Category Archives: What’s New

Track emerging threats with Leo, Feedly’s AI Engine

Cybersecurity
Speed up your open-source threat intelligence by 70% with Leo Web Alerts

The core of Feedly for Threat Intelligence is an AI engine, called Leo, that automatically gathers, analyzes, and prioritizes intelligence from millions of sources in real-time.

In this article, we’ll show you how to use Leo to:

  • Monitor critical vulnerabilities and zero-days
  • Research the behavior of specific threat actors and malware families
  • Understand the threat landscape around your industry
  • Track niche cybersecurity topics

START FREE TRIAL

Before we look at those four use cases, let’s start with a short overview of how Leo works.

Meet Leo, Feedly’s AI Engine

Leo reads millions of articles, reports, and social media posts every day and automatically tags key threat intelligence concepts: critical vulnerabilities, malware families, threat actors, indicators of compromise, ATT&CK techniques, companies, vendors, industries, etc.

Feedly’s AI Engine (Leo) automatically tags key threat intelligence concepts

All this information is at your fingertips in near real-time via a powerful and intuitive search and tracking interface called Leo Web Alerts.

Curious how it works? Let’s take a look at a Leo Web Alert designed to track critical vulnerabilities and zero-days related to Cisco Systems:

Leo Web Alerts: A powerful and intuitive search and tracking interface

Creating a Leo Web Alert is a three-step process:

  1. Use Leo Concepts to define the intelligence you want to gather. In our example, we use the ‘High Vulnerability’ and ‘Cisco Systems’ Leo Concepts to discover new critical vulnerabilities related to Cisco Systems.
  2. Use AND, OR, NOT operators to combine multiple Leo Concepts and refine your focus. In our example, we use AND to track articles and reports that reference both ‘High Vulnerabilities’ and ‘Cisco Systems’.
  3. If needed, refine sources with your own trusted sources. By default, Leo Web Alerts will search across the Cybersecurity Bundle (a collection of 50,000+ security news sources, threat research blogs, newsletters, vendor advisories, government agencies, vulnerability databases, CISO magazines, and Reddit communities curated collectively by 200,000 cyber professionals using Feedly and partitioned by Leo into three tiers based on popularity and authority).

Leo Web Alerts are feeds you can add to a team or personal folder. New articles, reports, or social media posts matching the specified Leo Concepts will appear in the Leo Web Alert feed.

Leo Concepts are easier to use, more comprehensive and less noisy than traditional keyword searches

The power of Leo Web Alerts is that ‘High Vulnerability’ and ‘Cisco Systems’ are not simple keyword matches. These Leo Concepts are machine learning models that encapsulate a broader understanding of each concept:

  • ‘High Vulnerability’ is a Leo Concept that tracks vulnerabilities with a CVSS score above 8 or a CVSS score above 5 that includes a known exploit. If the vulnerability does not have a CVSS score yet, a machine learning model is used to forecast the CVSS score based on the descriptions of the vulnerability. Learn more
  • ‘Cisco Systems’ is a ‘Company’ Leo Concept that tracks for mentions of Cisco by its name or any known aliases. When the company name is ambiguous, a disambiguation model is used to remove false positives.

Without Leo Concepts, gathering intelligence would require a tedious effort of trying to find a long list of the right keywords, leaving room for blind spots and lots of irrelevant results.

Feedly for Threat Intelligence comes with a wide range of pre-trained Leo Concepts so that you can easily translate your intelligence needs into Leo Web Alerts.

Feedly includes models for key threat intelligence concepts.

Let’s see how we can combine these Leo Concepts to proactively track specific threats and stay one step ahead of your adversaries.

Research the behavior of specific threat actors and malware families

Tracking the behavior of threat actors and malware families can be tedious and overwhelming, taking up valuable time that could be spent hunting for malicious activity in your environment.

That’s why Feedly has created a set of Leo Concepts that automatically tag threat actors, malware families, TTPs, and IoCs.

Let’s take a look at a Leo Web Alert designed to track the latest IoCs and TTPs related to Lazarus Group across threat intelligence reports published on the web:

Gather IoCs and TTPs related to Lazarus Groups from intelligence reports
  • ‘Lazarus Group’ is a ‘Threat Actor’ Leo Concept powered by Malpedia that tracks mentions of the threat actor by name or its many aliases. Learn more
  • ‘Indicators of Compromise’ is a Leo Concept that tracks malicious URLs, IPs, email addresses, domains, and hashes. Learn more
  • ‘Tactics & Techniques’ is a Leo Concept powered by the Mitre ATT&CK v10 framework that tracks tactics, techniques, and sub-techniques and their relationships. Learn more
  • ‘Threat Intelligence Report’ is a Leo Concept that flags intel reports containing in-depth technical details about IoCs, TTPs, threat actors, and malware. Learn more

Here are some additional Leo Concepts you can use to broaden or narrow your threat profiling:

Understand the threat landscape around your industry

Staying up to date with the latest attacks against your industry can help you be better prepared when putting defenses in place, as well as help you learn about which threat actors to look out for so you can be more targeted when gathering intelligence.

