The Sixgill Darkfeed™ is a stream of malicious indicators of compromise, including domains, URLs, hashes, and IP addresses.
It relies on Sixgill’s vast collection of deep and dark web sources, and it provides unique and advanced warnings about new cyberthreats.
It is automated, meaning that IOCs are extracted and delivered in real-time, and it is actionable, meaning that its consumers will be able to receive and block items that threaten their organizations.
Darkfeed™ and pre-built playbooks can automate your key SOC use cases such as Threat Hunting and Malware protection.
The Darkfeed content pack includes the stream of indicators, a customized dashboard and three playbooks that:
- Automatically download malicious files from a Darkfeed IOC, detonate them in automated sandboxes, and extract and block any additional indicators and files.
- Automatically discover and enrich indicators with the same actor and source as the triggering IOC. Search for and isolate any compromised endpoints and proactively block IOCs from entering your network.
Additional Information:
Darkfeed Intro
Darkfeed Website
Solution Brief
Darkfeed Content Pack
Case Study
Note: This pack subscription includes an API key generated by a 3rd party partner. The partner will directly email the end user within 24 hrs instructions for obtaining the key. The user then simply pastes the key into the Sixgill Darkfeed configuration to allow it to function. If you need help or did not receive the key, please contact soar.alliances@paloaltonetworks.com. This pack may or may not have additional content (e.g. playbooks, dashboards) but will still function. Deleting or unsubscribing from this pack will invalidate the API key/access at the end of the month.