ACTI Feed (Deprecated)
#
This Integration is part of the Accenture CTI (Deprecated) Pack.Deprecated
Use Accenture CTI Feed instead.
Fetches indicators from an Accenture CTI feed. You can filter returned indicators by indicator type, indicator severity, threat type, confidence, and malware family (each of these are an integration parameter). Ingesting the indicator is being done in an incremental manner. This feed integration was integrated and tested with version v2.61.1 of ACTI.
#
Configure ACTI Feed on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for ACTI Feed.
Click Add instance to create and configure a new integration instance.
Parameter Description Required feed Fetch indicators False api_token API Key True feedReputation Indicator Reputation False feedReliability Source Reliability True tlp_color Traffic Light Protocol Color False feedExpirationPolicy False feedExpirationInterval False feedFetchInterval Feed Fetch Interval False feedIncremental Incremental Feed False fetch_time First fetch timestamp ( <number>
<time unit>
, e.g., 12 hours, 7 days)False indicator_type Indicator Type True severity Indicator Severity False threat_type Threat Type False confidence_from Confidence False malware_family Malware Family False feedBypassExclusionList Bypass exclusion list False feedTags Tags False insecure Trust any certificate (not secure) False proxy Use system proxy settings False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
idefense-get-indicatorsGets the feed indicators.
#
Base Commandidefense-get-indicators
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of results to return. The default value is 50. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!idefense-get-indicators limit=10
#
Context ExampleThere is no context output for this command.
#
Indicators
value type rawJSON http://example.com URL confidence: 50
display_text: http://example.com
index_timestamp: 2020-12-13T23:31:03.848Z
key: http://example.com
last_modified: 2020-12-13T23:29:13.000Z
last_published: 2020-12-07T14:50:44.000Z
last_seen: 2020-12-13T20:08:24.000Z
last_seen_as: MALWARE_DOWNLOAD
malware_family:
replication_id: xxx
severity: 3
threat_types: Cyber Crime
type: url
uuid: xxx