Let’s take a look at a Leo Web Alert designed to gather intelligence about cyber attacks in the finance industry:

Track cyber attacks around the finance industry
  • ‘Cyber Attacks’ is a Leo Concept that tracks instances of cyber attacks and tries to determine who or what the target of the attack is. Learn more
  • ‘Finance Industry’ is an ‘Industry’ Leo Concept that classifies articles related to the finance industry based on company mentions and terminology. Learn more

You can also easily narrow your focus on a specific type of attack:

Track credit card data breaches

Monitor critical vulnerabilities and zero-days

Manually keeping ahead of new vulnerabilities and zero-days is an impossible task, but you can set up Leo Web Alerts to help you stay up to date on new vulnerabilities that come across the radar of the global cybersecurity community.

Feedly aggregates vulnerability information from NVD and over 20 vendor advisory sites — as well as monitoring many sources to find exploits for each CVE — in near real-time.

Let’s take a look at a Leo Web Alert designed to surface critical vulnerabilities and zero-days related to a vendor deployed in your environment:

Track high vulnerabilities related to Zoom

When you discover a new CVE, you can use the CVE intelligence card to get a 360 degree view of that vulnerability and decide if you should create a ticket for your response team.

A CVE intelligence card – a 360 degree view of CVE-2021-44228

Track niche cybersecurity topics

You can also use Leo Web Alerts to track niche cybersecurity topics.

Let’s take a look at a Leo Web Alert designed to gather intelligence about malicious, compromised, or hijacked packages:

Here are some additional Leo Concepts you can use to track niche cybersecurity topics:

Getting smarter every day

The world’s leading cybersecurity teams use Feedly for their OSINT, so the product constantly improves based on their feedback.

Here is a roadmap of some of the new Leo Concepts we are researching:

2022 Leo Concepts Roadmap – Threat Intelligence

Feedly for Threat Intelligence customers can reach out to us at enterprise@feedly.com to give feedback on improving existing Leo Concepts or creating new ones to ensure that Feedly is working at full capacity to serve your Threat Intelligence needs.

Try Feedly for Threat Intelligence

All of these features, plus many more, are available as a part of Feedly for Threat Intelligence. To learn more about any of these features, or start a free 30-day trial, click the link below.

TRY FEEDLY FOR THREAT INTELLIGENCE

New: Track specific CVEs in Feedly

What’s New
Leo now autocompletes specific CVE IDs so you can monitor for exploits or attacks, or track threat intelligence reports mentioning the CVE

Looking to monitor a specific CVE ID? Previously, you had to type in the exact CVE ID and be sure it was the right number. Now, Leo autocompletes the CVE ID and shows you the description of the vulnerability, so you can be sure you’re tracking the right one.

Just start typing the CVE ID and choose the correct ID from the menu. Then, refine your Leo Web Alert and add it to a Folder.

This is a small improvement to the UI that makes it much easier for you to quickly track a CVE (instead of entering the ID manually) and to make sure you’re tracking the right CVE.

TRY FEEDLY FOR THREAT INTELLIGENCE

Create a Leo Web Alert to track a CVE and get updates as it develops

The more high profile a CVE becomes, the more likely threat actors will develop exploits for it. You can keep an eye on a trending vulnerability by simply creating a Leo Web Alert and adding it to your “Trending vulnerabilities” Folder, for example.

When it’s taking a while to apply a security patch, you want to keep an eye on the tactics used to exploit the vulnerability. Create a Leo Web Alert for the CVE ID and the concept “Cyber Attacks” and Leo will look for attacks or exploitation attempts related to the specific CVE.

Then, you and your team can use this information about available exploits to prioritize which vulnerabilities to patch. You can also update the Leo Web Alert to add more CVEs if needed, like when a vulnerability has multiple IDs associated with it.

Tracking, gathering and ingesting indicators of compromise is a great way to proactively hunt for signs of an attack on your environment. Since Leo allows you to gather and export IoCs from multiple sources (including articles, Twitter, Reddit, and emails), you can create a Web Alert to track a specific CVE ID and the “Indicators of Compromise” Leo Concept.

Once you create a Leo Web Alert for IoCs related to the specific CVE you’re tracking you can easily export the resulting IoCs with context and add them to your own security environment.

Track threat intelligence reports published about the CVE

Gather intelligence others have curated by adding the “Threat Intelligence Report” Leo Concept to your Web Alert. When you combine the CVE ID with the Threat Intelligence Report Leo Concept, you’ll get Threat Intel Reports mentioning the CVE.

