Cyble Threat Intel
Cyble Threat Intel Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.2.0 and later.
Cyble Threat Intel is an integration which will help Existing Cyble Vision users. This integration would allow users to access the TAXII feed avaialable as part of Vision Licensing and integrate the data into XSOAR.
#
Configure Cyble Threat Intel on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Cyble Threat Intel.
Click Add instance to create and configure a new integration instance.
Parameter Required Server URL True Trust any certificate (not secure) False Use system proxy settings False Access Token True Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
This integration provides following command(s) which can be used to access the Threat Intelligence
#
cyble-vision-fetch-taxiiFetch the indicators based on the taxii service
#
Base Commandcyble-vision-fetch-taxii
#
InputArgument Name | Description | Required |
---|---|---|
page | Returns paginated records of the provided page considering the limits. Default is 1. | Required |
limit | Number of records to return per page(max 20). Using a smaller limit will get faster responses. Default is 10. | Optional |
start_date | Returns records starting with given date value. (Format: YYYY-mm-dd). | Required |
end_date | Returns records till the end date value. (Format: YYYY-mm-dd). | Required |
start_time | Returns records starting with given time value (Format: HH:mm:ss). Default is 00:00:00. | Optional |
end_time | Returns records till given time value (Format: HH:mm:ss). Default is 00:00:00. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CybleIntel.Threat.details | String | Returns the Threat Intel details from the Taxii service |