Sixgill Darkfeed - Annual Subscription

Details
Content
Dependencies
Version History

This edition of Sixgill Darkfeed is intended for customers who have a direct annual subscription to Sixgill Darkfeed. Get contextual and actionable insights to proactively block underground threats in real-time with the most comprehensive, automated stream of IOCs For organizations who are currently Darkfeed customers.

The Sixgill Darkfeed™ is a stream of malicious indicators of compromise, including domains, URLs, hashes, and IP addresses.

It relies on Sixgill’s vast collection of deep and dark web sources, and it provides unique and advanced warnings about new cyberthreats.

It is automated, meaning that IOCs are extracted and delivered in real-time, and it is actionable, meaning that its consumers will be able to receive and block items that threaten their organizations.

Darkfeed™ and pre-built playbooks can automate your key SOC use cases such as Threat Hunting and Malware protection.

The Darkfeed content pack includes the stream of indicators, a customized dashboard and three playbooks that:

Automatically download malicious files from a Darkfeed IOC, detonate them in automated sandboxes, and extract and block any additional indicators and files.
Automatically discover and enrich indicators with the same actor and source as the triggering IOC. Search for and isolate any compromised endpoints and proactively block IOCs from entering your network.

The Sixgill Darkfeed™ is a stream of malicious indicators of compromise, including domains, URLs, hashes, and IP addresses.

It relies on Sixgill’s vast collection of deep and dark web sources, and it provides unique and advanced warnings about new cyberthreats.

Darkfeed™ and pre-built playbooks can automate your key SOC use cases such as Threat Hunting and Malware protection.

The Darkfeed content pack includes the stream of indicators, a customized dashboard and three playbooks that:

Automatically download malicious files from a Darkfeed IOC, detonate them in automated sandboxes, and extract and block any additional indicators and files.
Automatically discover and enrich indicators with the same actor and source as the triggering IOC. Search for and isolate any compromised endpoints and proactively block IOCs from entering your network.

Automations

Name	Description
SixgillSearchIndicators	Search for Indicators

Dashboards

Name	Description
Sixgill Darkfeed

Indicator Fields

Name	Description
Sixgill Post Reference	Reference to Sixgill portal
Sixgill Indicator ID	Unique ID of IOC
Sixgill Source	Source of post in Sixgill portal
Sixgill Description	Description of IOC
Sixgill Mitre ATT&CK Tactic	Mitre ATT&CK Tactic
Sixgill Virus Total Detection Rate	Virus Total Detection Rate
Sixgill Feed ID	Subfeed ID
Sixgill Virus Total URL	Virus Total URL
Sixgill Feed Name	Subfeed name
Sixgill Post Title	Title of post in Sixgill portal
Sixgill Actor	Actor of original post on dark web
Sixgill Mitre ATT&CK Technique	Mitre ATT&CK Technique
Sixgill Language	Language of original post in Sixgill portal

Integrations

Name	Description
Sixgill DarkFeed Enrichment (Partner Contribution)	Sixgill Darkfeed Enrichment – powered by the broadest automated collection from the deep and dark web – is the most comprehensive IOC enrichment solution on the market. By enriching Palo Alto Networks Cortex XSOAR IOCs with Darkfeed, customers gain unparalleled context and essential explanations in order to accelerate their incident prevention and response and stay ahead of the threat curve. Automatically enrich Cortex XSOAR IOCs (machine to machine) via Darkfeed. Block threats and enrich endpoint protection in real-time from the Cortex XSOAR dashboard, gain contextual and actionable insights with essential explanations of Cortex XSOAR IOCs.
Sixgill DarkFeed Threat Intelligence (Partner Contribution)	Leverage the power of Sixgill to supercharge Cortex XSOAR with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform.
Cybersixgill DVE Feed Threat Intelligence (Deprecated) (Partner Contribution)	Deprecated. Use Cybersixgill DVE Feed Threat Intelligence v2 from the Cybersixgill-DVE pack instead.

