IgniteFeedV2
Flashpoint Ignite Feed V2 Integration allows importing indicators of compromise using the V2 API that provides a more concise, context-rich response structure. It includes sightings of IOCs over time and IOC relationships, providing visibility into an IOC's evolution. The indicators of compromise are ingested into Cortex XSOAR and displayed in the War Room.
Data Enrichment & Threat Intelligence · Flashpoint Feed · Feed
Configuration parameters
url— Server URL (required)credentials— (required)types— Types of the indicators to fetchcidr_range— CIDR Range of an IPv4 or IPv6 indicatormax_score— Maximum Severity Level of an indicatormin_score— Minimum Severity Level of an indicatormitre_attack_ids— MITRE ATTACK IDs of an indicatortags— Tags of an indicatoractor_tags— Actor Tags of an indicatormalware_tags— Malware Tags of an indicatorsource_tags— Source Tags of an indicatorfirst_fetch— First fetch timefeed— Fetch indicatorsfeedReputation— Indicator ReputationfeedReliability— Source Reliability (required)tlp_color— Traffic Light Protocol ColordefaultMap— Default Indicator MappingfeedTags— TagsfeedIncremental—feedExpirationPolicy—feedExpirationInterval—feedFetchInterval— Feed Fetch IntervalfeedBypassExclusionList— Bypass exclusion listcreateRelationship— Create relationshipsinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (1)
-
flashpoint-ignite-v2-get-indicatorsRetrieves indicators from the Ignite V2 API. It displays the content of the fetch-indicators command.