/
FeedAWS.yml
180 lines (180 loc) · 3.9 KB
/
FeedAWS.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
category: Data Enrichment & Threat Intelligence
commonfields:
id: AWS Feed
version: -1
configuration:
- display: Services
name: services
options:
- AMAZON
- EC2
- ROUTE53
- ROUTE53_HEALTHCHECKS
- CLOUDFRONT
- S3
- AMAZON_APPFLOW
- AMAZON_CONNECT
- API_GATEWAY
- CHIME_MEETINGS
- CHIME_VOICECONNECTOR
- CLOUD9
- CLOUDFRONT_ORIGIN_FACING
- CODEBUILD
- DYNAMODB
- EBS
- EC2_INSTANCE_CONNECT
- GLOBALACCELERATOR
- KINESIS_VIDEO_STREAMS
- ROUTE53_HEALTHCHECKS_PUBLISHING
- ROUTE53_RESOLVER
- WORKSPACES_GATEWAYS
required: true
type: 16
- additionalinfo: The AWS Regions to fetch indicators by. If empty, all regions will be included.
display: Regions
name: regions
options:
- af-south-1
- ap-east-1
- ap-east-2
- ap-northeast-1
- ap-northeast-2
- ap-northeast-3
- ap-south-1
- ap-south-2
- ap-southeast-1
- ap-southeast-2
- ap-southeast-3
- ap-southeast-4
- ca-central-1
- cn-north-1
- cn-northwest-1
- eu-central-1
- eu-central-2
- eu-north-1
- eu-south-1
- eu-south-2
- eu-west-1
- eu-west-2
- eu-west-3
- me-south-1
- me-central-1
- sa-east-1
- us-east-1
- us-east-2
- us-gov-east-1
- us-gov-west-1
- us-west-1
- us-west-2
- GLOBAL
required: false
type: 16
- display: Fetch indicators
name: feed
required: false
defaultvalue: 'true'
type: 8
- defaultvalue: Good
display: Indicator Reputation
name: feedReputation
options:
- None
- Good
- Suspicious
- Bad
required: false
type: 18
additionalinfo: Indicators from this integration instance will be marked with this reputation
- additionalinfo: Reliability of the source providing the intelligence data
defaultvalue: A - Completely reliable
display: Source Reliability
name: feedReliability
options:
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
display: Traffic Light Protocol Color
name: tlp_color
options:
- RED
- AMBER
- GREEN
- WHITE
required: false
type: 15
- defaultvalue: indicatorType
name: feedExpirationPolicy
display: ""
required: false
options:
- never
- interval
- indicatorType
- suddenDeath
type: 17
- name: feedExpirationInterval
required: false
display: ""
type: 1
- defaultvalue: '5'
display: Feed Fetch Interval
name: feedFetchInterval
required: false
type: 19
- additionalinfo: Supports CSV values.
display: Tags
hidden: false
name: feedTags
required: false
type: 0
- additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
display: Bypass exclusion list
name: feedBypassExclusionList
required: false
defaultvalue: "true"
type: 8
- display: Trust any certificate (not secure)
name: insecure
required: false
type: 8
- display: Use system proxy settings
name: proxy
required: false
type: 8
description: Use the AWS feed integration to fetch indicators from the feed.
display: AWS Feed
name: AWS Feed
script:
commands:
- arguments:
- default: false
defaultValue: '50'
description: limits the number of context indicators to output
isArray: false
name: limit
required: false
secret: false
deprecated: false
description: Fetches indicators from the feed.
execution: false
name: aws-get-indicators
dockerimage: demisto/py3-tools:1.0.0.61931
feed: true
isfetch: false
longRunning: false
longRunningPort: false
runonce: false
script: '-'
subtype: python3
type: python
fromversion: 5.5.0
defaultclassifier: AWS Feed Classifier
defaultmapperin: AWS Feed Mapper
tests:
- No tests (auto formatted)