Playbooks

Name	Description
Darkfeed IOC detonation and proactive blocking	Download malicious files from a Darkfeed IOC, detonate them in automated sandboxes, and extract and block any additional indicators and files.
Darkfeed - malware download from feed	Set this playbook as an automated job in order to automatically download malware from new Darkfeed IOCs and run them through the "Darkfeed IOC detonation and proactive blocking" playbook
Darkfeed Threat hunting-research	Automatically discover and enrich indicators with the same actor and source as the triggering IOC. Search for and isolate any compromised endpoints and proactively block IOCs from entering your network.

Widgets

Name	Description
Sixgill Darkfeed - Mitre ATT&CK Tactics
Sixgill Darkfeed - Top 10 Threat Actors
Sixgill Darkfeed - Collected IOCs
Sixgill Mitre ATT&CK Techniques
Sixgill Darkfeed - Subfeed Composition
Sixgill Darkfeed Indicators by Type
Sixgill Darkfeed - Threads from the Underground
Sixgill Darkfeed IOC detection rate by Virus Total

Automations

Name	Description
SixgillSearchIndicators	Search for Indicators

Indicator Fields

Name	Description
Sixgill Feed Name	Subfeed name
Sixgill Indicator ID	Unique ID of IOC
Sixgill Virus Total Detection Rate	Virus Total Detection Rate
Sixgill Mitre ATT&CK Tactic	Mitre ATT&CK Tactic
Sixgill Feed ID	Subfeed ID
Sixgill Post Title	Title of post in Sixgill portal
Sixgill Virus Total URL	Virus Total URL
Sixgill Language	Language of original post in Sixgill portal
Sixgill Actor	Actor of original post on dark web
Sixgill Source	Source of post in Sixgill portal
Sixgill Post Reference	Reference to Sixgill portal
Sixgill Description	Description of IOC
Sixgill Mitre ATT&CK Technique	Mitre ATT&CK Technique

Integrations

Name	Description
Sixgill DarkFeed Enrichment (Partner Contribution)	Sixgill Darkfeed Enrichment – powered by the broadest automated collection from the deep and dark web – is the most comprehensive IOC enrichment solution on the market. By enriching Palo Alto Networks Cortex XSIAM IOCs with Darkfeed, customers gain unparalleled context and essential explanations in order to accelerate their incident prevention and response and stay ahead of the threat curve. Automatically enrich Cortex XSIAM IOCs (machine to machine) via Darkfeed. Block threats and enrich endpoint protection in real-time from the Cortex XSIAM dashboard, gain contextual and actionable insights with essential explanations of Cortex XSIAM IOCs.
Cybersixgill DVE Feed Threat Intelligence (Deprecated) (Partner Contribution)	Deprecated. Use Cybersixgill DVE Feed Threat Intelligence v2 from the Cybersixgill-DVE pack instead.
Sixgill DarkFeed Threat Intelligence (Partner Contribution)	Leverage the power of Sixgill to supercharge Cortex XSIAM with real-time Threat Intelligence indicators. Get IOCs such as domains, URLs, hashes, and IP addresses straight into the XSOAR platform.

Playbooks

Name	Description
Darkfeed IOC detonation and proactive blocking	Download malicious files from a Darkfeed IOC, detonate them in automated sandboxes, and extract and block any additional indicators and files.
Darkfeed - malware download from feed	Set this playbook as an automated job in order to automatically download malware from new Darkfeed IOCs and run them through the "Darkfeed IOC detonation and proactive blocking" playbook
Darkfeed Threat hunting-research	Automatically discover and enrich indicators with the same actor and source as the triggering IOC. Search for and isolate any compromised endpoints and proactively block IOCs from entering your network.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
VirusTotal	By: VirusTotal

All level dependencies (6)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

2.2.23 - 1679416 (November 20, 2024)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.117239.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.117239.

