forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 13
/
FeedCSV.yml
182 lines (182 loc) · 5.12 KB
/
FeedCSV.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
category: Data Enrichment & Threat Intelligence
commonfields:
id: CSVFeed
version: -1
configuration:
- display: Fetch indicators
name: feed
defaultvalue: 'true'
type: 8
required: false
- additionalinfo: Indicators from this integration instance will be marked with this reputation
defaultvalue: feedInstanceReputationNotSet
display: Indicator Reputation
name: feedReputation
options:
- None
- Good
- Suspicious
- Bad
type: 18
required: false
- additionalinfo: Reliability of the source providing the intelligence data
defaultvalue: F - Reliability cannot be judged
display: Source Reliability
name: feedReliability
options:
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
display: Traffic Light Protocol Color
name: tlp_color
options:
- RED
- AMBER
- GREEN
- WHITE
type: 15
required: false
- defaultvalue: indicatorType
display: ""
name: feedExpirationPolicy
options:
- never
- interval
- indicatorType
- suddenDeath
type: 17
required: false
- defaultvalue: '20160'
name: feedExpirationInterval
display: ""
type: 1
required: false
- defaultvalue: '240'
display: Feed Fetch Interval
name: feedFetchInterval
type: 19
required: false
- additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
display: Bypass exclusion list
name: feedBypassExclusionList
type: 8
required: false
- additionalinfo: If selected, the indicator type will be auto detected for each indicator.
defaultvalue: 'true'
display: Auto detect indicator type
name: auto_detect_type
type: 8
required: false
- additionalinfo: Type of the indicator in the feed, If auto-detect is checked then the value set as Indicator Type will be ignored.
display: Indicator Type
name: indicator_type
type: 0
required: false
- display: URL
name: url
required: true
type: 0
- display: Username
name: credentials
type: 9
required: false
- additionalinfo: Time (in seconds) before HTTP requests timeout.
defaultvalue: '20'
display: Request Timeout
name: polling_timeout
required: true
type: 0
- additionalinfo: Python regular expression for lines to ignore.
display: Ignore Regex
name: ignore_regex
type: 0
required: false
- additionalinfo: The names to apply to the fields in the CSV feed. The name for the field containing the indicator should be "value". If left empty, the fetch will use existing headers only ('value' header is expected).
display: Field Names
name: fieldnames
type: 0
required: false
- additionalinfo: A one-character string used to separate fields. For example, a comma ",".
defaultvalue: ','
display: Delimiter
name: delimiter
type: 0
required: false
- additionalinfo: Controls how instances of quotechar in a field should themselves be quoted. When True, the character is doubled.
display: Double quote
name: doublequote
type: 8
required: false
- additionalinfo: A one-character string used by the writer to escape the delimiter.
display: Escape character
name: escapechar
type: 0
required: false
- additionalinfo: A one-character string used to quote fields containing special characters.
defaultvalue: '"'
display: Quote Character
name: quotechar
type: 0
required: false
- additionalinfo: When "True", whitespace immediately following the delimiter is ignored.
display: Skip Initial Space
name: skipinitialspace
type: 8
required: false
- additionalinfo: Text encoding for the CSV file. Defaults to latin-1.
display: Text Encoding
name: encoding
type: 0
required: true
defaultvalue: latin-1
- display: Tags
name: feedTags
type: 0
required: false
additionalinfo: Supports CSV values.
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- display: Use system proxy settings
name: proxy
required: false
type: 8
description: Fetch indicators from a CSV feed.
display: CSV Feed
name: CSVFeed
script:
commands:
- arguments:
- defaultValue: '50'
description: The maximum number of results to return to the output.
name: limit
- description: The indicator type. If the configuration parameter 'Auto detect indicator type' is marked true for the integration instance, then this value will be ignored.
name: indicator_type
description: Gets indicators from the feed.
name: csv-get-indicators
outputs:
- contextPath: CSV.Indicator.value
description: The indicator value.
type: String
- contextPath: CSV.Indicator.type
description: The indicator type.
type: String
- contextPath: CSV.Indicator.rawJSON
description: The indicator rawJSON value.
type: Unknown
dockerimage: demisto/py3-tools:1.0.0.80165
feed: true
runonce: false
script: ''
subtype: python3
type: python
tests:
- CSV_Feed_Test
fromversion: 5.5.0