How does Feedly AI detect indicators of compromise (IoCs)?
Feedly AI understands and recognizes IoCs mentioned in articles, and can gather them for you automatically.
When an article contains an IoC, Feedly AI will highlight it for you so it’s easy for you to find and confirm, even if it is buried in the text of a long article or threat intelligence report. The overview of all the referenced IoCs can be found on top of the article in Feedly AI prompts section where you can also export them via STIX or markdown format to your threat intelligence platform.
There are 2 ways that Feedly AI searches for IoCs listed in an article:
1) IoC tables or sections
The first way is by looking for any tables where the author lists the IoCs. This is the most effective way for Feedly AI to extract this data as the author has made it clear that this article is about the IoCs in the table.
2) Article content
The second way Feedly AI finds IoCs, if there is no table of IoCs, is by looking into the body of the article to extract them from the article itself.
Note: When there is both the table/section with IoCs at the bottom of the article and there are some IoCs mentioned within the article as well, Feedly AI extracts just the table and not the entire article content to reduce false positive results. In the rest of the article there may be other IPs that were mentioned without being IoCs, or protected URLs that are simply links to other resources.