Intel471 Malware Feed

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

"Intel471's Malware Intelligence is focused on the provisioning of a high fidelity and timely indicators feed with rich context, TTP information, and malware intelligence reports. This feed allows customers to block and gain an understanding of the latest crimeware campaigns and is for those that value timeliness, confidence (little to no false positives), and seek rich context and insight around the attacks they are seeing."

Configure Intel471 Malware Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Intel471 Malware Feed.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    feedFetch indicatorsFalse
    credentialsUsernameFalse
    feedReputationIndicator ReputationFalse
    feedReliabilitySource ReliabilityTrue
    tlp_colorTraffic Light Protocol ColorFalse
    feedExpirationPolicyFalse
    feedExpirationIntervalFalse
    feedFetchIntervalFeed Fetch IntervalFalse
    indicator_typeIndicator TypeTrue
    threat_typeSearch by Threat TypeFalse
    malware_familyMalware FamilyFalse
    confidenceSearch by confidenceFalse
    indicatorFree text indicator search (all fields included)False
    fetch_timeFirst fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
    feedTagsTagsFalse
    feedBypassExclusionListBypass exclusion listFalse
    proxyUse system proxy settingsFalse
    insecureTrust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

intel471-malware-get-indicators#


Gets the feed indicators.

Base Command#

intel471-malware-get-indicators

Input#

Argument NameDescriptionRequired
limitThe maximum number of results to return. Default is 50.Optional

Context Output#

There is no context output for this command.