Feed Utility command-line options

27 February 2024

ID 171404

Feed Utility is a console application. You can invoke it from the command line.

Syntax

Feed Utility uses the following syntax in Linux:

./kl_feed_util [options]

Feed Utility uses the following syntax in Windows:

kl_feed_util.exe [options]

Options

The following options are available:

  • -h [ --help ]

    Prints the help message.

  • -v [ --verbose ]

    Enables verbose mode.

    If verbose mode is enabled, Feed Utility prints detailed information about its activity to the screen. If verbose mode is disabled, brief information is printed.

  • -s [ --silent ]

    Enables silent mode.

    If silent mode is enabled, Feed Utility does not print information about its activity to the screen.

  • -c [ --config ] arg

    Specifies the path to the configuration file. The path must be specified in the arg argument.

    You can use absolute or relative paths. If a relative path is specified, it is calculated relative to the Feed Utilty binary file.

    The default value for this option is kl_feed_util.conf. Feed Utility searches for this file in the directory where its binary file is located.

  • -d [ --download ]

    Enables downloading mode.

    If this option is specified, Feed Utility downloads feeds, but does not process them.

    Downloaded files will be located in the directory specified in the WorkDir parameter of the Feed Utility configuration file.

  • -u [ --unpack ]

    Unpack downloaded feeds.

    If this option is specified, Feed Utility unpacks the feeds after downloading.

    This option can be used only in combination with -d or -p option.

  • -p [ --processing ]

    Enables processing mode.

    If this option is specified, Feed Utility processes feeds, but does not download or unpack them. Feed Utility does not delete the original feed files.

    Feed Utility looks for feeds in the directory specified in the WorkDir parameter of the Feed Utility configuration file.

    In processing mode, Feed Utility does not delete the original feed files, located in the WorkDir directory. This may lead to a situation where this directory contains several versions of one feed file. In this case, Feed Utility will print an error message. To avoid this situation, you must manually delete the original feed files from the WorkDir directory after they are processed by Feed Utility.

  • -f [--feed] arg

    Download or process the specified feed.

    The name of the feed must be specified in the arg argument. This name must correspond to the value of the Name parameter specified in feed rules (Feeds > Feed > Name).

    You can specify more than one feed. In this case, separate feed names with a semicolon (;).

    This option can be used with -d and -p options.

  • -i [--input]

    Parses an external feed and converts it to JSON format according to parsing rules defined for this feed.

    The name of the feed must be specified with -f format.

  • -l [ --list ]

    Prints the list of data feeds available with the current certificate, and whether or not each feed is specified in the Feed Utility configuration file: used in the output means that the feed is specified in the configuration file, unused means that the feed is not specified. The feed that is specified in the configuration file (used) may be enabled as well as disabled.

    This option can be used in combination with the -c or -v option.

  • --set-proxy username:password@host:port

    Writes specified proxy connection settings to the Feed Utility configuration file. The username and password parameters are written in encrypted form.

    Specify the user name in the username parameter, password in the password parameter, and proxy server address and port in the host and port parameters.

    If a proxy server does not require authentication, use the --set-proxy host:port format.

  • --set-taxii username:password@feedname@taxii-address@collectionname

    Writes specified TAXII server connection settings to the Feed Utility configuration file. The username and password parameters are written in encrypted form.

    If a TAXII server does not require authentication, use the feedname@taxii-address@collectionname format.

  • --set-basic-auth username:password@feedname

    Writes the specified basic authentication settings to the Feed Utility configuration file. The username and password parameters are written in encrypted form.

    If a password is not required, use the username:@feedname format.

  • --speedtest

    Measures the average speed with which Feed Utility downloads feeds from Kaspersky servers.

    You can combine this option with the -c option to specify the path to the configuration file that will be used.

  • --set-mailbox

    For connecting to the mail server, Feed Utility encodes the user name and password by using this parameter.

    In the --set-mailbox parameter, specify the {user}:{pass}@{FeedName} attribute,

    Where:

    {user} is a user account for connecting to a mail server.

    {pass} is a user account password for connecting to a mail server.

    {FeedName} is the name of the feed for which the connection settings are configured.

    If there is a space in the feed name, the name should be enclosed in quotation marks.

  • --check-mailbox-connection

    For checking connection with a mail server, in the --check-mailbox-connection parameter, specify the {FeedName} attribute, where {FeedName} is the name of the feed to be checked for connection settings.

    If there is a space in the feed name, the name should be enclosed in quotation marks.

Syntax examples

Run Feed Utility with the default parameters. Feed Utility will download, unpack, and process feeds.

  • In Linux:

    ./kl_feed_util

  • In Windows:

    kl_feed_util.exe

Run Feed Utility in verbose mode with a configuration file named custom_configuration.conf, which is located in the same directory as the utility binary file.

  • In Linux:

    ./kl_feed_util -v -c custom_configuration.conf

  • In Windows:

    kl_feed_util.exe -v -c custom_configuration.conf

Download and unpack feeds.

  • In Linux:

    ./kl_feed_util -d -u

  • In Windows:

    kl_feed_util.exe -d -u

Process the unpacked feeds. In this case, Feed Utility does not download the feeds—it only looks for the unpacked feed files and processes them.

  • In Linux:

    ./kl_feed_util -p

  • In Windows:

    kl_feed_util.exe -p

Unpack and process feeds.

  • In Linux:

    ./kl_feed_util -u -p

  • In Windows:

    kl_feed_util.exe -u -p

Download, unpack, and process the specified feed.

  • In Linux:

    ./kl_feed_util -f Demo_Botnet_CnC_URL_Data_Feed

  • In Windows:

    kl_feed_util.exe -f Demo_Botnet_CnC_URL_Data_Feed

Specify proxy connection parameters. These parameters are written to the configuration file.

  • In Linux:

    ./kl_feed_util --set-proxy 'user:pass@proxy.example.com:3128'

  • In Windows:

    kl_feed_util.exe --set-proxy 'user:pass@proxy.example.com:3128'

Specify proxy connection parameters for a proxy that does not require authentication. These parameters are written to the configuration file.

  • In Linux:

    ./kl_feed_util --set-proxy 'proxy.example.com:3128'

  • In Windows:

    kl_feed_util.exe --set-proxy 'proxy.example.com:3128'

Specify TAXII server connection parameters. These parameters are written to the configuration file.

  • In Linux:

    ./kl_feed_util --set-taxii 'user:pass@Example_Feed_Name@http://example.com@Example_Collection'

  • In Windows:

    kl_feed_util.exe --set-taxii 'user:pass@Example_Feed_Name@http://example.com@Example_Collection'

Display an average speed with which Feed Utility downloads the feeds from Kaspersky servers.

  • In Linux:

    ./kl_feed_util --speedtest

  • In Windows:

    kl_feed_util.exe --speedtest

Get the list of available data feeds, and then save the list to available_feeds.txt.

  • In Linux:

    ./kl_feed_util -l > available_feeds.txt

  • In Windows:

    kl_feed_util.exe -l > available_feeds.txt

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.