From 093c6cad89f7f593f486f48a0c5ecce25454e411 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Sun, 30 Apr 2023 17:03:38 +0300 Subject: [PATCH] Cybersixgill darkfeed add subfeeds ids (#26110) (#26144) * Update .devcontainer.json name * Added darkfeed feed ids from 29 to 56 * Updated release notes * update docker image version and yaml formatting * Updated release notes * Update .devcontainer/devcontainer.json --------- Co-authored-by: syed-loginsoft <97145640+syed-loginsoft@users.noreply.github.com> Co-authored-by: syed-loginsoft Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com> --- .../Sixgill_Darkfeed/Sixgill_Darkfeed.py | 28 +++++++++++++++++++ .../Sixgill_Darkfeed/Sixgill_Darkfeed.yml | 18 +++++------- Packs/Sixgill-Darkfeed/ReleaseNotes/2_1_0.md | 7 +++++ Packs/Sixgill-Darkfeed/pack_metadata.json | 2 +- 4 files changed, 43 insertions(+), 12 deletions(-) create mode 100644 Packs/Sixgill-Darkfeed/ReleaseNotes/2_1_0.md diff --git a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.py b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.py index 4a0a1811b651..205f13708a0b 100644 --- a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.py +++ b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.py @@ -226,6 +226,34 @@ def stix2_to_demisto_indicator(stix2obj: Dict[str, Any], log, tags: list = [], t 'darkfeed_026': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, 'darkfeed_027': {'name': FeedIndicatorType.IP, 'pipeline': []}, 'darkfeed_028': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_029': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_030': {'name': FeedIndicatorType.File, 'pipeline': []}, + 'darkfeed_031': {'name': FeedIndicatorType.Domain, 'pipeline': [strip_http, clean_url]}, + 'darkfeed_032': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_033': {'name': FeedIndicatorType.File, 'pipeline': []}, + 'darkfeed_034': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_035': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_036': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_037': {'name': FeedIndicatorType.File, 'pipeline': []}, + 'darkfeed_038': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_039': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_040': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_041': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_042': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_043': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_044': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_045': {'name': FeedIndicatorType.File, 'pipeline': []}, + 'darkfeed_046': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_047': {'name': FeedIndicatorType.Domain, 'pipeline': [strip_http, clean_url]}, + 'darkfeed_048': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_049': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_050': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_051': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_052': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_053': {'name': FeedIndicatorType.File, 'pipeline': []}, + 'darkfeed_054': {'name': FeedIndicatorType.URL, 'pipeline': [url_to_rfc3986, clean_url]}, + 'darkfeed_055': {'name': FeedIndicatorType.IP, 'pipeline': []}, + 'darkfeed_056': {'name': FeedIndicatorType.IP, 'pipeline': []} } diff --git a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml index ae6f39862c6d..167be33e0d79 100644 --- a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml +++ b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml @@ -16,8 +16,7 @@ configuration: name: feed required: false type: 8 -- additionalinfo: Indicators from this integration instance will be marked with this - reputation +- additionalinfo: Indicators from this integration instance will be marked with this reputation defaultvalue: feedInstanceReputationNotSet display: Indicator Reputation name: feedReputation @@ -41,8 +40,7 @@ configuration: - F - Reliability cannot be judged required: true type: 15 -- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators - fetched from the feed +- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed display: Traffic Light Protocol Color name: tlp_color options: @@ -77,9 +75,7 @@ configuration: name: maxIndicators required: false type: 0 -- additionalinfo: When selected, the exclusion list is ignored for indicators from - this feed. This means that if an indicator from this feed is on the exclusion - list, the indicator might still be added to the system. +- additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. display: Bypass exclusion list name: feedBypassExclusionList required: false @@ -103,9 +99,7 @@ configuration: name: feedTags required: false type: 0 -description: Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time - Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses - straight into the XSOAR platform. +description: Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform. display: Sixgill DarkFeed Threat Intelligence name: Sixgill_Darkfeed script: @@ -123,7 +117,7 @@ script: description: Fetching Sixgill DarkFeed indicators execution: true name: sixgill-get-indicators - dockerimage: demisto/sixgill:1.0.0.54624 + dockerimage: demisto/sixgill:1.0.0.56489 feed: true isfetch: false longRunning: false @@ -132,3 +126,5 @@ script: subtype: python3 type: python fromversion: 5.5.0 +tests: +- No tests (auto formatted) diff --git a/Packs/Sixgill-Darkfeed/ReleaseNotes/2_1_0.md b/Packs/Sixgill-Darkfeed/ReleaseNotes/2_1_0.md new file mode 100644 index 000000000000..0ba0f86eea1e --- /dev/null +++ b/Packs/Sixgill-Darkfeed/ReleaseNotes/2_1_0.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Sixgill DarkFeed Threat Intelligence +- Updated the Docker image to: *demisto/sixgill:1.0.0.56489*. + +- We’re happy to announce the release (April 16th) of Darkfeed 2.0, which integrates the industry’s best open-source IOC feeds into our deep and dark web IOC collection, delivering 20X more IOCs with richer context, mapped to the Mitre ATT&CK framework and STIX/TAXII compatible. diff --git a/Packs/Sixgill-Darkfeed/pack_metadata.json b/Packs/Sixgill-Darkfeed/pack_metadata.json index 1a9ed355c9ac..478b9350991c 100644 --- a/Packs/Sixgill-Darkfeed/pack_metadata.json +++ b/Packs/Sixgill-Darkfeed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Sixgill Darkfeed - Annual Subscription", "description": "This edition of Sixgill Darkfeed is intended for customers who have a direct annual subscription to Sixgill Darkfeed.\n\nGet contextual and actionable insights to proactively block underground threats in real-time with the most comprehensive, automated stream of IOCs \n\nFor organizations who are currently Darkfeed customers.", "support": "partner", - "currentVersion": "2.0.21", + "currentVersion": "2.1.0", "author": "Cybersixgill", "url": "", "email": "sales@cybersixgill.com",