integration update

Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel.yml

@@ -4,12 +4,8 @@ commonfields:
 name: CybleThreatIntel
 display: Cyble Threat Intel
 category: Data Enrichment & Threat Intelligence
-description: Cyble Threat Intelligence for Vision Users. Must have access to Vision Taxii feed to access the threat intelligence.
+description: Cyble Threat Intelligence for Vision Users. Must have access to Cyble TAXII Feed to access the threat intelligence.
 configuration:
-- display: Server URL
-  name: url
-  type: 0
-  required: true
 - display: Trust any certificate (not secure)
   name: insecure
   type: 8
@@ -18,43 +14,129 @@ configuration:
   name: proxy
   type: 8
   required: false
-- display: Access Token
-  name: token
-  type: 4
+- display: Traffic Light Protocol Color
+  name: tlp_color
+  type: 15
+  required: false
+  options:
+  - RED
+  - AMBER
+  - GREEN
+  - WHITE
+  additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
+- display: Feed Fetch Interval
+  name: feedFetchInterval
+  type: 19
+  required: false
+  defaultvalue: '1440'
+- display: Discovery Service
+  name: discovery_service
+  type: 0
+  required: true
+  additionalinfo: Collection name to fetch indicators from.
+- display: Username
+  name: credentials
+  type: 9
   required: true
+- display: First fetch time
+  name: initial_interval
+  defaultvalue: '1'
+  type: 0
+  required: true
+  additionalinfo: The time interval for the first fetch (retroactive). Maximum of 7 days for retroactive value is allowed.
+- display: Fetch indicators
+  name: feed
+  type: 8
+  required: false
+  defaultvalue: 'true'
+- display: Indicator Reputation
+  name: feedReputation
+  type: 18
+  required: false
+  defaultvalue: None
+  options: 
+  - None
+  - Good
+  - Suspicious
+  - Bad
+  additionalinfo: Indicators from this integration instance will be marked with this reputation
+- display: Source Reliability
+  name: feedReliability
+  defaultvalue: A - Completely reliable
+  type: 15
+  required: true
+  options:
+  - A - Completely reliable
+  - B - Usually reliable
+  - C - Fairly reliable
+  - D - Not usually reliable
+  - E - Unreliable
+  - F - Reliability cannot be judged
+  additionalinfo: Reliability of the source providing the intelligence data
+- display: Indicator Fetch Limit
+  name: limit
+  type: 0
+  required: false
+  additionalinfo: Provide value to limit the indicator to be fetched per iteration
+- display: Collection Name
+  name: collection
+  type: 0
+  required: true
+- name: feedExpirationPolicy
+  display: ''
+  type: 17
+  required: false
+  options:
+  - never
+  - interval
+  - indicatorType
+  - suddenDeath
+- name: feedExpirationInterval
+  display: ''
+  type: 1
+  required: false
+- name: feedBypassExclusionList
+  display: Bypass exclusion list
+  type: 8
+  required: false
+  additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
+- name: feedTags
+  display: Tags
+  required: false
+  type: 0
+  additionalinfo: Supports CSV values.
 script:
-  script: |
+  script: |-
+    -
   type: python
   commands:
   - name: cyble-vision-fetch-taxii
     arguments:
-    - name: page
-      required: true
-      description: Returns paginated records of the provided page considering the limits
-      defaultValue: '1'
     - name: limit
-      description: Number of records to return per page(max 20). Using a smaller limit will get faster responses.
-      defaultValue: '10'
-    - name: start_date
-      required: true
-      description: 'Returns records starting with given date value. (Format: YYYY-mm-dd)'
-    - name: end_date
+      description: Number of records to fetch. Using a smaller limit will get faster responses
+      defaultValue: "50"
+    - name: begin
+      description: 'Returns records starting with given datetime (Format: %Y-%m-%d %H:%M:%S))'
+    - name: end
+      description: 'Returns records till the end timeline value. (Format: %Y-%m-%d %H:%M:%S)'
+    - name: collection
       required: true
-      description: 'Returns records till the end date value. (Format: YYYY-mm-dd)'
-    - name: start_time
-      description: 'Returns records starting with given time value (Format: HH:mm:ss)'
-      defaultValue: 00:00:00
-    - name: end_time
-      description: 'Returns records till given time value (Format: HH:mm:ss)'
-      defaultValue: 00:00:00
+      description: Collection Name
     outputs:
     - contextPath: CybleIntel.Threat.details
       description: 'Returns the Threat Intel details from the Taxii service '
       type: String
     description: Fetch the indicators based on the taxii service
-  dockerimage: demisto/python3:3.10.4.28442
+  - name: cyble-vision-get-collection-names
+    arguments: []
+    outputs:
+    - contextPath: CybleIntel.collection.names
+      description: Available ollection names for the feed service
+    description: Get the data feed collection names for the taxii feed
+  dockerimage: demisto/vision
   runonce: false
   subtype: python3
+  feed: true
 fromversion: 6.2.0
 tests:
 - No tests (auto formatted)

Packs/CybleThreatIntel/Integrations/CybleThreatIntel/CybleThreatIntel_description.md

@@ -1,7 +1,3 @@
-Cyble Threat Intel is an integration that will help existing Cyble Vision users. This integration would allow users to access
-the TAXII feed as part of Vision Licensing and integrate the data into XSOAR.
-
-Existing users need to use the URL and Access Token as part of the Cyble Vision subscription.
-
-For an Access Token, go to user settings in your Cyble Vision account, and press TAXII Setup.
-You can also contact your Account Manager to get the Access Token.
+Cyble Threat Intel is an integration which will help users to fetch Cyble's TAXII Feed service into XSOAR Environment. User needs to contact their Cyble Account Manager for getting required pre-requisites to access the Cyble's TAXII Feed Service.
+
+For details on configuration please contact your Cyble Account Manager.