Related pull requests:
- 37315
- 37311
- 37308
- 37312
- 37310
- 37309

Download

2.2.22 - 1304994 (August 25, 2024)

Integrations

Sixgill DarkFeed Threat Intelligence

Removed When removed from the feed option from Indicator Expiration Method
Updated the Docker image to: demisto/sixgill:1.0.0.108071.

Related pull requests:
- 35873

Download

2.2.21 - 1142826 (July 2, 2024)

Integrations

Sixgill DarkFeed Enrichment

Documentation and metadata improvements.
Updated the Docker image to: demisto/sixgill:1.0.0.100379.

Related pull requests:
- 35045

Download

2.2.20 - 938811 (April 7, 2024)

Scripts

SixgillSearchIndicators

Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

2.2.19 - 925751 (April 1, 2024)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.91415.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.91415.

Related pull requests:
- 33681

Download

2.2.18 - 865088 (March 3, 2024)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.88533.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.88533.

Related pull requests:
- 33191

Download

2.2.17 - 823153 (February 12, 2024)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.87500.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.87500.

Related pull requests:
- 32844

Download

2.2.16 - 798475 (February 1, 2024)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.86489.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.86489.

Related pull requests:
- 32525

Download

2.2.15 - 760302 (January 14, 2024)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.84784.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.84784.

Related pull requests:
- 32157

Download

2.2.14 - 7209615 (December 19, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.83420.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.83420.

Related pull requests:
- 31557

Download

2.2.13 - 7066068 (December 4, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.82351.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.82351.

Related pull requests:
- 31293

Download

2.2.12 - 6965450 (November 22, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.80770.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.80770.

Related pull requests:
- 31031

Download

2.2.11 - 6808171 (November 6, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.79377.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.79377.

Related pull requests:
- 30674

Download

2.2.10 - 6636841 (October 18, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.77671.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.77671.

Related pull requests:
- 30240

Download

2.2.9 - 6592021 (October 13, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.76106.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.76106.

Related pull requests:
- 30140

Download

2.2.8 - 6437102 (September 27, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.73690.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.73690.

Related pull requests:
- 29874

Download

2.2.7 - 6259960 (September 7, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.72321.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.72321.

Related pull requests:
- 29534

Download

2.2.6 - 6129053 (August 23, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.69222.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.69222.

Related pull requests:
- 29152

Download

2.2.5 - 5991552 (August 8, 2023)

Integrations

Sixgill DarkFeed Enrichment

Documentation and metadata improvements.

Related pull requests:
- 28836

Download

2.2.4 - 5883145 (July 27, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.66910.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.66910.

Related pull requests:
- 28553

Download

2.2.3 - R5866730 (July 25, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.63753.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.63753.

Related pull requests:
- 27645

Download

2.2.2 - R5514256 (June 13, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.62913.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.62913.

Related pull requests:
- 27304

Download

2.2.1 - 5356324 (May 24, 2023)

Integrations

Sixgill DarkFeed Enrichment

Updated the Docker image to: demisto/sixgill:1.0.0.61531.

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.61531.

Related pull requests:
- 26966

Download

2.2.0 - 5216377 (May 8, 2023)

Integrations

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.57676.
Added a new integration parameter Sixgill Confidence to retrieve indicators with a specific confidence.

Related pull requests:
- 26269
- 26382

Download

2.1.0 - R5170573 (May 2, 2023)

Integrations

Sixgill DarkFeed Threat Intelligence

Updated the Docker image to: demisto/sixgill:1.0.0.56489.
We’re happy to announce the release (April 16th) of Darkfeed 2.0, which integrates the industry’s best open-source IOC feeds into our deep and dark web IOC collection, delivering 20X more IOCs with richer context, mapped to the Mitre ATT&CK framework and STIX/TAXII compatible.

Related pull requests:
- 26110
- 26144

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	July 23, 2020
Last Release	November 20, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

Cybersixgill DVE Feed Threat Intelligence (Deprecated)

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.