Bundle these concepts together into a single Web Alert to keep an eye on a specific CVE

And if you want to get all angles of a CVE, you can combine all of these concepts into a single Leo Web Alert. Just track the specific CVE ID and add other Leo Concepts like Indicators of Compromise, Threat Intelligence Reports, and Cyber Attacks.

And don’t forget — to get a complete overview of a specific CVE in the moment, you can also click on the CVE ID and open up the CVE Intelligence Card. You’ll find an at-a-glance overview of exploits, malware families, and related threat actors in a single view.

Try tracking a specific CVE in Feedly

Not a member of the Feedly for Threat Intelligence community yet? Try a free 30 day trial and speed up your discovery and research of emerging threats.

START FREE 30-DAY TRIAL

You might also be interested in

Blueprint of a highly functional Feedly for Threat Intelligence Account

How to structure your Feedly for Threat Intelligence account to optimize your open source threat intelligenc

Research critical vulnerabilities with Leo CVE Intelligence Cards

Contextualized CVE information for faster threat research, without the overwhel

Blueprint of a highly functional Feedly for Threat Intelligence Account

Cybersecurity
How to structure your Feedly for Threat Intelligence account to optimize your open source threat intelligence

Start free 30 day feedly for threat intelligence trial

Many of the leading cyber security teams use Feedly to organize and automate their open-source threat intelligence and stay ahead of emerging threats. We have had the chance to research 100 of them and review their open-source threat intelligence best practices.

In this article, we will share how they translate their intelligence needs into various types of feeds and how they structure those feeds into a highly functional Feedly account.

Structure of a highly functional threat intelligence account

Most cybersecurity professionals start their day in the Threat Intelligence Dashboard. It offers a broad overview of the emerging threat landscape: trending cybersecurity articles and attacks, new critical vulnerabilities, active attackers, new behaviors, and malware families, so it’s easy to get a sense of what’s going on in just a few minutes.

Start your day with a general overview of the threat landscape with the Threat Intelligence Dashboard

Here’s a brief overview of each section:

  • Trending News: Stay ahead of attacks by seeing which threats are trending in the cybersecurity community.
  • Vulnerabilities: Improve reaction time and respond quickly to new vulnerabilities as they arise, allowing cybersecurity teams and their clients to stay informed of oncoming risks faster.
  • Attackers: Identify at a glance which Threat Actors are trending and quickly create Web Alerts to track their actions and behaviors.
  • Tactics & Techniques: Keep track of which TTPs are proving to be the most prevalent among Threat Actors, map data to the Mitre ATT&CK Navigator to compare with other Threat Actor Profiles, or to identify gaps in your defensive capability.
  • New Malware: Research what New Malware is affecting systems and be vigilant against emerging threats.

Discover critical vulnerabilities

The most effective way to track critical vulnerabilities and zero-days across the web is with Leo, Feedly’s AI research assistant. Leo has been pre-trained to understand vulnerabilities and assess their severity. He reads millions of articles every day, looking for critical security threats.

Track critical vulnerabilities for products deployed in your environment

When Leo finds a CVE, he automatically searches for its CVSS score, related exploits and malware families, links to threat actors, CWE information, and patches. He then organizes all this information into a rich CVE intelligence card.

If the CVE doesn’t have a CVSS score yet, Leo uses machine learning to predict the CVSS score, keeping you one step ahead of the latest emerging threats.

Discover critical vulnerabilities and get a 360-degree view with the CVE intelligence card

Creating a broad Leo Web Alert targeting all critical vulnerabilities gives you a big picture view of what is happening across the threat landscape, while adding specific vendors to the search narrows the focus into more precise and manageable feeds.

Cybersecurity teams often create a Leo Web Alert for each of the main products deployed in their environment and group them into a Vulnerabilities folder.

Track adversary behaviors

One way cybersecurity teams track and visualize the behaviors of specific Threat Actors and Malware Families is by using Feedly’s integration with the Mitre ATT&CK framework. Leo has been pre-trained to understand threat actors (integration with Malpedia), Mitre ATT&CK (version 10), and the concept of threat intelligence reports. These three concepts can be easily combined to track the behavior of selected adversaries.

Here is an example of a Leo Web Alert surfacing all the threat intelligence reports mentioning the Lazarus Group threat actor:

Track threat intelligence reports mentioning the Lazarus Group

Cybersecurity teams often create a Leo Web Alert for each of the threat actors and malware families defined on their threat profiling list and group them into a “Threat Intel” folder.

When Leo finds an article in which he has identified TTPs, he can map the content of that article to the ATT&CK navigator so that cybersecurity teams can easily analyze the adversary behavior and compare it with their existing defenses.

Automatically open TTPs mentioned in an article to the MITRE ATT&CK Navigator

Leo also automatically flags all the malicious IPs, hashes, domains, and URLs (IoCs) he identifies in articles so that they can easily be exported with links to threat actors, malware families, and vulnerabilities using STIX 2.1 and imported into Threat Intelligence Platforms (TIP).

