SecneurX Threat Feeds

This Integration is part of the Secneurx Threat Feeds Pack.

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

SecneurX provides real-time threat intelligence that protects companies against the latest cyber threats, including APTs, phishing, malware, ransomware, data exfiltration, and brand infringement. Security teams rely on our dependable and rich data to expand their threat landscape visibility, resulting in improved detection rates and response times. This integration was integrated and tested with version 1.0.0 of SecneurX Threat Feeds

Configure SecneurX Threat Feeds on Cortex XSOAR

1. Navigate to Settings > Integrations > Servers & Services.

2. Search for SecneurX Threat Feeds.

3. Click Add instance to create and configure a new integration instance.

   Parameter	Description	Required
   Feed URL	Input the url of SecneurX Threat Intelligence Feeds.	True
   API Key	Input the API key for fetching feed from the source.	True
   Fetch indicators	Select this option if you want this integration instance to fetch indicators from the SecneurX Threat Intelligence feed.	False
   Indicator Reputation	Indicators from this integration instance will be marked with this reputation	False
   Tags	Supports CSV values.	False
   Source Reliability	Reliability of the source providing the intelligence data	True
   Feed Fetch Interval	How often do fetch indicators from this integration instance. You can specify the interval in days, hours, or minutes.	True
   Feed Expiration Policy		False
   Traffic Light Protocol Color	The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed	False
   First fetch	First fetch query e.g., 12 hours, 7 days. SecurityScorecard provides a maximum of 7 days back. To ensure no alerts are missed, it's recommended to use a value less than 2 days.	False
   Bypass exclusion list	When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.	False
   proxy	Use system proxy settings	False
   insecure	Trust any certificate (not secure)	False

4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

snxfeeds-get-indicators

---

Retrieves a limited number of the indicators.

Base Command

snxfeeds-get-indicators

Input

Argument Name	Description	Required
limit	The maximum number of indicators to return. The default is 10.	Optional

Context Output

There is no context output for this command.

Human Readable Output

Type	Value	Fields
Domain	mak.logupdates.xyz	firstseenbysource: 2022-06-13T10:37:23Z, indicatoridentification: indicator--c0f9425f-a3e9-4fcf-85c5-58e809f4e763, verdict: Malicious, tags: apt , Donot APT, modified: 2022-06-13T10:37:23Z, reportedby: SecneurX Threat Feeds

Notes

Be aware, due to API limitations, fetch-indicators fetches only a limited number of indicators for each interval. Fetching all the indicators can take up to 24 hours.