Skip to main content

ORKL Threat Intel Feed

This Integration is part of the ORKL Threat Intel Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Use the ORKL Threat Intel Feed integration to get receive threat intelligence indicators from the feed. This integration was integrated and tested with version 1.0.0 of FeedORKL.

Configure ORKL Threat Intel Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for ORKL Threat Intel Feed.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Fetch indicatorsFalse
    Indicator ReputationIndicators from this integration instance will be marked with this reputationFalse
    Source ReliabilityReliability of the source providing the intelligence dataTrue
    Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feedFalse
    Create RelationshipsFetch related indicators. Default is "False".False
    False
    False
    Feed Fetch IntervalFalse
    Maximum Indicators per fetchFalse
    TagsSupports CSV values.False
    Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse

  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

orkl-get-reports#

Retrieves latest Threat Reports from ORKL

Base Command#

orkl-get-reports

Input#

Argument NameDescriptionRequired
limitMaximum number of Reports to return. Default is 5.Optional
order_byCriteria to order Threat Reports. Possible values are: created_at, updated_at, file_creation_date, file_modification_date. Default is file_creation_date.Optional
orderOrdering of results. Possible values are: asc, desc. Default is desc.Optional

Context Output#

There is no context output for this command.

Edit this page
Report an Issue