Cybersixgill darkfeed add subfeeds ids (#26110) (#26144)

* Update .devcontainer.json name * Added darkfeed feed ids from 29 to 56 * Updated release notes * update docker image version and yaml formatting * Updated release notes * Update .devcontainer/devcontainer.json --------- Co-authored-by: syed-loginsoft <97145640+syed-loginsoft@users.noreply.github.com> Co-authored-by: syed-loginsoft <syed-loginsoft@users.noreply.github.com> Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>
demisto · Apr 30, 2023 · 093c6ca · 093c6ca
1 parent e5c1587
commit 093c6ca
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 12 deletions.
diff --git a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.py b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.py
@@ -226,6 +226,34 @@ def stix2_to_demisto_indicator(stix2obj: Dict[str, Any], log, tags: list = [], t
     'darkfeed_026': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
     'darkfeed_027': {'name': FeedIndicatorType.IP, 'pipeline': []},
     'darkfeed_028': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_029': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_030': {'name': FeedIndicatorType.File, 'pipeline': []},
+    'darkfeed_031': {'name': FeedIndicatorType.Domain, 'pipeline': [strip_http, clean_url]},
+    'darkfeed_032': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_033': {'name': FeedIndicatorType.File, 'pipeline': []},
+    'darkfeed_034': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_035': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_036': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_037': {'name': FeedIndicatorType.File, 'pipeline': []},
+    'darkfeed_038': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_039': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_040': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_041': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_042': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_043': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_044': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_045': {'name': FeedIndicatorType.File, 'pipeline': []},
+    'darkfeed_046': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_047': {'name': FeedIndicatorType.Domain, 'pipeline': [strip_http, clean_url]},
+    'darkfeed_048': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_049': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_050': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_051': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_052': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_053': {'name': FeedIndicatorType.File, 'pipeline': []},
+    'darkfeed_054': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]},
+    'darkfeed_055': {'name': FeedIndicatorType.IP, 'pipeline': []},
+    'darkfeed_056': {'name': FeedIndicatorType.IP, 'pipeline': []}
 }
 
 

diff --git a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml
@@ -16,8 +16,7 @@ configuration:
   name: feed
   required: false
   type: 8
-- additionalinfo: Indicators from this integration instance will be marked with this
-    reputation
+- additionalinfo: Indicators from this integration instance will be marked with this reputation
   defaultvalue: feedInstanceReputationNotSet
   display: Indicator Reputation
   name: feedReputation
@@ -41,8 +40,7 @@ configuration:
   - F - Reliability cannot be judged
   required: true
   type: 15
-- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators
-    fetched from the feed
+- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
   display: Traffic Light Protocol Color
   name: tlp_color
   options:
@@ -77,9 +75,7 @@ configuration:
   name: maxIndicators
   required: false
   type: 0
-- additionalinfo: When selected, the exclusion list is ignored for indicators from
-    this feed. This means that if an indicator from this feed is on the exclusion
-    list, the indicator might still be added to the system.
+- additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
   display: Bypass exclusion list
   name: feedBypassExclusionList
   required: false
@@ -103,9 +99,7 @@ configuration:
   name: feedTags
   required: false
   type: 0
-description: Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time
-  Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses
-  straight into the XSOAR platform.
+description: Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform.
 display: Sixgill DarkFeed Threat Intelligence
 name: Sixgill_Darkfeed
 script:
@@ -123,7 +117,7 @@ script:
     description: Fetching Sixgill DarkFeed indicators
     execution: true
     name: sixgill-get-indicators
-  dockerimage: demisto/sixgill:1.0.0.54624
+  dockerimage: demisto/sixgill:1.0.0.56489
   feed: true
   isfetch: false
   longRunning: false
@@ -132,3 +126,5 @@ script:
   subtype: python3
   type: python
 fromversion: 5.5.0
+tests:
+- No tests (auto formatted)
diff --git a/Packs/Sixgill-Darkfeed/ReleaseNotes/2_1_0.md b/Packs/Sixgill-Darkfeed/ReleaseNotes/2_1_0.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Sixgill DarkFeed Threat Intelligence
+- Updated the Docker image to: *demisto/sixgill:1.0.0.56489*.
+
+- We’re happy to announce the release (April 16th) of Darkfeed 2.0, which integrates the industry’s best open-source IOC feeds into our deep and dark web IOC collection, delivering 20X more IOCs with richer context, mapped to the Mitre ATT&CK framework and STIX/TAXII compatible.
diff --git a/Packs/Sixgill-Darkfeed/pack_metadata.json b/Packs/Sixgill-Darkfeed/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Sixgill Darkfeed - Annual Subscription",
     "description": "This edition of Sixgill Darkfeed is intended for customers who have a direct annual subscription to Sixgill Darkfeed.\n\nGet contextual and actionable insights to proactively block underground threats in real-time with the most comprehensive, automated stream of IOCs \n\nFor organizations who are currently Darkfeed customers.",
     "support": "partner",
-    "currentVersion": "2.0.21",
+    "currentVersion": "2.1.0",
     "author": "Cybersixgill",
     "url": "",
     "email": "sales@cybersixgill.com",