FalconFeeds Module

The FalconFeeds Module allows you to import the Threat Feed from FalconFeeds.io straight into your Liberty91 tenant. Those events are then enriched in the same way as any other event, meaning they will automatically be checked for relevance, scanned for threats, Indicators of Compromise (IOCs), MITRE ATT&CK Techniques, assets and (importantly) suppliers.

You need to have at least the FalconFeeds Business subscription to be able to use this module.

To find your FalconFeeds API-key, click https://dash.falconfeeds.io/profile/api, or go to their portal, login, click to skip straight to the dashboard, then click on your profile avatar (it will be a circle with the first letter of your name). In your profile overview, click on 'API Access'.

Click on 'Generate New Key'. Name your key 'Liberty91' and set it to 'never expire'. The key will then appear in a pop-up window. You need to copy and paste this before clicking away, because it will not be shown again and you will have to regenerate a new key if you loose it.

Paste the key in the appropriate field in the FalconFeeds Module in Liberty91, and new events should start pouring in immediately.

Turning on this module consumes between 1 and 10 API calls upon activation, and 496 API-calls per month after that.