Review data feeds

Your data feeds are automatically categorized and synchronized to the Anvilogic platform every 7 days. When you add a data feed, you can view it on the Data Feeds page within 7 days.

Review the data feed category

Verify the category of your data feeds matches what you expect, as this affects your MITRE coverage. Select Maturity Score () > Data Feeds from the navigation bar, the review the categories for each data feed:

To change or add categories to a data feed:

1. Click on the name of the data feed.

2. Click Tags.

3. In the Data Categories, field, enter the data categories you want associated with this data feed.

4. Click Update when you are finished.

Review the data feed quality

An initial quality feed assessment is made by the Anvilogic platform for any new data feed added to the Anvilogic platform.

Perform your own evaluation of the timeliness, logging level, field extraction, and monitoring scope for each data feed so you can assign a proper data feed quality. Feed quality is important because only Good quality feeds are used to generate recommendations on the Anvilogic platform.

To manually change the quality of a data feed:

1. Click on the name of the data feed.

2. Select one of the qualities from the Feed Quality dropdown.

3. Click Update when you are finished.

Auto-compute feed qualities are available for Windows event logs in Splunk. See Data feed quality auto computation.

Next step

Review and deploy recommended content.