Export IoCs with links to threat actors and malware using STIX 2.1

Track cyber attacks

Security teams can efficiently track cyber attacks targeting their industry or supply chain. Leo has been pre-trained to understand the concept of a cyber attack and who the target of the attack is. Here is an example of how a cybersecurity professional might ask Leo to track all the cyber attacks targeted at the finance industry.

Track cyber-attacks across the finance industry

The focus can also be narrowed down to more specific threats like “data breaches impacting credit cards” or “cyber attacks using multi-factor authentication”

Follow trusted security feeds

Feedly allows cybersecurity teams to follow a wide variety of trusted feeds all in one place, including websites and blogs, newsletters, Reddit communities, and Twitter accounts, searches, and hashtags. The teams that get the most out of Feedly turn it into their one-stop intelligence center so they can share common sources in one place. They end up saving hours each week because they’re no longer sharing articles ad-hoc across email, Slack, and other messaging platforms.

Follow your trusted security websites, blogs, newsletters, Twitter and Reddit in one place

Collect and share threat intelligence with Boards

When an article of importance surfaces, Feedly provides the tools to annotate, highlight, add notes, and save the article to a Board for review later. When an article is saved to a Team Board, Feedly for Threat Intelligence users have additional options to auto-generate Newsletters, share with Slack or Microsoft Teams, or use Feedly’s Rest API to integrate into an existing workflow.

Save and organize selected articles into Boards and share them with your teams

Here are a few examples of Team Boards that have helped cybersecurity teams stay organized:

  • Critical Vulnerabilities Board: Save articles about exploitable vulnerabilities and zero-days that a cybersecurity team will want to research and patch as soon as possible.
  • IoC Report Board: Save articles referencing IoCs that should be pushed to a threat intelligence platform.
  • Threat Intelligence Brief Board: Save articles to share with an executive team.
  • Threat Actors Board: Save articles describing behaviors of specific threat actors active in the industry that should be imported into the TIP for the rest of the team to research.
  • Emerging Malware Board: Save articles about techniques used by emerging malware families.
  • Supply Chain Attacks Board: Save instances of attacks and data breaches reference supply chain or third-party partners.

Try Feedly for Threat Intelligence

All of these features, plus many more, are available as a part of Feedly for Threat Intelligence. To learn more about any of these features, or start a free 30-day trial, click the link below.

Try Feedly for threat intelligence

You might also be interested in

Quickly discover and collect indicators of compromise from millions of sources

Leo recognizes IoCs mentioned in articles, and can gather them for yo

How Airbus CyberSecurity gets actionable cyber threat intelligence to customers in minutes

An inside look at how the Airbus CyberSecurity team is using Feedly to monitor and share actionable insight

Feeds and Folders

If you’ve popped into Feedly today, you might notice something’s…different.

We’ve introduced a new naming convention: RSS feeds and all the other streams of content you follow in Feedly (Twitter, Reddit, Newsletters) are feeds and the place you use to organize and group your feeds is a Folder.

Add the TechCrunch feed to one of your Folders

This doesn’t change anything about how Feedly works, it just makes it a little easier to talk about how to organize everything you follow and read. Happy reading!

Easily follow websites that don’t have RSS feeds

No RSS? No problem. You can now build your own feeds in Feedly for websites without RSS.

You already follow your favorite blogs, news sites, research journals, and more in Feedly. But when you come upon a site without an RSS option, what do you do? Manually opening separate tabs and remembering to check the RSS-less sites can get tedious and confusing. And some of the RSS builder tools out there can feel intimidating and complicated, especially if you already do all your reading and research inside Feedly.

That’s why we’re so excited to announce Feedly’s new RSS Builder. You can now create your own feeds for websites that don’t offer RSS and follow them in Feedly.

BUILD YOUR FIRST RSS FEED

When a website doesn’t offer an RSS feed, you’ll automatically get the option to build your own RSS feed in Feedly.

The RSS Builder feature solves one of the big problems our team used to have: they had trusted and favorite sources with no way to get in Feedly. Instead of having to look into multiple places like before, they can now follow all their favorite websites in one single place on Feedly!

Product Integration Manager, Feedly Enterprise User

Choose the articles you want to get in Feedly

When you try to follow a website that doesn’t offer RSS, you used to hit a dead end. Now, you’ll see the option to build your own RSS feed, and the RSS Builder will walk you through the simple steps to add a website without RSS to your Feedly.

First, choose the articles you want to get through RSS. When you open the RSS builder, you’ll get a preview of the web page. Scroll down the page, find the section of articles you’re interested in, and click on the articles you want to get in Feedly (such as the “latest posts” section of a company’s blog). Then, click ‘Build RSS feed.’ You’ll be prompted to add your new source to an existing Feed in Feedly. Add it to an existing Feed, or create a new Feed in which to organize your new source.

