How to create a Web Alert on only articles that include IOCs / a STIX export?

If you want to tune your Leo Web Alert to show only articles with STIX files for export you can add the AND layer with the Leo concept Indicators of Compromise.

In the example below, the Leo Web Alert will track articles mentioning Lazarus Threat Actor Group AND including Indicators of Compromise. That means, you’ll be able to download all the IoCs via STIX.

To download the IoCs via STIX, you can open the article and press the Export as STIX 2.1 button in the Leo Prompts section.

Note: we have also created a dedicated API that allows you to pass on any of your feeds as input and export all the IoCs referenced in the articles of these feeds as STIX:

https://www.notion.so/feedly/How-to-export-IoCs-from-a-Feedly-Feed-or-Board-ae27a1a0e5704046a66c47fb74b7d61b

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.