-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Sixgill_Darkfeed.yml
142 lines (142 loc) · 3.58 KB
/
Sixgill_Darkfeed.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
category: Data Enrichment & Threat Intelligence
commonfields:
id: Sixgill_Darkfeed
version: -1
configuration:
- display: Sixgill API client ID
name: client_id
required: true
type: 0
- display: Sixgill API client secret
name: client_secret
required: true
type: 4
- defaultvalue: 'all'
display: Sixgill Confidence
name: confidence
required: false
type: 15
options:
- all
- "90"
- "80"
- "70"
- "60"
additionalinfo: 'Ingest all IOCs=all, IOC exactly fits description=90, IOC almost exactly fits description=80, IOC mostly fits description=70, IOC generally fits description=60'
- defaultvalue: 'true'
display: Fetch indicators
name: feed
required: false
type: 8
- additionalinfo: Indicators from this integration instance will be marked with this reputation
defaultvalue: feedInstanceReputationNotSet
display: Indicator Reputation
name: feedReputation
options:
- None
- Good
- Suspicious
- Bad
required: false
type: 18
- additionalinfo: Reliability of the source providing the intelligence data
display: Source Reliability
name: feedReliability
options:
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
defaultvalue: B - Usually reliable
- name: tlp_color
display: "Traffic Light Protocol Color"
options:
- RED
- AMBER
- GREEN
- WHITE
required: false
type: 15
additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
- defaultvalue: 'indicatorType'
display: ""
name: feedExpirationPolicy
required: false
type: 17
options:
- never
- interval
- indicatorType
- suddenDeath
- defaultvalue: '20160'
display: ""
name: feedExpirationInterval
required: false
type: 1
- defaultvalue: '2'
display: Feed Fetch Interval
name: feedFetchInterval
required: false
type: 19
- display: The maximum number of indicators to fetch.
name: maxIndicators
required: false
type: 0
defaultvalue: '1000'
- display: Bypass exclusion list
name: feedBypassExclusionList
type: 8
required: false
additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
- display: Use system proxy settings
name: proxy
required: false
type: 8
- display: Incremental Feed
name: feedIncremental
type: 8
required: false
defaultvalue: 'true'
hidden: true
- display: Trust any certificate (not secure)
name: insecure
required: false
type: 8
- additionalinfo: Supports CSV values.
display: Tags
name: feedTags
required: false
type: 0
description: Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform.
display: Sixgill DarkFeed Threat Intelligence
name: Sixgill_Darkfeed
script:
script: '-'
commands:
- arguments:
- default: true
defaultValue: '50'
description: The maximum number of results to return.
isArray: false
name: limit
required: false
secret: false
deprecated: false
description: Fetching Sixgill DarkFeed indicators
execution: true
name: sixgill-get-indicators
dockerimage: demisto/sixgill:1.0.0.61531
feed: true
isfetch: false
longRunning: false
longRunningPort: false
runonce: false
subtype: python3
type: python
fromversion: 5.5.0
tests:
- No tests (auto formatted)