Supported Cortex XSOAR versions: 5.5.0 and later.
Secure Malware Analytics (formerly Threat Grid) combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
Navigate to Settings > Integrations > Servers & Services.
Search for Cisco Secure Malware Analytics.
Click Add instance to create and configure a new integration instance.
Parameter Description Required API Key The Cisco Secure Malware Analytics API key. True Feed Name The feed name to fetch. True First fetch The date or number of days from when to start fetching indicators. False Fetch indicators Whether to fetch indicators. False Indicator Reputation Indicators from this integration instance will be marked with this reputation. False Traffic Light Protocol Color The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. False Tags Supports CSV values. False Source Reliability Reliability of the source providing the intelligence data. True Feed Fetch Interval The feed fetch interval. False Bypass exclusion list When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. False Use system proxy settings Whether to use the system proxy settings. False Trust any certificate Whether to trust any certificate (not secure). False
Click Test to validate the API Key, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
|limit||The maximum number of indicators to retrieve.||Optional|
|CiscoSMA.value||String||The indicator value.|
|CiscoSMA.type||Unknown||The indicator type.|
|CiscoSMA.Tags||String||Tags that are associated with the indicator.|
|CiscoSMA.Description||String||The feed description.|
|CiscoSMA.FeedRelatedIndicators.type||String||The type of the indicators that are associated with the domain.|
|CiscoSMA.FeedRelatedIndicators.value||String||Indicators that are associated with the domain.|
value type o.o.o.o IP
WARNING: This command will reset your fetch history.
There are no input arguments for this command.
There is no context output for this command.
Fetch history deleted successfully