Doppel
Doppel is a Modern Digital Risk Protection Solution, that detects the phishing and brand cyber attacks on the emerging channels. Doppel scans millions of channels online which includes, social media, domains, paid ads, dark web, emerging channels, etc. Doppel can identify the malicious content and cyber threats, and enables their customers to take down the digital risks proactively. The Cortex XSOAR pack for Doppel mirrors the alerts created by Doppel as Cortex XSOAR incidents. The pack also contains the commands to perform different operations on Doppel alerts.
Data Enrichment & Threat Intelligence · Doppel
Configuration parameters
url— Doppel Tenant URL (required)credentials— (required)user_credentials—organization_code— Organization CodeisFetch— Fetch incidentsincidentFetchInterval— Incidents Fetch Interval (required)incidentType— Incident typemirror_direction— Mirror Directionfirst_fetch— First fetchfetch_timeout— Fetch incidents timeoutmax_fetch— Number of incidents for each fetch.insecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (9)
-
doppel-create-abuse-alertCreate an alert for the provided value to abuse box. Will fail if the alert value is invalid or is protected.
-
doppel-create-alertCreates an alert for a specified entity. This command requires the entity to be provided in the arguments.
-
doppel-get-alertRetrieves the alert details by ID or entity. Must include either ID or entity.
-
doppel-get-alertsRetrieves a list of alerts. The result can be filtered by provided parameters.
-
doppel-update-alertUpdates an alert in the Doppel platform. Either 'alert_id' or 'entity' must be specified.
-
get-mapping-fieldsReturns the list of fields for an incident type.
-
get-modified-remote-dataGet the list of incidents that were modified since the last update time. This method is used for debugging purposes. The get-modified-remote-data command is used as part of the Mirroring feature that was introduced in Cortex XSOAR version 6.1.
-
get-remote-dataGet remote data from a remote incident. This method does not update the current incident, and should be used for debugging purposes only.
-
update-remote-systemPushes local changes to the remote system.