Unit42 Feed

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Unit42 feed of published IOCs, which contains known malicious indicators.

Note: Install the MITRE ATT&CK pack if you want the feed to create MITRE ATT&CK indicators in your environment from the the STIX reports.

Configure Unit42 Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Unit42 Feed.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
api_keyAPI KeyFalse
feedFetch indicatorsFalse
feedReputationIndicator ReputationFalse
feedReliabilitySource ReliabilityTrue
tlp_colorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp.False
feedExpirationPolicyThe feed’s expiration policy.False
feedExpirationIntervalThe interval after which the feed expires.False
feedFetchIntervalFeed Fetch IntervalFalse
feedBypassExclusionListBypass exclusion listFalse
feedTagsTagsFalse
proxyUse system proxy settingsFalse
insecureTrust any certificate (not secure)False
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

unit42-get-indicators#

Retrieves a limited number of the indicators.

Base Command#

unit42-get-indicators

Input#

Argument NameDescriptionRequired
limitThe maximum number of indicators to return. The default is 10.Optional

Context Output#

There is no context output for this command.

Command Example#

!unit42-get-indicators limit=3

Human Readable Output#

valuetype
c1ec28bc82500bd70f95edcbdf9306746198bbc04a09793ca69bb87f2abdb839File
e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88eFile
2014[.]zzux[.]comDomain
Edit this page
Report an Issue