Supported Cortex XSOAR versions: 5.5.0 and later.
Use Intel471 Malware Indicator Feed instead.
"Intel471's Malware Intelligence is focused on the provisioning of a high fidelity and timely indicators feed with rich context, TTP information, and malware intelligence reports. This feed allows customers to block and gain an understanding of the latest crimeware campaigns and is for those that value timeliness, confidence (little to no false positives), and seek rich context and insight around the attacks they are seeing."
Navigate to Settings > Integrations > Servers & Services.
Search for Intel471 Malware Feed.
Click Add instance to create and configure a new integration instance.
Parameter Description Required feed Fetch indicators False credentials Username False feedReputation Indicator Reputation False feedReliability Source Reliability True tlp_color Traffic Light Protocol Color False feedExpirationPolicy False feedExpirationInterval False feedFetchInterval Feed Fetch Interval False indicator_type Indicator Type True threat_type Search by Threat Type False malware_family Malware Family False confidence Search by confidence False indicator Free text indicator search (all fields included) False fetch_time First fetch timestamp (
<time unit>, e.g., 12 hours, 7 days)
False feedTags Tags False feedBypassExclusionList Bypass exclusion list False proxy Use system proxy settings False insecure Trust any certificate (not secure) False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Gets the feed indicators.
|limit||The maximum number of results to return. Default is 50.||Optional|
There is no context output for this command.