Skip to main content

Sixgill DarkFeed Threat Intelligence

This Integration is part of the Sixgill Darkfeed - Annual Subscription Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Sixgill's premium underground intelligence collection capabilities, real-time collection and advanced warnings of IOCs help you keep your edge against unknown threats. This integration was integrated and tested with Sixgill clients.

Configure Sixgill_Darkfeed on XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Sixgill DarkFeed Threat Intelligence.
  3. Click Add instance to create and configure a new integration instance.
client_idSixgill API client ID.True
client_secretSixgill API client secret.True
feedFetch indicators.False
feedReputationThe reputation to apply to the fetched indicators.False
feedReliabilityThe reliability of the this feed.True
tlp_colorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at
feedFetchIntervalFeed Fetch IntervalFalse
feedBypassExclusionListBypass exclusion listFalse
maxIndicatorsThe maximum number of indicators to fetch.False
  1. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

Fetch indicators#

Fetching Sixgill DarkFeed indicators

Required Permissions#
  • A valid Sixgill API client id and client secret.
Base Command#


Argument NameDescriptionRequired
limitThe maximum number of results to return.Optional
Context Output#

There is no context output for this command.

Command Example#


Human Readable Output#

Indicators from Sixgill Dark Feed:#

valuetyperawJSONscore 2020-02-06T10:03:54.091Z description: Malware available for download from file-sharing sites external_reference: {'description': 'Mitre attack tactics and technique reference', 'mitre_attack_tactic': 'Build Capabilities', 'mitre_attack_tactic_id': 'TA0024', 'mitre_attack_tactic_url': '', 'mitre_attack_technique': 'Obtain/re-use payloads', 'mitre_attack_technique_id': 'T1346', 'mitre_attack_technique_url': '', 'source_name': 'mitre-attack'} id: indicator--7a39257a-83d4-4f39-90d1-5b81ce1156e9 labels: malicious-activity, malware, Build Capabilities, Obtain/re-use payloads lang: en modified: 2020-02-06T10:03:54.091Z object_marking_refs: marking-definition--41eaaf7c-0bc0-4c56-abdf-d89a7f096ac4, marking-definition--f88d31f6-486f-44da-b317-01333bde0b82 pattern: [url:value = ''] sixgill_actor: vvv555 sixgill_confidence: 80 sixgill_feedid: darkfeed_010 sixgill_feedname: malware_download_urls sixgill_postid: 2f1dcc205421d20a4038b9f51b9d2c5b0b7451d1 sixgill_posttitle: SOCKS socks4 sixgill_severity: 80 sixgill_source: forum_bhf spec_version: 2.0 type: indicator valid_from: 2020-01-06T03:00:59Z3


'value': '',
'type': 'URL',
{'created': '2020-02-06T10:03:54.091Z',
'description': 'Malware available for download from file-sharing sites',
'external_reference': [{
'description': 'Mitre attack tactics and technique reference',
'mitre_attack_tactic': 'Build Capabilities',
'mitre_attack_tactic_id': 'TA0024',
'mitre_attack_tactic_url': '',
'mitre_attack_technique': 'Obtain/re-use payloads',
'mitre_attack_technique_id': 'T1346',
'mitre_attack_technique_url': '',
'source_name': 'mitre-attack'
'id': 'indicator--7a39257a-83d4-4f39-90d1-5b81ce1156e9',
'labels': ['malicious-activity', 'malware', 'Build Capabilities', 'Obtain/re-use payloads'],
'lang': 'en',
'modified': '2020-02-06T10:03:54.091Z',
'object_marking_refs': [
'pattern': "[url:value = '']",
'sixgill_actor': 'vvv555',
'sixgill_confidence': 80,
'sixgill_feedid': 'darkfeed_010',
'sixgill_feedname': 'malware_download_urls',
'sixgill_postid': '2f1dcc205421d20a4038b9f51b9d2c5b0b7451d1',
'sixgill_posttitle': 'SOCKS socks4',
'sixgill_severity': 80,
'sixgill_source': 'forum_bhf',
'spec_version': '2.0',
'type': 'indicator',
'valid_from': '2020-01-06T03:00:59Z'
'fields': {
'source': 'forum_bhf',
'name': 'malware_download_urls',
'description': "description: Malware available for download from file-sharing sites\n
feedid: darkfeed_010\n
title: SOCKS socks4\n
post_id: 2f1dcc205421d20a4038b9f51b9d2c5b0b7451d1\n
actor: vvv555\nlang: en\n
labels: ['malicious-activity', 'malware', 'Build Capabilities', 'Obtain/re-use payloads']\n
external_reference: [{'description': 'Mitre attack tactics and technique reference',
'mitre_attack_tactic': 'Build Capabilities',
'mitre_attack_tactic_id': 'TA0024',
'mitre_attack_tactic_url': '',
'mitre_attack_technique': 'Obtain/re-use payloads',
'mitre_attack_technique_id': 'T1346',
'mitre_attack_technique_url': '',
'source_name': 'mitre-attack'}]"},
'score': 3
## Additional Information
Contact us: