Unit42 Feed

Unit42 feed of published IOCs, which contains known malicious indicators. This integration was integrated and tested with version xx of Unit42 Feed

Configure Unit42 Feed on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Unit42 Feed.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
api_keyAPI KeyFalse
feedFetch indicatorsFalse
feedReputationIndicator ReputationFalse
feedReliabilitySource ReliabilityTrue
feedExpirationPolicyFalse
feedExpirationIntervalFalse
feedFetchIntervalFeed Fetch IntervalFalse
feedBypassExclusionListBypass exclusion listFalse
feedTagsTagsFalse
proxyUse system proxy settingsFalse
insecureTrust any certificate (not secure)False
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

unit42-get-indicators


Retrieves a limited number of the indicators.

Base Command

unit42-get-indicators

Input

Argument NameDescriptionRequired
limitThe maximum number of indicators to return. The default is 10.Optional

Context Output

There is no context output for this command.

Command Example

!unit42-get-indicators limit=3

Human Readable Output

valuetype
c1ec28bc82500bd70f95edcbdf9306746198bbc04a09793ca69bb87f2abdb839File
e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88eFile
2014[.]zzux[.]comDomain