Sixgill XSOAR Content Pack

This XSOAR playbook is configured to run as a time triggered job that periodically adds bad indicators from Sixgill Darkfeed to SIEM blocklist.

Comment

Inspiration

The cybersecurity challenge and the opportunity to develop a playbook to solve the problem and be part of the success.

What it does

This XSOAR playbook is configured to run as a time triggered job that periodically adds bad indicators from Sixgill Darkfeed to SIEM blocklist. The playbook further adds a tag to each indicator that is successfully added to the blocklist. Using this tag one can easily identify and filter the indicators that are added to the blocklist.

How I built it

I used XSOAR hackathon instance, XSOAR built in automations and the API integrations

Challenges I ran into

To fetch indicators from Sixgill darkfeed

Accomplishments that I'm proud of

I was able to successfully create and run the Playbook job!!

What I learned

How to use XSOAR playbook , automations, apis to automate repetitive tasks and flows.

What's next for Sixgill XSOAR Content Pack

I will enhance contributions as well as continue to submit more content in future.

Built With

  • api
  • playbook
  • python
  • pythonscript
  • sixgill
  • sixgilldarkfeed
  • threatintelfeed
  • threatintelmangement
  • xsoar
Share this project:

Updates