning more about Leo’s roadmap, you can join the Feedly Community Slack. 2020 will be a thrilling year with new skills and bold experiments!

Feedly for Cybersecurity includes an API that allows cybersecurity teams to share the threat intelligence they collect in Feedly with other applications.

150,000 cybersecurity professionals use Feedly to collect intelligence about the evolving threat landscape. 

Threat research and collection are one step of the overall threat intelligence, investigation, and response.

The Feedly Cybersecurity API allows security teams to easily integrate the insights they collect in Feedly into other systems and applications. Some teams use the API to extract data about threats and vulnerabilities and feed larger machine learning threat-prioritization models. Some teams use the API to create Jira tickets based on the content of the Feedly boards to make sure that critical vulnerabilities are reviews and patched in a timely manner.

Access to the Feedly API (up to 200,000 requests per month) is an add-on included in the Enterprise Edition of the Feedly for Cybersecurity package.

TRY FEEDLY FOR CYBERSECURITY

In this tutorial, we will show you how to use the Feedly API to access the content of your security feeds, your boards, and your Leo priorities.

Authentication

When you subscribe to Feedly for Cybersecurity Enterprise Edition, we will provide you with a special Feedly access token associated with your account. That token will allow you to access the content of your feeds, boards, and priorities and perform up to 200,000 requests per month.

Articles as JSON

The JSON representation of an article combines some of the open-source content included on the RSS or on the website, CVE/CVSS/Exploit information aggregated from vulnerability and exploit databases, as well as the results of the Leo cybersecurity models.

The title, content, and visual information give you access to the core of the content of the articles:

JSON representation of the core of the article

The commonTopics array represents Leo’s topic classification. The entities represent CVEs, products, or companies Leo has identified in the article. The CVE entity includes CVSS and exploits information extracted from vulnerability databases.

The estimatedCVSS represents the result of Leo’s CVSS scoring model. This is useful for zero-days and articles which do not mention a CVE explicitly. In those cases, Leo reads the content of the article and computes an approximative CVSS score based on the terminology used in the article or the tweet.

Leo enrichment of the article

Pro tip: When you have an article open in the Feedly web application, you can use the Shift+D keyboard shortcut to see and inspect the JSON of the article.

Use keyboard shortcut SHIFT+D to see the preview of the article JSON

Accessing the content of your feeds

Let’s imagine that you have a “Security News” feed which contains a list of known and trusted security sources you want to follow.

The Feedly API allows you to query Feedly and ask for the last 100 articles aggregated in that feed. The articles are normalized in a JSON format which includes the title, the content, the source information, as well as all some cybersecurity metadata (Leo topics classification, CVE metadata, CVSS metadata, exploit information.

You can use the Stream endpoint to get the last 100 articles published in a feed:

Overview of the stream endpoint

The most important parameter is the streamId. Each feed in your Feedly account has a unique stream id. When you select the feed in the left navigation bar, you see the streamId as part of the URL. The stream id is formatted as `enterprise/xxxx/category/xxxx` for team feeds and `user/xxxx/category/xxxx` for personal feeds.

Finding the streamId of a feed

The count parameter defines the number of articles the server will return. We recommend that you select a number between 20 and 100. If you need access to more than 100 articles, you can use the continuation parameter returned by the response to chain the requests and ask for the next 100 articles.

Finally, the importantOnly parameter allows you to get the list of articles in the stream that has been prioritized by Leo.

Troubleshooting tips:

Make sure that the requests you are making are authenticated using the token you have received from the Feedly team.Make sure that the streamId is URL encoded when it is passed as a parameter to the Stream endpoint.

Accessing the content of your boards

Security teams use boards to bookmark critical articles everyone in the team should be aware of. They also often use boards to bookmark articles they want to share with other applications.

You can use the same Stream endpoint to access the last N articles manually bookmarked by your team to a board.

The only difference will be the streamId. Team Board streamIds are formatted as `enterprise/xxxx/tag/xxxx`. Personal Board streamIds are formatted as `user/xxxx/tag/xxxx`.

Finding the streamId of a board

If users have annotated the articles with some notes and highlights while saving the article to a board, those notes and highlights will be included in the article JSON structure.