That’s it! You have officially built an RSS feed from scratch. Congrats.

 In the preview of the website, select the articles you want to get in Feedly. In this example, we selected articles from Fintastico’s Fintech Radar blog.

Feedly continuously updates your new RSS source

Articles from this new source (that you’ve created with the RSS Builder) will now get sent to your Feedly regularly. This source will behave like any other source in Feedly, and Leo, your AI research assistant, can assist you in the same way he’d be able to do on any other source: he can find the topics in article, deduplicate articles, summarize articles, or mute topics you don’t want to get in Feedly. 

Your shiny new source in Feedly! Articles from this new source will appear in your Feedly just like any other blog, website, or news source.

Easily read, annotate, or save articles from this RSS source

Now that you’ve used the RSS Builder to bring these articles into Feedly, you can read, annotate, save, or share articles just like content from any other source. Add Notes or Highlights to your reading to come back to later, or save an article to a designated Board to keep articles on a certain topic. You can share through integrations with social media sharing platforms, email, or Zapier. 

Add Notes, Highlights, or tag teammates (if you’re on an Enterprise plan) like any other article in Feedly.

Feedly can become a place for all news sources I want, and I can select the sources of information in a more granular way instead of waiting for sources to have an RSS.

Daniel Lewis, COO, Winno

Start building RSS feeds

No RSS? No problem. Build your own RSS feed in Feedly for websites without RSS.

BUILD RSS FEEDS

FAQs about building RSS feeds for websites without RSS

What is RSS?

RSS stands for really simple syndication. When a website offers an RSS feed, it makes content available in a file format that an RSS feed reader (like Feedly) can use to fetch the content so you can read it in real time. Until now, when a website didn’t offer RSS feeds, Feedly was unable to aggregate content from this RSS-less website into your Feedly.

How do I start building an RSS feed for a website that doesn’t offer RSS?

To create an RSS feed for a website without RSS, click on the ‘+’ button in the left navigation bar. In the ‘Websites’ tab, paste the website URL that you want to follow. You’ll automatically see the option to build an RSS feed. Click ‘Build RSS feed’ and follow the steps.

What Feedly plan do I need to access the RSS Builder feature?

The RSS Builder is available for users on Pro+ or Enterprise plans. Try it out.

Is there a limit to the amount of RSS feeds I can build?

You can create up to 25 RSS feeds in the Pro+ plan and up to 100 RSS feeds in the Enterprise plan with the RSS Builder tool.

Can I ask Leo to mute concepts in a source created with the RSS Builder?

Yes, you can create the same logic on top of sources you’ve built with the RSS Builder as you would on any other type of source. Ask Leo to mute concepts or keywords you don’t want to see in your Feed. 

Are there any sites I can’t follow with the RSS Builder?

While we try our best to allow you to follow any sites with RSS Builder, these sites are currently not available to build RSS feeds: 

1. Social media sites: Facebook, Instagram, TikTok, LinkedIn, Twitter (although you can get Tweets in Feedly with a Pro+ or Enterprise plan)

2. Websites that render content dynamically using JavaScript

3. Websites that don’t have links / URLs to fetch from

The RSS builder works best with sites that have an organized list of links, like a blog or list of articles. Sites that have a jumble of disorganized links (or no links on the page) aren’t easy to turn into RSS feeds. However, supporting this type of non-linear website changes is on our roadmap for the RSS Builder.

Can I use the RSS Builder on the Feedly mobile app?

Right now, the RSS Builder is only available on Feedly’s web app. However, you can still build RSS feeds on the web, and read them in your mobile app.

Is the RSS Builder available in Safari?

Unfortunately, the RSS Builder doesn’t work in Safari at this time, because Safari blocks all script execution without allow-scripts. If you’re a Safari user, you can use a different browser (like Chrome) to build your RSS feeds, and then continue to read in Feedly in your normal browser.

What should I do if I have more questions about the RSS Builder feature? 

Find even more answers to your RSS Builder questions in the Feedly Knowledge base, which we update regularly as the feature improves. And if you still need help, reach out to our customer support team. We’d love to help you out.

You might also be interested in

How to use Leo Web Alerts to track exactly what you’re looking for across the web

You can now track topics, companies, people, or events across any source. Here’s how

3 examples of Leo Web Alerts you’ll want to copy

How experts in industry intelligence, cybersecurity, and biopharma created Leo Web Alerts to track key topics and trend

Pin your favorite sources and boards at the top of your left navigation

Right-click on any Feed, Source, Web Alert or Board to add it to your Favorites section

Do you have a set of go-to-sources, boards, or Leo Web Alerts you navigate to regularly? You can now use the heart icon to pin them to the top of the left navigation bar and access them more quickly.

