Skip to main content

AWS Feed

This Integration is part of the AWS Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Overview#

Use the AWS feed integration to fetch indicators from the feed.

Configure AWS Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for SpamhausFeed.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Services: Services of AWS to fetch indicators from:
      • AMAZON - All AMAZON ranges.
      • EC2 - EC2 ranges.
      • ROUTE53 - ROUTE53 ranges.
      • ROUTE53_HEALTHCHECKS - ROUTE53_HEALTHCHECKS ranges.
      • CLOUDFRONT - CLOUDFRONT ranges.
      • S3 - S3 ranges.
      • AMAZON_APPFLOW - AMAZON_APPFLOW ranges.
      • AMAZON_CONNECT - AMAZON_CONNECT ranges.
      • API_GATEWAY - API_GATEWAY ranges.
      • CHIME_MEETINGS - CHIME_MEETINGS ranges.
      • CHIME_VOICECONNECTOR - CHIME_VOICECONNECTOR ranges.
      • CLOUD9 - CLOUD9 ranges.
      • CLOUDFRONT_ORIGIN_FACING - CLOUDFRONT_ORIGIN_FACING ranges.
      • CODEBUILD - CODEBUILD ranges.
      • DYNAMODB - DYNAMODB ranges.
      • EBS - EBS ranges.
      • EC2_INSTANCE_CONNECT - EC2_INSTANCE_CONNECT ranges.
      • GLOBALACCELERATOR - GLOBALACCELERATOR ranges.
      • KINESIS_VIDEO_STREAMS - KINESIS_VIDEO_STREAMS ranges.
      • ROUTE53_HEALTHCHECKS_PUBLISHING - ROUTE53_HEALTHCHECKS_PUBLISHING ranges.
      • ROUTE53_RESOLVER - ROUTE53_RESOLVER ranges.
      • WORKSPACES_GATEWAYS - WORKSPACES_GATEWAYS ranges.
    • Fetch indicators: boolean flag. If set to true will fetch indicators.
    • Fetch Interval: Interval of the fetches.
    • Reliability: Reliability of the feed.
    • Traffic Light Protocol color: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp
    • Skip Exclusion List: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
    • Indicator reputation: Indicators from this integration instance will be marked with this reputation.
    • Trust any certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.
Edit this page
Report an Issue