How to set up Threat Intelligence via Slack for Free

Published on 14th May 2020 Author: RJ Russell

Threat Intelligence in Slack

Are you finding it hard to keep up with new major cybersecurity vulnerabilities that could affect your environment?

Unless cybersecurity is your full-time job, you’re probably not spending a lot of time wading through blog posts and listening to hours of podcasts just to keep up with every breaking story.

Most of us really just need to stay informed about the next “big one”, so that we can react quickly when our businesses are at risk. (Citrix Netscaler, anyone?). But how do you get the news you need without feeling overwhelmed?

The US Cybersecurity & Infrastructure Security Agency (CISA) is a reliable source for easily digestible security alerts and notices about major software products. They publish a manageable number of alerts, on average around one or two per day, which you can easily skim for items relevant to your environment. You can get these alerts on their website or in email, but it’s even easier if you add their RSS feed to a dedicated channel in Slack:

Visit the CISA’s US-CERT website to learn about the different types of notifications they have available. (Tip: “Alerts” is the most important, but it’s easiest to subscribe to all)

Visit their Mailing Lists and Feeds page and copy the RSS feed link for “All NCAS products”, or just the specific notifications you wish to receive (right-click and “Copy Link Address”, for example). You will paste the links in Step 5. If preferred, you can also subscribe to email alerts on this page.

Optional, but recommended: Create a new, dedicated channel in Slack to receive the feed. For example, “#us_cert”.

In a browser, Enable RSS feeds in Slack

Follow the instructions in Step 4 to access your RSS administration webpage and “Add a Feed”.

To receive all US-CERT feeds, use https://www.us-cert.gov/ncas/all.xml

Don’t be surprised if it takes a day or two for the first alert to appear!

RJ Russell, CISSP

As a Virtual CISO, RJ helps clients understand and manage their cybersecurity risk. He has previously worked in financial services managing the security and infrastructure of State Street’s CRD investment management SaaS platform. He also has more than 20 years of experience supporting enterprise production environments across several industries. RJ received his Bachelor of Science in Mechanical Engineering degree from Purdue University. He also is a Certified Information Systems Security Professional (CISSP).