Skip to main content

Cybersixgill Actionable Alerts

This Integration is part of the Cybersixgill Actionable Alerts Pack.#

Cybersixgill automatically collects intelligence in real-time on all items that appear in the underground sources which we monitor. By using various rules and machine learning models, Cybersixgill automatically correlates these intelligence items with pre defined organization assets, and automatically alerts users in real time of any relevant intelligence items.

The integration will focus on retrieving Cybersixgill's Actionable Alerts as incidents

Use Cases#

Fetch Incidents & Events

Configure Cybersixgill on XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Cybersixgill.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
client_idCybersixgill API client IDTrue
client_secretCybersixgill API client secretTrue
threat_levelFilter by alert threat levelFalse
threat_typeFilter by alert threat typeFalse
  1. Click Test to validate the URLs, token, and connection.

Fetch incidents#

You can execute these commands from the XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

output#

[{
'name': "<alert name>",
'occurred': '<occurred>',
'details': '<details>',
'severity': <severity>,
'rawJSON': '{
"alert_name": "<alert name>",
"category": "regular",
"content": "<some content>",
"date": "<date>",
"id": "<id>",
"lang": "English",
"langcode": "en",
"read": false,
"threat_level": "imminent",
"threats": ["Fraud"],
"title": "<title>",
"user_id": "<id>",
"sixgill_severity": 10}'
}]

Additional Information#

Contact us: support@cybersixgill.com