The cybersecurity challenge and the opportunity to develop a playbook to solve the problem and be part of the success.
What it does
This XSOAR playbook is configured to run as a time triggered job that periodically adds bad indicators from Sixgill Darkfeed to SIEM blocklist. The playbook further adds a tag to each indicator that is successfully added to the blocklist. Using this tag one can easily identify and filter the indicators that are added to the blocklist.
How I built it
I used XSOAR hackathon instance, XSOAR built in automations and the API integrations
Challenges I ran into
To fetch indicators from Sixgill darkfeed
Accomplishments that I'm proud of
I was able to successfully create and run the Playbook job!!
What I learned
How to use XSOAR playbook , automations, apis to automate repetitive tasks and flows.
What's next for Sixgill XSOAR Content Pack
I will enhance contributions as well as continue to submit more content in future.