2015-10-25 12:44 PM
Anyone know if it is possible import lists into RSA SA 10.5.x using the REST API? We are using a 3rd party platform for managing threat intelligence data and we can already utilize this data in our feeds using recurring feeds. However, it would be nice to be able to also import lists of indicators as lists for retrospective lookups.
2015-11-17 03:00 PM
Hi!,
Not via REST, but it can be done by manually updating the zip in
/home/rsasoc/rsa/soc/reporting-engine/liststore/
Open a list, and save it. It'll update the timestamp on the back-end zip file. You then know which list is associated with which zip.
The LIST file in the zip is comma seperated list: very important: no CRLF at the end: One Line Only!. It'll show up OK in the GUI with a CRLF, but won't work.
2015-11-17 03:00 PM
Hi!,
Not via REST, but it can be done by manually updating the zip in
/home/rsasoc/rsa/soc/reporting-engine/liststore/
Open a list, and save it. It'll update the timestamp on the back-end zip file. You then know which list is associated with which zip.
The LIST file in the zip is comma seperated list: very important: no CRLF at the end: One Line Only!. It'll show up OK in the GUI with a CRLF, but won't work.