Skip to main content

Cyble Threat Intel

This Integration is part of the Cyble Threat Intel Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Cyble Threat Intel is an integration which will help Existing Cyble Vision users. This integration would allow users to access the TAXII feed avaialable as part of Vision Licensing and integrate the data into XSOAR.

Configure Cyble Threat Intel on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cyble Threat Intel.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URLTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Access TokenTrue
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

This integration provides following command(s) which can be used to access the Threat Intelligence

cyble-vision-fetch-taxii#


Fetch the indicators based on the taxii service

Base Command#

cyble-vision-fetch-taxii

Input#

Argument NameDescriptionRequired
pageReturns paginated records of the provided page considering the limits. Default is 1.Required
limitNumber of records to return per page(max 20). Using a smaller limit will get faster responses. Default is 10.Optional
start_dateReturns records starting with given date value. (Format: YYYY-mm-dd).Required
end_dateReturns records till the end date value. (Format: YYYY-mm-dd).Required
start_timeReturns records starting with given time value (Format: HH:mm:ss). Default is 00:00:00.Optional
end_timeReturns records till given time value (Format: HH:mm:ss). Default is 00:00:00.Optional

Context Output#

PathTypeDescription
CybleIntel.Threat.detailsStringReturns the Threat Intel details from the Taxii service