ioc_feeder

Description

After you configure Custom Intelligence Feeds (Indicators of Compromise, IoC) as described in sk132193, you can use this command for troubleshooting purposes to fetch the configured IoC Feeds.

In addition, see:

Important:

  • You must run this command in the Expert mode.

  • In a Cluster, you must configure all the Cluster Members in the same way.

  • On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must connect to the Gaia Portal of the applicable Security Group.

Procedure

  1. Connect to the command line on the Security Gateway / Cluster Member / Scalable Platform Security Group.

  2. Log in to the Expert mode.

  3. Rotate the current log file:

    mv -v $FWDIR/log/ioc_feeder.elg{,_BKP}

  4. Fetch IoC Feeds in the debug mode (this command does not show any output):

    $FWDIR/bin/ioc_feeder -d -f

  5. Example this log file on the Security Gateway / Cluster Member / Scalable Platform Security Group:

    $FWDIR/log/ioc_feeder.elg