Creating A Feed
This section includes creating a Feed with:
user@machine:~$ curl --location --request POST 'https://defense-<environment>.conferdeploy.net/threathunter/feedmgr/v2/orgs/MY_ORG_KEY/feeds' \
--header 'X-Auth-Token: MY_API_SECRET_KEY/MY_API_KEY_ID' \
--header 'Content-type: application/json' \
--header 'Content-Type: text/plain' \
--data-raw '{"feedinfo": {"name": "Binary Analysis Feed", "owner": "Developer Relations", "provider_url": "https://www.carbonblack.com", "summary": "Binary Analysis YARA Results", "category": "Analysis"},
"reports": []}
'
> Feed object, bound to https://defense-<environment>.conferdeploy.net.
-------------------------------------------------------------------------------
access: private
category: Analysis
id: jVxpUZ32SGKidfTNNDFuVr
name: Binary Analysis Feed
owner: ABCDEFGH
provider_url: https://www.carbonblack.com/
source_label: None
summary: Binary Analysis YARA ResultsWhen using the cURL example, it is recommended that you copy the cURL command into a text editor, substitute in your values, and then copy the command to your command line interface.
Your API Key must have CREATE org.feed permissions to create a Feed. See the Carbon Black Cloud Authentication Guide for more info.
The Python bindings for CBC (CBC Python SDK) include an example to create a feed through the command line. Clone the CBC Python SDK repository to your machine and install via pip install carbon-black-cloud-sdk to use the example scripts.
Be sure to read the CBC Python SDK README before using this example.
user@machine:~$ python carbon-black-cloud-sdk-python/examples/enterprise_edr/feed_operations.py --name="Binary Analysis Feed" --owner="Developer Relations" --url="https://www.carbonblack.com/" --summary="Binary Analysis YARA Results" --category="Analysis"
> Feed object, bound to https://defense-<environment>.conferdeploy.net.
-------------------------------------------------------------------------------
access: private
category: Analysis
id: jVxpUZ32SGKidfTNNDFuVr
name: Binary Analysis Feed
owner: ABCDEFGH
provider_url: https://www.carbonblack.com/
source_label: None
summary: Binary Analysis YARA ResultsThe id is listed in the output of the example script. Copy this value into feed_id in your configuration file.
Postman is a useful tool for sending API requests through a GUI. You can import this Enterprise EDR Feed Operations Collection via url.
In Postman, use the "Create new private feed" request to make a new feed. Be sure to update the X-Auth-Token header to use your API token, and the Body of the request with details you want.