Darkfeed Threat hunting-research

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Search Endpoints By Hash - Generic
  • Isolate Endpoint - Generic
  • Block Indicators - Generic v2
  • Entity Enrichment - Generic v2

Integrations

This playbook does not use any integrations.

Scripts

  • SetAndHandleEmpty
  • SearchIndicators
  • Set
  • ToTable

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
FileFile hash (MD5, SHA-1, SHA-256) from DarkfeedFile.NoneOptional
URLURL from DarkfeedURL.NoneOptional
Maximum number of IOCsSet value to the maximum number of IOCs you would like returned in searches for items from the same source and same actor50Optional
Query time lookupSet value to the number of days back in searches for IOCs with the same source and same actor3 day agoOptional
IPIP address from DarkfeedIP.NoneOptional
Is automated endpoint isolation activated?Set "yes" if you would like to automatically isolate endpoints on which malicious indicators were detectednoOptional
Is automated blocking activated?Set "yes" if you would like to automatically block discovered malicious indicators.noOptional
DomainDomain from DarkfeedDomain.NameOptional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Darkfeed Threat hunting-research