DevNet Associate DEVASC 200-901 Official Certification Guide by Adrian Iliesiu (z-lib.org)

Sample feeds: These are all observables seen.

Indicator of Compromise (IOC) feeds: These are observables seen

via business intelligence. IOCs are used to indicate that the system has

been affected by some form of malware.

Curated feeds: These are highly curated and high-confidence feeds.

Table 11-7 shows the differences between these feeds.

Table 11-7 Threat Grid Feeds

Sample FeedsIOC FeedsCurated Feeds

Version /v2 /v2 /v3

Endpoi

nt

/sam

ples/f

eeds/

/iocs/fee

ds/

/feeds/

Content All

obser

vables

are

seen

Observa

bles are

seen in

all BIs

Observables are seen as

part of a trusted high-

confidence BI triggering

Pre-

whitelis

ted

No No Yes

Filterab

le to

only

you/org

?

Yes Yes No

Output

Format

s

JSON JSON JSON/CSV/Snort/STIX

Say that you want to retrieve all the curated feeds via
API. The curated feed types are shown in Table 11-8.

Table 11-8 Curated Feed Types