Supported Cortex XSOAR versions: 5.5.0 and later.
Sixgill's premium underground intelligence collection capabilities, real-time collection and advanced warnings of IOCs help you keep your edge against unknown threats. This integration was integrated and tested with Sixgill clients.
- Navigate to Settings > Integrations > Servers & Services.
- Search for Sixgill DarkFeed Threat Intelligence.
- Click Add instance to create and configure a new integration instance.
|client_id||Sixgill API client ID.||True|
|client_secret||Sixgill API client secret.||True|
|feedReputation||The reputation to apply to the fetched indicators.||False|
|feedReliability||The reliability of the this feed.||True|
|tlp_color||The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp||False|
|feedFetchInterval||Feed Fetch Interval||False|
|feedBypassExclusionList||Bypass exclusion list||False|
|maxIndicators||The maximum number of indicators to fetch.||False|
- Click Test to validate the URLs, token, and connection.
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Fetching Sixgill DarkFeed indicators
- A valid Sixgill API client id and client secret.
|limit||The maximum number of results to return.||Optional|
There is no context output for this command.