JSON of notes and highlights

Example: Integrating Feedly with your ticketing system

Here is an example of how you can streamline the integration between the research and collection work of your threat intelligence team and the analysis and patching work of your operations team.

The research team creates a Feedly board called Critical Vulns where why bookmark articles related to critical vulnerabilities they want the operations team to be aware off and review.

Each time the research team finds a critical insight, they save that article in the Critical Vulns board, adding a note about why they think the vulnerability needs to be reviewed and patched.

Instead of asking the research team to manually create a ticket in your ticketing system (Jira, Service Now, etc.), you can write a small app which every 5 minutes connect to the Critical Vulns board, requests the last 20 articles bookmarked in that board, and for each new article, used the API of your ticketing system to create a new ticket. The app can enrich the ticket with the URL of the article saved in the board, the CVE information, and the notes and highlights from the researcher.

This is a powerful way to break the silos between your research team and your operations team and make sure that critical vulnerabilities are patched faster.

Pro tip: there is a simple solution to finding the new articles saved in a board. When your app processes a list of articles, it should save the first article in the list and the next time it uses the Stream Feedly app to get the latest articles bookmarked to a board, your app can use the newerThan parameter of the /v3/stream/content and pass that article id instead of a timestamp to get newer articles.

A lot more…

The Feedly web application and mobile applications are built on top of the Feedly API. This means that every piece of information available in the application and every action taken in the application is available in the API.For more information about the Feedly API, please visit the Feedly Developer Website.

Streamline your open-source intelligence

We are excited to see many security teams use the Feedly API to streamline their open-source threat intelligence process. Sign up today and discover what Feedly for Cybersecurity can do for you!

TRY FEEDLY FOR CYBERSECURITY

If you are interested in learning more about Leo’s roadmap, you can join the Feedly Community Slack. 2020 will be a thrilling year with new skills and bold experiments!

Train Leo to prioritize the most critical vulnerabilities in your cybersecurity feeds

Do you need to keep up with the latest vulnerabilities and threats but do not have the time to read all your security feeds? We can help.

In 2018, fifteen thousand vulnerabilities were discovered, the number of exploits doubled and more than four security articles were published every minute. Keeping up with all these trends can be time-consuming and overwhelming.

This is a problem we are very passionate about and have been researching with two of the largest security teams in Silicon Valley.

Today, we are excited to announce a new Leo skill called Security Threats.

We have been teaching Leo to read security articles and find or assess the severity of the software vulnerabilities they mention so that he can help you focus your attention on the most critical threats in your feeds first.

TRY FEEDLY FOR CYBERSECURITY

Here is a demo!

Let’s look at how you can train your Leo to prioritize articles mentioning critical vulnerabilities related to Microsoft, WordPress, or Docker.

Cut through the noise

Leo reads and prioritizes the most critical threats in your feeds

Leo continuously reads your feeds and short-lists the most critical vulnerabilities in the priority tab.

For example, you might have a cybersecurity feed connected to niche security experts, vulnerability databases, keyword alerts, etc. with thousands of new articles per month.

You can train Leo to read those 1,000+ articles and prioritize the 30 or so referencing high severity threats (CVSS > 8) and related to vendors you care about (Microsoft, WordPress, Docker in the example above).

Leo’s new Security Threat skill

You’re in control

Leo is not an opaque recommendation engine. Instead, Leo has a set of skills that gives you control over defining what information is important to you.

The new Security Threat skill allows Leo to read an article, lookup CVE, CVSS, and exploit information from multiple open source databases and determine how critical a vulnerability is.

The new Security Threat skill also includes a sophisticated machine learning model that allows Leo to assess the severity of a threat based on the vocabulary used to describe the software vulnerability. This is particularly useful for zero-day vulnerabilities which might not have a CVE or CVSS.

Training Leo to prioritize vulnerabilities is very simple.

Creating a Leo cybersecurity model

The first layer of the model captures the severity threshold. High means CVSS > 8 or CVSS > 5 but with an exploit.

The second layer of the model captures the list of vendors.

Control and transparency are core Leo design principles.

All the articles prioritized by Leo have a green priority marker. Clicking on that marker offers an explanation of why the article was prioritized and the opportunity to refine, pause or remove that priority.

