Skip to main content

Unit 42 Feed (Deprecated)

This Integration is part of the Unit 42 Feed (Deprecated) Pack.#


Use Unit42 ATOMs Feed instead.

Deprecated. Use Unit42 ATOMs Feed instead.

Unit42 feed of published IOCs, which contains known malicious indicators.

Note: Install the MITRE ATT&CK pack if you want the feed to create MITRE ATT&CK indicators in your environment from the the STIX reports.

Configure Unit42 Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Unit42 Feed.
  3. Click Add instance to create and configure a new integration instance.
api_keyAPI KeyFalse
feedFetch indicatorsFalse
feedReputationIndicator ReputationFalse
feedReliabilitySource ReliabilityTrue
tlp_colorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at
feedExpirationPolicyThe feed’s expiration policy.False
feedExpirationIntervalThe interval after which the feed expires.False
feedFetchIntervalFeed Fetch IntervalFalse
feedBypassExclusionListBypass exclusion listFalse
proxyUse system proxy settingsFalse
insecureTrust any certificate (not secure)False
  1. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Retrieves a limited number of the indicators.

Base Command#



Argument NameDescriptionRequired
limitThe maximum number of indicators to return. The default is 10.Optional

Context Output#

There is no context output for this command.

Command Example#

!unit42-get-indicators limit=3

Human Readable Output#