IgniteFeed
Flashpoint Ignite Feed Integration allows importing indicators of compromise that occur in the context of an event on the Flashpoint Ignite platform which contains finished intelligence reports data, data from illicit forums, marketplaces, chat services, blogs, paste sites, technical data, card shops, and vulnerabilities. The indicators of compromise are ingested as indicators on the Cortex XSOAR and displayed in the War Room using a command.
Data Enrichment & Threat Intelligence · Flashpoint Feed · Feed
Configuration parameters
url— Server URL (required)credentials— (required)types— Types of the indicators to fetchfirst_fetch— First fetch timefeed— Fetch indicatorsfeedReputation— Indicator ReputationfeedReliability— Source Reliability (required)feedExpirationPolicy—feedExpirationInterval—feedFetchInterval— Feed Fetch IntervalfeedBypassExclusionList— Bypass exclusion listfeedTags— Tagstlp_color— Traffic Light Protocol ColorfeedIncremental—createRelationship— Create relationshipsdefaultMap— Default Indicator Mappinginsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (1)
-
flashpoint-ignite-get-indicatorsRetrieves indicators from the Ignite API. It displays the content of the fetch-indicators command.