-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
FeedGoogleIPRanges.yml
111 lines (111 loc) · 2.89 KB
/
FeedGoogleIPRanges.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
category: Data Enrichment & Threat Intelligence
commonfields:
id: Google IP Ranges Feed
version: -1
configuration:
- defaultvalue: 'true'
display: Fetch indicators
name: feed
type: 8
required: false
- defaultvalue: All GCP customer global and regional external IP ranges
display: IP Address Ranges
name: ip_ranges
options:
- All GCP customer global and regional external IP ranges
- All available Google IP ranges
required: true
type: 15
additionalinfo: IP address ranges group to be fetched. See integration help for more information.
- additionalinfo: Indicators from this integration instance will be marked with this reputation
defaultvalue: None
display: Indicator Reputation
name: feedReputation
options:
- None
- Good
- Suspicious
- Bad
type: 18
required: false
- additionalinfo: Reliability of the source providing the intelligence data
defaultvalue: A - Completely reliable
display: Source Reliability
name: feedReliability
options:
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
display: Traffic Light Protocol Color
name: tlp_color
options:
- RED
- AMBER
- GREEN
- WHITE
type: 15
required: false
- display: ""
name: feedExpirationPolicy
defaultvalue: suddenDeath
type: 17
options:
- never
- interval
- indicatorType
- suddenDeath
required: false
- defaultvalue: '20160'
display: ""
name: feedExpirationInterval
type: 1
required: false
- defaultvalue: '240'
display: Feed Fetch Interval
name: feedFetchInterval
type: 19
required: false
- additionalinfo: Supports CSV values.
display: Tags
name: feedTags
type: 0
required: false
- additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
display: Bypass exclusion list
name: feedBypassExclusionList
type: 8
required: false
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- display: Use system proxy settings
name: proxy
type: 8
required: false
description: Use the Google IP Ranges integration to get GCP and Google global IP ranges.
display: Google IP Ranges Feed
name: Google IP Ranges Feed
script:
commands:
- arguments:
- name: limit
description: The maximum number of results to return. The default value is 10.
defaultValue: "10"
description: Gets indicators from the feed.
name: google-ip-ranges-get-indicators
dockerimage: demisto/py3-tools:1.0.0.79870
feed: true
runonce: false
script: '-'
subtype: python3
type: python
fromversion: 6.0.0
tests:
- Fetch Indicators Test