Right-click on any Feed, Source, Web Alert or Board to add it to your Favorites section.

If you were using the old favorites system, you should see a Favorites (Old) feed with the list of sources you added to your favorites. If you want to rename Favorites (Old) to a different name, please create a new feed and move the sources to that feed.

We are also adding a preference that allow you to use your first feed as your start page. This should allow you to continue to use your old favorites as your start page if that is your workflow.

However you choose to organize your Feedly, we want to make it easy to find what matters as fast as possible!

Quickly discover and collect indicators of compromise from millions of sources

Leo recognizes IoCs mentioned in articles, and can gather them for you

Finding and collecting relevant indicators of compromise is critical to your security, but with millions of articles to sort through, discovering and collecting the right ones is a challenge. Even if you know where to look, IoCs can be easy to miss and tedious to upload to your threat intelligence platform.

This is why we’re excited to announce that now you can discover, collect, and export malicious IPs, domains, hashes, and URLs mentioned in your Feeds or across the web, because Leo recognizes indicators of compromise.

start 30 day trial

We trained Leo, your AI research assistant inside Feedly, to understand, find, and even export IoCs, so that they are easier to find and prioritize. This feature is included with Feedly for Cybersecurity. 

“Being able to track IoCs with Feedly has been very helpful, our team has been using the new feature every day to be on top of potential risks. Just today, Leo was able to spot three IoCs in a long report I was reading although I hadn’t noticed them.” 

Michelle Barro, Threat Intelligence Analyst at Verizon

Collect IoCs from across the entire web

Leo recognizes malicious IPs, domains, hashes, and URLs within the text of articles, Tweets, or Reddit posts, and tags articles so you know how many and what type of IoCs appear in a given article. 

When an article contains an IoC, Leo will highlight it for you so it’s easy for you to find and confirm, even if it is buried in the text of a long article or threat intelligence report. 

If the IoCs are relevant, you can  export them to a markdown or STIX file that will include critical context such as the article link, malware, threat actor, CVE, product, and TTP information. 

To track indicators of compromise from across the entire web, click the “+” symbol on the left hand navigation menu, and navigate to the ‘Web Alerts” tab. Type “Indicators of Compromise,” then click “+ AND” to refine your Web Alert further if needed.

Now that I can use Feedly to track IoCs across the web, our process to upload new indicators to our environment is much faster and easier. Being able to track IoCs across millions of sources on the web helps us cover every base possible.”

Cybersecurity engineer at a leading Fortune 500 technology company

Find and export indicators of compromise

Feedly for Cybersecurity is an OSINT platform used by more than 100 cybersecurity teams globally to speed up their threat intelligence. See how Feedly can help you conduct threat research up to 70% faster by starting a free trial.

start 30 day trial

Let’s say you want to search for indicators of compromise related to a specific threat actor or malware. You can use Web Alerts to flag IoCs that match your query, even if the articles are from sources you don’t specifically follow.

The Web Alert shown in the example below will look for IoCs related to the Cobalt Strike malware family, making it easy to find what’s relevant, export it in seconds, and proactively monitor the web for future IoCs relevant to you. 

Find and export IoCs and their context

When you open article(s) that contain IoCs you’d like to upload to your preferred threat intelligence platform, you can export them in either STIX or Markdown formats. This is a significant time saver in contrast to scrolling through the article and copying and pasting what you need.

Your export will also include the IoC context such as the original article link, related malware, threat actor, CVE, product, and TTP information. This makes it even easier to take action. Here is an example of a STIX export:

Try Feedly for threat intelligence

Automate your IoC collection process with the Feedly API

The Advanced Feedly for Cybersecurity plan includes up to 100,000 requests per month and the full power of the Feedly API. Any action a user is taking in the Feedly application can be performed via the Feedly API, including collecting IoCs. You can access instructions for doing so here.

You can use the Feedly API to aggregate indicators of compromise and their context (associated threat actors, malwares, vulnerabilities and TTPs) from recent articles in a Feed, and return a single STIX object with all of those components and their relationships. 

To learn more about the power of the Feedly API or begin a trial or proof of context, click here.

It used to be particularly tedious to track the IoCs that are related to the critical UI CVEs or products my team has to be on top of. Now, with Feedly’s new IoC feature, I can track IoCs in a much faster and more visible way.”  

Michael Rossi, Independent Security Consultant

Find relevant IoCs previously published online

Finally, if you need to search for a specific set of IoCs already published online, you can do this via Power Search. Power Search allows you to leverage Leo’s knowledge graph within your existing Feeds or across the web, allowing you to get much more granular and accurate than standard web searches. 

Click the “?” icon in the left navigation menu to access the Power Search screen. From here, you can look for any articles that contain indicators of compromise. This is ideal when you need to track a malware family you haven’t tracked before, and want to quickly find known IoCs that are already available online.

