Skip to main content

ACTI Indicator Feed

This Integration is part of the Accenture CTI Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Fetches indicators from an Accenture CTI feed. You can filter returned indicators by indicator type, indicator severity, threat type, confidence, and malware family (each of these are an integration parameter). Ingesting the indicator is being done in an incremental manner. This feed integration was integrated and tested with version v2.93.0 of ACTI.

Configure ACTI Indicator Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for ACTI Indicator Feed.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    feedFetch indicatorsFalse
    api_tokenAPI KeyTrue
    feedReputationIndicator ReputationFalse
    feedReliabilitySource ReliabilityTrue
    tlp_colorTraffic Light Protocol ColorFalse
    feedExpirationPolicyFalse
    feedExpirationIntervalFalse
    feedFetchIntervalFeed Fetch IntervalFalse
    feedIncrementalIncremental FeedFalse
    fetch_timeFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
    indicator_typeIndicator TypeTrue
    severityIndicator SeverityFalse
    threat_typeThreat TypeFalse
    confidence_fromConfidenceFalse
    malware_familyMalware FamilyFalse
    feedBypassExclusionListBypass exclusion listFalse
    feedTagsTagsFalse
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

acti-get-indicators#


Gets the feed indicators.

Base Command#

acti-get-indicators

Input#

Argument NameDescriptionRequired
limitThe maximum number of results to return. The default value is 50.Optional

Context Output#

There is no context output for this command.

Command Example#

!acti-get-indicators limit=10

Context Example#

There is no context output for this command.

Indicators#

valuetyperawJSON
http://example.comURLconfidence: 50
display_text: http://example.com
index_timestamp: 2020-12-13T23:31:03.848Z
key: http://example.com
last_modified: 2020-12-13T23:29:13.000Z
last_published: 2020-12-07T14:50:44.000Z
last_seen: 2020-12-13T20:08:24.000Z
last_seen_as: MALWARE_DOWNLOAD
malware_family:
replication_id: xxx
severity: 3
threat_types: Cyber Crime
type: url
uuid: xxx