Skip to main content

Cyble Threat Intel

Download With Dependencies

Cyble Threat Intelligence for Vision Users. Must have access to Vision Taxii feed to access the threat intelligence.

Cyble Threat Intel is an integration which will help users to fetch Cyble's TAXII Feed service into XSOAR Environment. User needs to contact their Cyble Account Manager for getting required pre-requisites to access the Cyble's TAXII Feed Service.

Configure Cyble Threat Intel on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cyble Threat Intel.

  3. Click Add instance to create and configure a new integration instance.

    • Name: a textual name for the integration instance.
    • Fetch indicators: boolean flag. If set to true will fetch indicators.
    • Fetch Interval: Interval of the fetches.
    • Reliability: Reliability of the feed.
    • Traffic Light Protocol Color: The Traffic Light Protocol (TLP) designation to apply to indicators
      fetched from the feed
    • Discovery Service: TAXII discovery service endpoint.
    • Collection: Collection name to fetch indicators from.
    • Username: Username/Password (if required)
    • First Fetch Time: The time interval for the first fetch (retroactive). Maximum of 7 days for retroactive value is allowed.
    • Indicator Fetch Limit: The value to limit the indicator to be fetched per iteration

  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you
successfully execute a command, a DBot message appears in the War Room with the command details.

This integration provides following command(s) which can be used to access the Threat Intelligence

cyble-vision-fetch-taxii

Fetch the indicators based on the taxii service

Base Command

cyble-vision-fetch-taxii

Input

Argument Name Description Required
limit Number of records to return, default value will be 50. Using a smaller limit will get faster responses. Optional
begin Returns records starting with given datetime (Format: %Y-%m-%d %H:%M:%S)) Optional
end Returns records starting with given datetime (Format: %Y-%m-%d %H:%M:%S)) Optional
collection Collection name to fetch indicators from Required

Context Output

Path Type Description
CybleIntel.Threat.details String Returns the Threat Intel details from the Taxii service

cyble-vision-get-collection-names

Fetch the available collection name for the taxii service

Base Command

cyble-vision-get-collection-names

Context Output

Path Type Description
CybleIntel.collection.names String Available collection names for the feed service

Cyble Threat Intel is an integration which will help users to fetch Cyble's TAXII Feed service into XSOAR Environment. User needs to contact their Cyble Account Manager for getting required pre-requisites to access the Cyble's TAXII Feed Service.

Configure Cyble Threat Intel on Cortex XSIAM

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cyble Threat Intel.

  3. Click Add instance to create and configure a new integration instance.

    • Name: a textual name for the integration instance.
    • Fetch indicators: boolean flag. If set to true will fetch indicators.
    • Fetch Interval: Interval of the fetches.
    • Reliability: Reliability of the feed.
    • Traffic Light Protocol Color: The Traffic Light Protocol (TLP) designation to apply to indicators
      fetched from the feed
    • Discovery Service: TAXII discovery service endpoint.
    • Collection: Collection name to fetch indicators from.
    • Username: Username/Password (if required)
    • First Fetch Time: The time interval for the first fetch (retroactive). Maximum of 7 days for retroactive value is allowed.
    • Indicator Fetch Limit: The value to limit the indicator to be fetched per iteration

  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook. After you
successfully execute a command, a DBot message appears in the War Room with the command details.

This integration provides following command(s) which can be used to access the Threat Intelligence

cyble-vision-fetch-taxii

Fetch the indicators based on the taxii service

Base Command

cyble-vision-fetch-taxii

Input

Argument Name Description Required
limit Number of records to return, default value will be 50. Using a smaller limit will get faster responses. Optional
begin Returns records starting with given datetime (Format: %Y-%m-%d %H:%M:%S)) Optional
end Returns records starting with given datetime (Format: %Y-%m-%d %H:%M:%S)) Optional
collection Collection name to fetch indicators from Required

Context Output

Path Type Description
CybleIntel.Threat.details String Returns the Threat Intel details from the Taxii service

cyble-vision-get-collection-names

Fetch the available collection name for the taxii service

Base Command

cyble-vision-get-collection-names

Context Output

Path Type Description
CybleIntel.collection.names String Available collection names for the feed service

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedApril 15, 2022
Last ReleaseJune 4, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.