RST Threat Feed | Marketplace

Details
Content
Dependencies
Version History

High-fidelity threat intelligence database available via API to check domains, URLs, IP addresses and Hashes

RST Threat Feed covers multiple categories of indicators including Phishing, Web Attacks, C2 Servers, Botnet, Malware, TOR nodes, Scanning Hosts, Bad Bots, DDoS, Cryptomining, Spamming Hosts, Fraud and other types.

Each indicator has an individual score calculated based on the qualitative and quantative parameters: what type of the indicators it is, who is the reporter of the indicators, how many others are already aware of that indicator, was that indicator exposed previously and many other contributing factors.

The pack includes:

1) RST Threat Feed API integration:

an ability to check IP, Domain, URL or Hash in real-time
functions to submit a new indicator to the cloud and to submit a potential false positive IoC

2) Playbooks:

RST Threat IP enrichment playbook
RST Threat Domain enrichment playbook
RST Threat URL enrichment playbook
RST Threat Hash enrichment playbook

The pack includes:

1) RST Threat Feed API integration:

an ability to check IP, Domain, URL or Hash in real-time
functions to submit a new indicator to the cloud and to submit a potential false positive IoC

2) Playbooks:

RST Threat IP enrichment playbook
RST Threat Domain enrichment playbook
RST Threat URL enrichment playbook
RST Threat Hash enrichment playbook

Integrations

Name	Description
RST Cloud - Threat Feed API (Partner Contribution)	This is the RST Threat Feed integration for interacting with API.

Playbooks

Name	Description
Domain Enrichment - RST Threat Feed	Enrich domains using RST Threat Feed integration
URL Enrichment - RST Threat Feed	Enrich URLs using one or more integrations. URL enrichment includes: SSL verification for URLs Threat information Providing of URL screenshots
IP Enrichment - External - RST Threat Feed	Enrich IP addresses using one or more integrations. Resolve IP addresses to hostnames (DNS) Provide threat information Separate internal and external addresses
File Enrichment - RST Threat Feed	Enrich File hashes using RST Threat Feed integrations

Integrations

Name	Description
RST Cloud - Threat Feed API (Partner Contribution)	This is the RST Threat Feed integration for interacting with API.

Playbooks

Name	Description
URL Enrichment - RST Threat Feed	Enrich URLs using one or more integrations. URL enrichment includes: SSL verification for URLs Threat information Providing of URL screenshots
Domain Enrichment - RST Threat Feed	Enrich domains using RST Threat Feed integration
File Enrichment - RST Threat Feed	Enrich File hashes using RST Threat Feed integrations
IP Enrichment - External - RST Threat Feed	Enrich IP addresses using one or more integrations. Resolve IP addresses to hostnames (DNS) Provide threat information Separate internal and external addresses

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.1.9 - 7843807 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.1.8 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.1.7 - 4770511 (September 4, 2025)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.1.6 - R3398781 (May 13, 2025)

Integrations

RST Cloud - Threat Feed API

Metadata and documentation improvements.

Related pull requests:
- 39095

Download

1.1.5 - R2989425 (March 26, 2025)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.1.4 - R1709192 (November 26, 2024)

Integrations

RST Cloud - Threat Feed API

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

1.1.3 - 938811 (April 7, 2024)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

1.1.2 - R5866730 (July 25, 2023)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27954

Download

1.1.1 - R5692327 (July 5, 2023)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20407

Download

1.1.0 - 2902879 (May 11, 2022)

Integrations

RST Cloud - Threat Feed API

Added 1 command:
- file
Updated the Docker image to: demisto/python3:3.10.4.29342.

Playbooks

RST Cloud - Threat Feed API

Added the File Enrichment - RST Threat Feed playbook.
Updated the IP Enrichment - External - RST Threat Feed playbook.
Updated the Domain Enrichment - RST Threat Feed playbook.
Updated the URL Enrichment - RST Threat Feed playbook.

Download

1.0.5 - R2146019 (December 21, 2021)

WARNING: This version is invalid. Please install a different version.

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.9.8.24399.

Related pull requests:
- 20109
- 16362

Download

1.1.9 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

1.1.8 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.1.7 - R4788028 (September 7, 2025)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

1.1.6 - R3398781 (May 13, 2025)

Integrations

RST Cloud - Threat Feed API

Metadata and documentation improvements.

Related pull requests:
- 39095

Download

1.1.5 - R2989425 (March 26, 2025)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.1.4 - R1709192 (November 26, 2024)

Integrations

RST Cloud - Threat Feed API

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

1.1.3 - 938811 (April 7, 2024)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.10.14.90585.

1.1.2 - R5866730 (July 25, 2023)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27954

Download

1.1.1 - R5170573 (May 2, 2023)

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.10.5.31928.

Related pull requests:
- 20407

Download

1.1.0 - 2902879 (May 11, 2022)

Integrations

RST Cloud - Threat Feed API

Added 1 command:
- file
Updated the Docker image to: demisto/python3:3.10.4.29342.

Playbooks

RST Cloud - Threat Feed API

Added the File Enrichment - RST Threat Feed playbook.
Updated the IP Enrichment - External - RST Threat Feed playbook.
Updated the Domain Enrichment - RST Threat Feed playbook.
Updated the URL Enrichment - RST Threat Feed playbook.

Download

1.0.5 - R2146019 (December 21, 2021)

WARNING: This version is invalid. Please install a different version.

Integrations

RST Cloud - Threat Feed API

Updated the Docker image to: demisto/python3:3.9.8.24399.

Related pull requests:
- 16362
- 20109

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	February 2, 2021
Last Release	March 22, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.