Full control and transparency

When an article is related to a CVE, you can also click on that CVE to get additional information about the vulnerability: description, CVSS score, exploits, patches, etc.

Quick access to CVE information

Continuously learning and getting smarter

Leo learns from his mistakes. When a recommendation is wrong, you can use the “Less-Like-This” down arrow button to correct Leo.

Leo learns from Less Like This feedback

You can let Leo know that he misclassified a vulnerability, miscalculated the severity, or misidentified a vendor.

Leo learns from your feedback and gets continuously smarter.

Streamline your open-source intelligence

We are excited to see many security teams declutter their feeds and dig deeper into the vulnerabilities that matter to them. Sign up today and discover what Feedly for Cybersecurity can do for you!

TRY FEEDLY FOR CYBERSECURITY

If you are interested in learning more about Leo’s roadmap, you can join the Feedly Community Slack. 2020 will be a thrilling year with new skills and bold experiments!

Train Leo to prioritize the most critical vulnerabilities in your cybersecurity feeds

Do you need to keep up with the latest vulnerabilities and threats but do not have the time to read all your security feeds? We can help.

In 2018, fifteen thousand vulnerabilities were discovered, the number of exploits doubled and more than four security articles were published every minute. Keeping up with all these trends can be time-consuming and overwhelming.

This is a problem we are very passionate about and have been researching with two of the largest security teams in Silicon Valley.

Today, we are excited to announce a new Leo skill called Security Threats.

We have been teaching Leo to read security articles and find or assess the severity of the software vulnerabilities they mention so that he can help you focus your attention on the most critical threats in your feeds first.

TRY FEEDLY FOR CYBERSECURITY

Here is a demo!

Let’s look at how you can train your Leo to prioritize articles mentioning critical vulnerabilities related to Microsoft, WordPress, or Docker.

Cut through the noise

Leo reads and prioritizes the most critical threats in your feeds

Leo continuously reads your feeds and short-lists the most critical vulnerabilities in the priority tab.

For example, you might have a cybersecurity feed connected to niche security experts, vulnerability databases, keyword alerts, etc. with thousands of new articles per month.

You can train Leo to read those 1,000+ articles and prioritize the 30 or so referencing high severity threats (CVSS > 8) and related to vendors you care about (Microsoft, WordPress, Docker in the example above).

Leo’s new Security Threat skill

You’re in control

Leo is not an opaque recommendation engine. Instead, Leo has a set of skills that gives you control over defining what information is important to you.

The new Security Threat skill allows Leo to read an article, lookup CVE, CVSS, and exploit information from multiple open source databases and determine how critical a vulnerability is.

The new Security Threat skill also includes a sophisticated machine learning model that allows Leo to assess the severity of a threat based on the vocabulary used to describe the software vulnerability. This is particularly useful for zero-day vulnerabilities which might not have a CVE or CVSS.

Training Leo to prioritize vulnerabilities is very simple.

Creating a Leo cybersecurity model

The first layer of the model captures the severity threshold. High means CVSS > 8 or CVSS > 5 but with an exploit.

The second layer of the model captures the list of vendors.

Control and transparency are core Leo design principles.

All the articles prioritized by Leo have a green priority marker. Clicking on that marker offers an explanation of why the article was prioritized and the opportunity to refine, pause or remove that priority.

Full control and transparency

When an article is related to a CVE, you can also click on that CVE to get additional information about the vulnerability: description, CVSS score, exploits, patches, etc.

Quick access to CVE information

Continuously learning and getting smarter

Leo learns from his mistakes. When a recommendation is wrong, you can use the “Less-Like-This” down arrow button to correct Leo.

Leo learns from Less Like This feedback

You can let Leo know that he misclassified a vulnerability, miscalculated the severity, or misidentified a vendor.

Leo learns from your feedback and gets continuously smarter.

Streamline your open-source intelligence

We are excited to see many security teams declutter their feeds and dig deeper into the vulnerabilities that matter to them. Sign up today and discover what Feedly for Cybersecurity can do for you!

TRY FEEDLY FOR CYBERSECURITY

If you are interested in learning more about Leo’s roadmap, you can join the Feedly Community Slack. 2020 will be a thrilling year with new skills and bold experiments!