The Indicators of Compromise feature, CVE dashboard, cyber attacks Smart Topic, and several more advanced features are included with Feedly for Cybersecurity. This enterprise package is perfect for cybersecurity teams that need to conduct open-source threat intelligence more efficiently. To learn more about any of these features, or start a free 30-day trial, click the link below.

Find and export indicators of compromise

Feedly for Cybersecurity is an OSINT platform used by more than 100 cybersecurity teams globally to speed up their threat intelligence. See how Feedly can help you conduct threat research up to 70% faster by starting a free trial.

start 30 day trial

You might also be interested in

How an Australian energy provider stays on top of critical cyber threats with Feedly

This analyst team designed AI-powered security Feeds in Feedly that proactively alert them about specific topics, threats, and threat actor

How a WillowTree cybersecurity analyst gathers threat intelligence in just 30 minutes a day

Drew Gallis, analyst at WillowTree, leverages Feedly for Cybersecurity to track cyber threats across the company’s supply chain and protect client

Use this pro tip to instantly send articles from Feedly to external recipients

Tips & Tricks
There’s a way to stop manually copying and pasting content into emails or Slack to share with clients, teammates, or collaborators

One Feedly Enterprise customer had come up with a clever trick to automatically email articles to a predefined group of 6 emails. It worked, but it was a little hacky. 

For teams that need to send critical information as quickly as possible (like the cyber threat intelligence teams that use Feedly, for example), instant communication about threats, data breaches, or vulnerabilities is important. And copying and pasting content at scale can really slow you down.

Remi, Customer Success & Operations lead at Feedly, helped one team find an even simpler way for instantly sending articles to external recipients.

They needed to send news immediately to external customers, but the customers weren’t members of their Feedly account. 

To avoid manually sending emails to customers each time a relevant article popped up, the team set up an IFTTT automation. It worked, but it was a little clunky:

  • They created an email address specifically for this purpose: ourteam123@gmail.com
  • If an article was saved to a designated Board, then it would be sent to this predefined Gmail address via IFTTT
  • Then, from that Gmail, IFTTT will trigger sending the email to a predetermined list of six recipients

And since the articles were sent from Feedly → Gmail → each recipient’s inbox, they weren’t the most visually pleasing.

A better (easier) way to immediately send articles to external recipients

Remi spotted an opportunity to make their lives easier, and helped simplify the workaround. It’s simple:

  • Highlight a section of the article you want to share
  • Then, leave a Note on the article with the person’s email address: +coworker@email.com

When you tag someone in the Notes section of an article, Feedly automatically sends an email to the recipient, and include the highlighted section in the body of the email. The look and feel of the email is a bit more polished than the Gmail workaround, and they don’t even have to click through to read the highlighted section of the article.

Instantly send articles from Feedly to lists of recipients 

Easy enough so far, right? But what happens when you want to send articles to the same list of six or seven people? You definitely don’t want to have to type their email addresses every single time.

Here’s the fun part: you can use tools like TextExpander to create keyboard shortcuts for your predetermined lists of email addresses, and paste that directly into Feedly. For example, if I often send articles to the same 7 external clients, I can create a snippet to avoid typing out those 7 email addresses every time I want to share something with a group.

Then, if someone replies to the email, it will automatically get sent to the original sender’s inbox (and not some noreply address). 

Try it out the next time you need to share a timely, relevant article. Happy reading!

Track the influence of the largest US companies with Feedly

What’s New
Leo understands and can track Fortune 500 companies and their aliases

Traditional keyword matches fail to understand aliases, synonyms and abbreviations, and standard content monitoring tools don’t allow you to track segments or industries, which puts you at risk of missing key information that could help you monitor the major players in your industry.

Today, we are excited to announce a new Leo smart topic, Fortune 500. This smart topic enables you to track mentions of the top 500 US companies without having to list each company (and their aliases) individually.

Layer topics to find what the content you need

Imagine you’re an analyst at a bank, and you’re interested in tracking what large companies and competitors are implementing around cryptocurrency and blockchain technology.

You can layer topics like “Cryptocurrency” with the Fortune 500 smart topic to find relevant articles quickly and ask Leo to include them in your Feeds.

Set a Leo Priority or Leo Web Alert with these filters to see articles about what Fortune 500 companies are doing with cryptocurrency and blockchain technology.

The Fortune 500 smart topic is available to Enterprise level customers. Try it today, or start a 30 day trial here.

Before using Leo, our team at Danone would struggle to find the most relevant information about our market and competitors. We would need to track our competitor names on Google News which would bring a lot of noise. Now that we use Leo to track our competitors, we have easy access to articles that are super aligned with what we need to track in our day to day.”

Yong Wang, Strategy & Global Insights, Danone

Find what matters with advanced AI

Put the power of AI in your hands, and track Fortune 500 events and trends proactively. Now available to all users in our Enterprise plan.

start 30 day trial

How can I access this Smart Topic?

