Hi,
I am working on integrating a third-party threat intelligence platform with ArcSight. The integration involves ingesting threat intelligence feed data into ArcSight ESM from five different API endpoints:
1) BASE_URL/category_1
2) BASE_URL/category_2
3) BASE_URL/category_3
4) BASE_URL/category_4
5) BASE_URL/category_5
I want to provide configuration options for users while configuration so that they can:
- Enable or disable specific endpoints (e.g., if only the first three are enabled, only those categories will be ingested).
- Define the ingestion frequency (e.g., hourly or daily).
- Specify query parameters for API calls to pre-filter the data before ingestion.
What should I have to use, SmartConnector or a FlexConnector to achieve this level of configurability?
How can I implement this integration within ArcSight?
Any insights or best practices would be greatly appreciated!
Thanks,
Prashant