DeCYFIR Indicators & Threat Intelligence Feed

This Integration is part of the DeCYFIR Pack.

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

DeCYFIR API's provides External Threat Landscape Management insights. This integration was integrated and tested with version v1 of DeCYFIR Feed

Configure DeCYFIR Indicators & Threat Intelligence Feed on Cortex XSOAR

1. Navigate to Settings > Integrations > Servers & Services.

2. Search for DeCYFIR Indicators & Threat Intelligence Feed.

3. Click Add instance to create and configure a new integration instance.

   Parameter	Description	Required
   DeCYFIR Server URL (e.g. https://decyfir.cyfirma.com)		True
   DeCYFIR API Key		True
   Trust any certificate (not secure)		False
   Use system proxy settings		False
   Fetch indicators		False
   Indicator Reputation	Indicators from this integration instance will be marked with this reputation.	False
   Source Reliability	Reliability of the source providing the intelligence data.	True
   		False
   		False
   Feed Fetch Interval		False
   Bypass exclusion list	When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.	False
   Tags	Supports CSV values.	False
   Traffic Light Protocol Color	The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed	False

4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

decyfir-get-indicators

---

Gets indicators from the feed.

Base Command

decyfir-get-indicators

Input

Argument Name	Description	Required

Context Output

There is no context output for this command.