-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
FeedUnit42v2.yml
122 lines (122 loc) · 2.94 KB
/
FeedUnit42v2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
category: Data Enrichment & Threat Intelligence
commonfields:
id: Unit42v2 Feed
version: -1
configuration:
- name: credentials
type: 9
displaypassword: API Key
hiddenusername: true
required: false
- display: API Key
name: api_key
type: 4
hidden: true
required: false
- display: Fetch indicators
name: feed
type: 8
defaultvalue: 'true'
required: false
- additionalinfo: Indicators from this integration instance will be marked with this reputation
display: Indicator Reputation
name: feedReputation
options:
- None
- Good
- Suspicious
- Bad
type: 18
required: false
- additionalinfo: Reliability of the source providing the intelligence data
display: Source Reliability
name: feedReliability
options:
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
defaultvalue: A - Completely reliable
- display: 'Traffic Light Protocol Color'
name: tlp_color
options:
- RED
- AMBER
- GREEN
- WHITE
type: 15
additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
required: false
- display: ''
name: feedExpirationPolicy
type: 17
options:
- never
- interval
- indicatorType
- suddenDeath
required: false
- display: ''
name: feedExpirationInterval
type: 1
required: false
- display: Feed Fetch Interval
name: feedFetchInterval
type: 19
defaultvalue: '240'
required: false
- additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
display: Bypass exclusion list
name: feedBypassExclusionList
type: 8
required: false
- display: Tags
name: feedTags
type: 0
additionalinfo: Supports CSV values.
required: false
- display: Use system proxy settings
name: proxy
type: 8
required: false
- defaultvalue: 'false'
display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- defaultvalue: 'true'
display: Create relationships
name: create_relationships
type: 8
required: false
description: Unit 42 feed of published IOCs, which contains known malicious indicators.
display: Unit 42 ATOMs Feed
name: Unit42v2 Feed
script:
commands:
- arguments:
- defaultValue: '10'
description: The maximum number of indicators to return. The default is 10.
name: limit
- auto: PREDEFINED
defaultValue: indicator
description: The type of the indicators to return.
name: indicators_type
predefined:
- indicator
- attack-pattern
description: Retrieves a limited number of the indicators.
name: unit42-get-indicators
dockerimage: demisto/taxii2:1.0.0.83423
feed: true
runonce: false
script: '-'
subtype: python3
type: python
tests:
- unit42_atoms
fromversion: 5.5.0