Unit 42 Feed (Deprecated)
#
This Integration is part of the Unit 42 Feed (Deprecated) Pack.Deprecated
Use Unit42 ATOMs Feed instead.
Deprecated. Use Unit42 ATOMs Feed instead.
Unit42 feed of published IOCs, which contains known malicious indicators.
Note: Install the MITRE ATT&CK pack if you want the feed to create MITRE ATT&CK indicators in your environment from the the STIX reports.
#
Configure Unit42 Feed in CortexParameter | Description | Required |
---|---|---|
api_key | API Key | False |
feed | Fetch indicators | False |
feedReputation | Indicator Reputation | False |
feedReliability | Source Reliability | True |
tlp_color | The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp. | False |
feedExpirationPolicy | The feed’s expiration policy. | False |
feedExpirationInterval | The interval after which the feed expires. | False |
feedFetchInterval | Feed Fetch Interval | False |
feedBypassExclusionList | Bypass exclusion list | False |
feedTags | Tags | False |
proxy | Use system proxy settings | False |
insecure | Trust any certificate (not secure) | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
unit42-get-indicatorsRetrieves a limited number of the indicators.
#
Base Commandunit42-get-indicators
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of indicators to return. The default is 10. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!unit42-get-indicators limit=3
#
Human Readable Outputvalue | type |
---|---|
c1ec28bc82500bd70f95edcbdf9306746198bbc04a09793ca69bb87f2abdb839 | File |
e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e | File |
2014[.]zzux[.]com | Domain |