Skip to main content

SecneurX Threat Feeds

This Integration is part of the Secneurx Threat Feeds Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

SecneurX provides real-time threat intelligence that protects companies against the latest cyber threats, including APTs, phishing, malware, ransomware, data exfiltration, and brand infringement. Security teams rely on our dependable and rich data to expand their threat landscape visibility, resulting in improved detection rates and response times. This integration was integrated and tested with version 1.0.0 of SecneurX Threat Feeds

Configure SecneurX Threat Feeds on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for SecneurX Threat Feeds.

  3. Click Add instance to create and configure a new integration instance.

    Feed URLInput the url of SecneurX Threat Intelligence Feeds.True
    API KeyInput the API key for fetching feed from the source.True
    Fetch indicatorsSelect this option if you want this integration instance to fetch indicators from the SecneurX Threat Intelligence feed.False
    Indicator ReputationIndicators from this integration instance will be marked with this reputationFalse
    TagsSupports CSV values.False
    Source ReliabilityReliability of the source providing the intelligence dataTrue
    Feed Fetch IntervalHow often do fetch indicators from this integration instance. You can specify the interval in days, hours, or minutes.True
    Feed Expiration PolicyFalse
    Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feedFalse
    First fetchFirst fetch query e.g., 12 hours, 7 days. SecurityScorecard provides a maximum of 7 days back. To ensure no alerts are missed, it's recommended to use a value less than 2 days.False
    Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False
    proxyUse system proxy settingsFalse
    insecureTrust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Retrieves a limited number of the indicators.

Base Command#



Argument NameDescriptionRequired
limitThe maximum number of indicators to return. The default is 10.Optional

Context Output#

There is no context output for this command.

Human Readable Output#

Domainmak.logupdates.xyzfirstseenbysource: 2022-06-13T10:37:23Z, indicatoridentification: indicator--c0f9425f-a3e9-4fcf-85c5-58e809f4e763, verdict: Malicious, tags: apt , Donot APT, modified: 2022-06-13T10:37:23Z, reportedby: SecneurX Threat Feeds


Be aware, due to API limitations, fetch-indicators fetches only a limited number of indicators for each interval. Fetching all the indicators can take up to 24 hours.