Intel471 Malware Feed (Deprecated)

This Integration is part of the Intel471 Feed Pack.

Deprecated

Use Intel471 Malware Indicator Feed instead.

"Intel471's Malware Intelligence is focused on the provisioning of a high fidelity and timely indicators feed with rich context, TTP information, and malware intelligence reports. This feed allows customers to block and gain an understanding of the latest crimeware campaigns and is for those that value timeliness, confidence (little to no false positives), and seek rich context and insight around the attacks they are seeing."

Configure Intel471 Malware Feed on Cortex XSOAR

1. Navigate to Settings > Integrations > Servers & Services.

2. Search for Intel471 Malware Feed.

3. Click Add instance to create and configure a new integration instance.

   Parameter	Description	Required
   feed	Fetch indicators	False
   credentials	Username	False
   feedReputation	Indicator Reputation	False
   feedReliability	Source Reliability	True
   tlp_color	Traffic Light Protocol Color	False
   feedExpirationPolicy		False
   feedExpirationInterval		False
   feedFetchInterval	Feed Fetch Interval	False
   indicator_type	Indicator Type	True
   threat_type	Search by Threat Type	False
   malware_family	Malware Family	False
   confidence	Search by confidence	False
   indicator	Free text indicator search (all fields included)	False
   fetch_time	First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)	False
   feedTags	Tags	False
   feedBypassExclusionList	Bypass exclusion list	False
   proxy	Use system proxy settings	False
   insecure	Trust any certificate (not secure)	False

4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

intel471-malware-get-indicators

---

Gets the feed indicators.

Base Command

intel471-malware-get-indicators

Input

Argument Name	Description	Required
limit	The maximum number of results to return. Default is 50.	Optional

Context Output

There is no context output for this command.