Darkfeed Threat hunting-research

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Search Endpoints By Hash - Generic
  • Isolate Endpoint - Generic
  • Block Indicators - Generic v2
  • Entity Enrichment - Generic v2


This playbook does not use any integrations.


  • SetAndHandleEmpty
  • SixgillSearchIndicators
  • Set
  • ToTable


This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileFile hash (MD5, SHA-1, SHA-256) from DarkfeedFile.NoneOptional
URLURL from DarkfeedURL.NoneOptional
Maximum number of IOCsSet value to the maximum number of IOCs you would like returned in searches for items from the same source and same actor50Optional
Query time lookupSet value to the number of days back in searches for IOCs with the same source and same actor3 day agoOptional
IPIP address from DarkfeedIP.NoneOptional
Is automated endpoint isolation activated?Set "yes" if you would like to automatically isolate endpoints on which malicious indicators were detectednoOptional
Is automated blocking activated?Set "yes" if you would like to automatically block discovered malicious indicators.noOptional
DomainDomain from DarkfeedDomain.NameOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Darkfeed Threat hunting-research