-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
TAXII2 Feed description and parameters update (#33241)
* Reorganized params * Feed description and parameters update * Docker * suggestions * suggestions
- Loading branch information
Showing
5 changed files
with
38 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 5 additions & 2 deletions
7
Packs/FeedTAXII/Integrations/FeedTAXII2/FeedTAXII2_description.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,12 @@ | ||
### Using API Token authentication | ||
### Using API Token Authentication | ||
In order to use the integration with an API token you'll first need to change the `Username / API Key` field to `_api_token_key`. Following this step, you can now enter the API Token into the `Password` field - this value will be used as an API key. | ||
|
||
|
||
### Using custom authentication header | ||
### Using Custom Authentication Header | ||
In case the TAXII 2 server you're trying to connect to requires a custom authentication header, you'll first need to change the `Username / API Key` field to `_header:` and the custom header name, e.g. `_header:custom_auth`. Following this step, you can now enter the custom authentication header value into the `Password` field - this value will be used as a custom authentication header. | ||
|
||
### Complex Observation Mode | ||
Two or more Observation Expressions MAY be combined using a complex observation operator such as "AND", "OR", and "FOLLOWEDBY", e.g. `[ IP = 'b' ] AND [ URL = 'd' ]`. These relationships are not represented in CORTEX XSOAR threat intel management indicators. You can opt to create them while ignoring these relations, or you can opt to ignore these expressions - if you choose to ignore these expressions, then no indicators will be created for complex observations. | ||
|
||
### API Roots and Collections | ||
Each TAXII server may contain more than one API root with different collections. If the needed API root is not the default one, set the `API Root to Use` parameter with the correct API root title. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
|
||
#### Integrations | ||
|
||
##### TAXII 2 Feed | ||
- Updated the Docker image to: *demisto/taxii2:1.0.0.89439*. | ||
- Updated the feed parameter order and the API root parameter title. | ||
- Updated the feed description to add clarity to using different API roots. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters