Cybersixgill Actionable Alerts
This Integration is part of the Cybersixgill Actionable Alerts Pack.#
Cybersixgill automatically collects intelligence in real-time on all items that appear in the underground sources which we monitor. By using various rules and machine learning models, Cybersixgill automatically correlates these intelligence items with pre defined organization assets, and automatically alerts users in real time of any relevant intelligence items.
The integration will focus on retrieving Cybersixgill's Actionable Alerts as incidents
Use Cases#
Fetch Incidents & Events
Configure Cybersixgill on XSOAR#
- Navigate to Settings > Integrations > Servers & Services.
- Search for Cybersixgill.
- Click Add instance to create and configure a new integration instance.
| Parameter | Description | Required |
|---|---|---|
| client_id | Cybersixgill API client ID | True |
| client_secret | Cybersixgill API client secret | True |
| threat_level | Filter by alert threat level | False |
| threat_type | Filter by alert threat type | False |
- Click Test to validate the URLs, token, and connection.
Fetch incidents#
You can execute these commands from the XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
output#
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
cybersixgill-update-alert-status#
updates the existing actionable alert status
Base Command#
cybersixgill-update-alert-status
Input#
| Argument Name | Description | Required |
|---|---|---|
| alert_id | The alert id to update. | Required |
| alert_status | The new status. | Required |
| aggregate_alert_id | The aggregate alert id. | Optional |
Context Output#
There is no context output for this command.
Additional Information#
Contact us: support@cybersixgill.com