IgniteFeedV2

Flashpoint Ignite Feed V2 Integration allows importing indicators of compromise using the V2 API that provides a more concise, context-rich response structure. It includes sightings of IOCs over time and IOC relationships, providing visibility into an IOC's evolution. The indicators of compromise are ingested into Cortex XSOAR and displayed in the War Room.

Data Enrichment & Threat Intelligence · Flashpoint Feed · Feed

Configuration parameters

  • url — Server URL (required)
  • credentials — (required)
  • types — Types of the indicators to fetch
  • cidr_range — CIDR Range of an IPv4 or IPv6 indicator
  • max_score — Maximum Severity Level of an indicator
  • min_score — Minimum Severity Level of an indicator
  • mitre_attack_ids — MITRE ATTACK IDs of an indicator
  • tags — Tags of an indicator
  • actor_tags — Actor Tags of an indicator
  • malware_tags — Malware Tags of an indicator
  • source_tags — Source Tags of an indicator
  • first_fetch — First fetch time
  • feed — Fetch indicators
  • feedReputation — Indicator Reputation
  • feedReliability — Source Reliability (required)
  • tlp_color — Traffic Light Protocol Color
  • defaultMap — Default Indicator Mapping
  • feedTags — Tags
  • feedIncremental
  • feedExpirationPolicy
  • feedExpirationInterval
  • feedFetchInterval — Feed Fetch Interval
  • feedBypassExclusionList — Bypass exclusion list
  • createRelationship — Create relationships
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (1)

  • flashpoint-ignite-v2-get-indicators

    Retrieves indicators from the Ignite V2 API. It displays the content of the fetch-indicators command.