-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Sixgill_Darkfeed.yml
135 lines (135 loc) · 3.43 KB
/
Sixgill_Darkfeed.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
category: Data Enrichment & Threat Intelligence
commonfields:
id: Sixgill_Darkfeed
version: -1
configuration:
- display: Sixgill API client ID
name: client_id
required: true
type: 0
- display: Sixgill API client secret
name: client_secret
required: true
type: 4
- defaultvalue: 'all'
display: Sixgill Confidence
name: confidence
type: 15
options:
- all
- "90"
- "80"
- "70"
- "60"
additionalinfo: 'Ingest all IOCs=all, IOC exactly fits description=90, IOC almost exactly fits description=80, IOC mostly fits description=70, IOC generally fits description=60'
required: false
- defaultvalue: 'true'
display: Fetch indicators
name: feed
type: 8
required: false
- additionalinfo: Indicators from this integration instance will be marked with this reputation
defaultvalue: feedInstanceReputationNotSet
display: Indicator Reputation
name: feedReputation
options:
- None
- Good
- Suspicious
- Bad
type: 18
required: false
- additionalinfo: Reliability of the source providing the intelligence data
display: Source Reliability
name: feedReliability
options:
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
defaultvalue: B - Usually reliable
- name: tlp_color
display: "Traffic Light Protocol Color"
options:
- RED
- AMBER
- GREEN
- WHITE
type: 15
additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
required: false
- defaultvalue: 'indicatorType'
display: ""
name: feedExpirationPolicy
type: 17
options:
- never
- interval
- indicatorType
- suddenDeath
required: false
- defaultvalue: '20160'
display: ""
name: feedExpirationInterval
type: 1
required: false
- defaultvalue: '2'
display: Feed Fetch Interval
name: feedFetchInterval
type: 19
required: false
- display: The maximum number of indicators to fetch.
name: maxIndicators
type: 0
defaultvalue: '1000'
required: false
- display: Bypass exclusion list
name: feedBypassExclusionList
type: 8
additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
required: false
- display: Use system proxy settings
name: proxy
type: 8
required: false
- display: Incremental Feed
name: feedIncremental
type: 8
defaultvalue: 'true'
hidden: true
required: false
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- additionalinfo: Supports CSV values.
display: Tags
name: feedTags
type: 0
required: false
description: Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform.
display: Sixgill DarkFeed Threat Intelligence
name: Sixgill_Darkfeed
script:
script: '-'
commands:
- arguments:
- default: true
defaultValue: '50'
description: The maximum number of results to return.
name: limit
description: Fetching Sixgill DarkFeed indicators
execution: true
name: sixgill-get-indicators
dockerimage: demisto/sixgill:1.0.0.86489
feed: true
runonce: false
subtype: python3
type: python
fromversion: 5.5.0
tests:
- No tests (auto formatted)