This smart topic, as well as, Big Tech and industries, and more are part of Leo’s Advanced AI skills, and are available as part of our Enterprise level plans.

Can I try this before I upgrade?

Yes! We offer a 30-day free trial of our Enterprise level plan, including onboarding and access for your team. Request your trial here.

Which companies are included in this Smart Topic?

Each organization in the “Fortune 500” entity belongs to the list of the 500 largest United States corporations (by total revenue in 2020), listed by Fortune here. 

Can I teach Leo to understand other types of organizations?

Absolutely! Several of our Enterprise customers have shared lists of companies they would like to track in their Feedly. Please reach out to enterprise@feedly.com if you’re an Enterprise customer and we can help you track a custom company list.

Leo understands cyber attacks

New Feature
Easily track critical cyber attacks across your industry and supply chain.

The only constant in the realm of cyber security is change; hackers are continuously maturing and becoming more sophisticated, attack patterns are constantly evolving, and the threat landscape is growing more volatile every day; one cyber attack occurs every 39 seconds.

That’s why we’ve enhanced Leo’s knowledge of cyber attacks, targets, and industries so you can keep pace with the threat landscape and do what you do best: maintain the integrity of your security posture. You can ask Leo, your AI research assistant, to flag critical cyber attacks in your feeds and focus on specific attacks targeting your industry or supply chain. You can also push attack insights to your internal platforms via the Feedly API.

Go to video tutorial

Track all types of cyber attacks with a single smart topic priority

Leo flags important information to focus your efforts on targeted insights. Leo understands cyber attacks because we taught him about malware, ransomware, data breaches, phishing, social engineering, and fraud.

You can train Leo further and have him focus on the specific topics, threats, and threat actors you care about to gain a deeper understanding of the threat landscape as it applies to you.

From a proactive monitoring perspective, the power of using Feedly and Leo is to actually inform you of breaches before anyone else knows.”

Cybersecurity Analyst at a top energy provider

You can start by training Leo to recognize cyber attacks as a smart topic, a concept that Leo has been trained to understand with our AI models. Simply navigate to the security category you want to add this insight to and enter “cyber attack” as a topic. Training Leo to highlight cyber attacks in your security feed keeps you up-to-date with the most recent reports. Highlighting the attacks that are actually being conducted in the wild helps you effectively prioritize and ensures you never miss a thing. 

Focus on attacks targeting specific industries or Fortune 500 companies

We’ve taught Leo to recognize 19 industry sectors to ensure you always have the most current industry-relevant threat intelligence at your fingertips. Don’t see your industry? No problem! Ask us and we’ll teach Leo to recognize it.

We were able to turn the list of our top partners into a Leo Priority and ask Leo to flag cyberattacks targeting those partners. That’s how we identified that one of our vendors had been breached a week before that the actual company told us.”

Cybersecurity Analyst at top energy provider

Leo also recognizes each company listed in the Forbes Fortune 500 list to help you optimize and maintain your vendor security initiatives.You can gain these deeper insights simply by adding the industry or company you want Leo to flag for you. 

You can use Leo to detect new risks, reinforce your vendor risk programs, and potentially be the first to discover a breach. 

Track attacks targeting your supply chain

Track up to 1,000 vendors in your supply chain to see the most relevant cyber attacks early.

Supply chain attacks have been in the limelight recently. Now, Leo can help you cross-reference your known vulnerabilities with the latest threat intelligence. Proactive alerting informs you of critical vulnerabilities, cyber attacks, and emerging threats before anyone else. Need to know about zero-day exploits as soon as they are targeted? No problem. Need to create your own list of companies you want to track? Leo has your back.

Leo continuously gets smarter and more accurate. This process is optimized with your feedback! With the ‘Less Like This’ button, you can let Leo know the article he prioritized is wrong or not relevant to you. 

Everything you need, nothing you don’t

Every second counts in cybersecurity. You tell Leo what you want and he populates the insights you need, when you need them.

Leo does the work upfront so you can filter out the noise and save massive time, working smarter and faster. Up to 80% faster.

Before using Leo to track cyber attacks, we would struggle with an overload of data and waste time sifting through information. Our feed is now 2-3 times shorter, we do not miss out on any important cyber attacks and we earned back so much time!

Anonymous Cybersecurity Analyst

Want to track specific cyber attacks in your field?

The Leo Cyber Attack skill is one of Leo’s advanced AI skills in the Feedly for Cybersecurity package.

Start 30 day trial

You might also be interested in

Research critical vulnerabilities with the Leo CVE Dashboard

Contextualized CVE information for faster threat research, without the overwhel

How an Australian energy provider stays on top of critical cyber threats with Feedly

This analyst team designed AI-powered security Feeds in Feedly that proactively alert them about specific topics, threats, and threat actor