Skip to main content

Unit42 v2 Feed

Unit42 feed of published IOCs which contains malicious indicators.

The Unit42 v2 feed provides access to published IOCs that contain known malicious indicators. You can configure the number of indicators to be returned. The default is 10.

The newest Unit42 Feed V2 Pack introduces the STIX format and ingests more Threat Intel than before. All the Unit42 ATOM information now in your XSOAR Threat Intel Library.

  • STIX object-oriented - we are now using: Report, Intrusion Set, Campaign, Attack Pattern, Course of Action, and of course IOCs
  • The main Report object is associated to its related Intrusion Set and Campaigns
  • Each Campaign has its specific Attack Patterns, Course of Actions and IOCs
  • Starting with version 6.2 - RELATIONSHIPS between objects is now supported!

In order to access the Unit42 feed, you first must register for an account.

  1. Go to https://stix2.unit42.org/ to sign up.
  2. Log in and create an API key for the service using the 'API Keys' page.
  3. Click the '+' button in the table header to create a new key.
  4. Use the 'copy' icon in the new key's row to copy the full key to the clipboard.

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedMay 27, 2021
Last ReleaseSeptember 16, 2021
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.