ORKL Threat Intel Feed Pack.#This Integration is part of the
Supported Cortex XSOAR versions: 5.5.0 and later.
Use the ORKL Threat Intel Feed integration to get receive threat intelligence indicators from the feed. This integration was integrated and tested with version 1.0.0 of FeedORKL.
Navigate to Settings > Integrations > Servers & Services.
Search for ORKL Threat Intel Feed.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Fetch indicators False Indicator Reputation Indicators from this integration instance will be marked with this reputation False Source Reliability Reliability of the source providing the intelligence data True Traffic Light Protocol Color The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed False Create Relationships Fetch related indicators. Default is "False". False False False Feed Fetch Interval False Maximum Indicators per fetch False Tags Supports CSV values. False Bypass exclusion list When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. False Trust any certificate (not secure) False Use system proxy settings False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Retrieves latest Threat Reports from ORKL
|Maximum number of Reports to return. Default is 5.
|Criteria to order Threat Reports. Possible values are: created_at, updated_at, file_creation_date, file_modification_date. Default is file_creation_date.
|Ordering of results. Possible values are: asc, desc. Default is desc.
There is no context output for this command.