Cyble Threat Intel Pack.#This Integration is part of the
Supported Cortex XSOAR versions: 6.2.0 and later.
Cyble Threat Intel is an integration which will help Existing Cyble Vision users. This integration would allow users to access the TAXII feed avaialable as part of Vision Licensing and integrate the data into XSOAR.
Navigate to Settings > Integrations > Servers & Services.
Search for Cyble Threat Intel.
Click Add instance to create and configure a new integration instance.
Parameter Required Server URL True Trust any certificate (not secure) False Use system proxy settings False Access Token True
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
This integration provides following command(s) which can be used to access the Threat Intelligence
Fetch the indicators based on the taxii service
|page||Returns paginated records of the provided page considering the limits. Default is 1.||Required|
|limit||Number of records to return per page(max 20). Using a smaller limit will get faster responses. Default is 10.||Optional|
|start_date||Returns records starting with given date value. (Format: YYYY-mm-dd).||Required|
|end_date||Returns records till the end date value. (Format: YYYY-mm-dd).||Required|
|start_time||Returns records starting with given time value (Format: HH:mm:ss). Default is 00:00:00.||Optional|
|end_time||Returns records till given time value (Format: HH:mm:ss). Default is 00:00:00.||Optional|
|CybleIntel.Threat.details||String||Returns the Threat Intel details from the Taxii service|