-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Sixgill_Darkfeed.yml
130 lines (130 loc) · 3.25 KB
/
Sixgill_Darkfeed.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
category: Data Enrichment & Threat Intelligence
commonfields:
id: Sixgill_Darkfeed
version: -1
configuration:
- display: Sixgill API client ID
name: client_id
required: true
type: 0
- display: Sixgill API client secret
name: client_secret
required: true
type: 4
- defaultvalue: 'true'
display: Fetch indicators
name: feed
required: false
type: 8
- additionalinfo: Indicators from this integration instance will be marked with this reputation
defaultvalue: feedInstanceReputationNotSet
display: Indicator Reputation
name: feedReputation
options:
- None
- Good
- Suspicious
- Bad
required: false
type: 18
- additionalinfo: Reliability of the source providing the intelligence data
defaultvalue: B - Usually reliable
display: Source Reliability
name: feedReliability
options:
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
display: Traffic Light Protocol Color
name: tlp_color
options:
- RED
- AMBER
- GREEN
- WHITE
required: false
type: 15
- defaultvalue: indicatorType
name: feedExpirationPolicy
display: ""
options:
- never
- interval
- indicatorType
- suddenDeath
required: false
type: 17
- defaultvalue: '20160'
display: ""
name: feedExpirationInterval
required: false
type: 1
- defaultvalue: '2'
display: Feed Fetch Interval
name: feedFetchInterval
required: false
type: 19
- defaultvalue: '1000'
display: The maximum number of indicators to fetch.
name: maxIndicators
required: false
type: 0
- additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
display: Bypass exclusion list
name: feedBypassExclusionList
required: false
type: 8
- display: Use system proxy settings
name: proxy
type: 8
required: false
- display: Incremental Feed
defaultvalue: 'true'
hidden: true
name: feedIncremental
required: false
type: 8
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- additionalinfo: Supports CSV values.
display: Tags
name: feedTags
required: false
type: 0
description: Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform.
display: Sixgill DarkFeed Threat Intelligence
name: Sixgill_Darkfeed
script:
script: '-'
commands:
- arguments:
- default: true
defaultValue: '50'
description: The maximum number of results to return.
isArray: false
name: limit
required: false
secret: false
deprecated: false
description: Fetching Sixgill DarkFeed indicators
execution: true
name: sixgill-get-indicators
dockerimage: demisto/sixgill:1.0.0.56489
feed: true
isfetch: false
longRunning: false
longRunningPort: false
runonce: false
subtype: python3
type: python
fromversion: 5.5.0
tests:
- No tests (auto formatted)