Use this pack to fetch, manage, and query threat feeds and samples.
What does this pack do?
- The Feed integration fetches indicators from Cisco Secure Malware Analytics (Threat Grid). When setting up this integration, select from which feeds to fetch indicators (for example: modified-hosts-dns, public-ip-check-dns, ransomware-dns, etc.).
- The Cisco Threat Grid integration enables you to query and upload samples to Cisco's threat grid.
- The playbooks enable detonating one or more files or URLs. The playbooks return relevant reports to the War Room and file/URL reputations to the context data.