diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml index 93769a74b3f0..8b5195061ad2 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools.yml @@ -8,32 +8,39 @@ configuration: required: true hidden: false type: 0 + additionalinfo: The DomainTools API Username to use. + section: Connect - display: API Key name: api_key required: true hidden: false type: 4 + additionalinfo: The DomainTools API Key to use. + section: Connect - display: Session ID name: session_id defaultvalue: dt-cortex-feeds required: false hidden: false type: 0 - additionalinfo: The session id to serve as unique indentifier. On it's initial use, it will retrieve data from the past 5 days. + section: Collect + additionalinfo: The session id to serve as unique identifier. On it's initial use, it will retrieve data from the past 5 days. Defaults to 'dt-cortex-feeds'. - display: After name: after defaultvalue: "-3600" required: false hidden: false type: 0 - additionalinfo: The start of the query window in seconds, relative to the current time, inclusive. + section: Collect + additionalinfo: The start of the query window in seconds, relative to the current time, inclusive. Defaults to -3600. - display: Top name: top defaultvalue: 5000 required: false hidden: false type: 0 - additionalinfo: Limits the number of results in the response payload. + additionalinfo: Limits the number of results in the response payload. Defaults to 5000. + section: Collect - display: Feed Type name: feed_type defaultvalue: ALL @@ -45,11 +52,13 @@ configuration: - NOD - NAD additionalinfo: The DomainTools feed type fo fetch. Defaults to 'ALL'. + section: Collect - display: Fetch indicators name: feed defaultvalue: "true" type: 8 required: false + section: Collect - display: Indicator Reputation name: feedReputation defaultvalue: feedInstanceReputationNotSet @@ -61,6 +70,7 @@ configuration: - Suspicious - Bad additionalinfo: Indicators from this integration instance will be marked with this reputation. + section: Collect - display: Source Reliability name: feedReliability defaultvalue: F - Reliability cannot be judged @@ -74,6 +84,7 @@ configuration: - E - Unreliable - F - Reliability cannot be judged additionalinfo: Reliability of the source providing the intelligence data. + section: Collect - display: "" name: feedExpirationPolicy defaultvalue: indicatorType @@ -84,34 +95,41 @@ configuration: - interval - indicatorType - suddenDeath + section: Collect - display: "" name: feedExpirationInterval defaultvalue: "20160" type: 1 required: false + section: Collect - display: Feed Fetch Interval name: feedFetchInterval defaultvalue: "240" type: 19 required: false + section: Collect - display: Bypass exclusion list name: feedBypassExclusionList defaultvalue: "true" type: 8 required: false + section: Collect additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. - display: Trust any certificate (not secure) name: insecure required: false type: 8 + section: Connect - display: Use system proxy settings name: proxy type: 8 required: false + section: Connect - name: feedTags display: Tags type: 0 additionalinfo: Supports CSV values. + section: Collect - name: tlp_color display: Traffic Light Protocol Color options: @@ -124,7 +142,7 @@ configuration: required: false section: Collect display: FeedDomainTools -description: Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains (NAD) Apex-level domains (e.g. example.com but not www.example.com) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network. Newly Observed Domains (NOD) Apex-level domains (e.g. example.com but not www.example.com) that we observe for the first time, and have not observed previously with our global DNS sensor network. +description: "Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time." name: FeedDomainTools script: commands: @@ -173,7 +191,7 @@ script: default: false required: false secret: false - dockerimage: demisto/vendors-sdk:1.0.0.2073752 + dockerimage: demisto/vendors-sdk:1.0.0.2432953 feed: true isfetch: false longRunning: false @@ -183,6 +201,9 @@ script: subtype: python3 type: python fromversion: 5.5.0 +sectionOrder: +- Connect +- Collect marketplaces: - xsoar - marketplacev2 diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_description.md b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_description.md index d1a7aaf25411..cfb1d93a272f 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_description.md +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/FeedDomainTools_description.md @@ -1,3 +1,3 @@ ## DomainTools Feed -Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains (NAD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network. Newly Observed Domains (NOD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe for the first time, and have not observed previously with our global DNS sensor network. \ No newline at end of file +Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time. \ No newline at end of file diff --git a/Packs/FeedDomainTools/Integrations/FeedDomainTools/README.md b/Packs/FeedDomainTools/Integrations/FeedDomainTools/README.md index 2e6c0935f5ed..ca6c48b62b92 100644 --- a/Packs/FeedDomainTools/Integrations/FeedDomainTools/README.md +++ b/Packs/FeedDomainTools/Integrations/FeedDomainTools/README.md @@ -1,4 +1,4 @@ -Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains (NAD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network. Newly Observed Domains (NOD) Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe for the first time, and have not observed previously with our global DNS sensor network. +Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time. This integration was integrated and tested with version 1.0.0 of FeedDomainTools. ## Configure FeedDomainTools in Cortex @@ -6,11 +6,11 @@ This integration was integrated and tested with version 1.0.0 of FeedDomainTools | **Parameter** | **Description** | **Required** | | --- | --- | --- | -| API Username | | True | -| API Key | | True | -| Session ID | The session id to serve as unique indentifier. On it's initial use, it will retrieve data from the past 5 days. | False | -| After | The start of the query window in seconds, relative to the current time, inclusive. | False | -| Top | Limits the number of results in the response payload. | False | +| API Username | The DomainTools API Username to use. | True | +| API Key | The DomainTools API Key to use. | True | +| Session ID | The session id to serve as unique identifier. On it's initial use, it will retrieve data from the past 5 days. Defaults to 'dt-cortex-feeds'. | False | +| After | The start of the query window in seconds, relative to the current time, inclusive. Defaults to -3600. | False | +| Top | Limits the number of results in the response payload. Defaults to 5000. | False | | Feed Type | The DomainTools feed type fo fetch. Defaults to 'ALL'. | False | | Fetch indicators | | False | | Indicator Reputation | Indicators from this integration instance will be marked with this reputation. | False | diff --git a/Packs/FeedDomainTools/README.md b/Packs/FeedDomainTools/README.md index a764b105d0b9..d8a45b0c736e 100644 --- a/Packs/FeedDomainTools/README.md +++ b/Packs/FeedDomainTools/README.md @@ -1,9 +1,2 @@ -DomainTools NOD/NAD Feed integration. - -Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. - -- Newly Active Domains (NAD) -Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe based on the latest lifecycle of the domain. A domain may be seen either for the first time ever, or again after at least 10 days of inactivity (no observed resolutions in DNS). Populated with our global passive DNS (pDNS) sensor network. - -- Newly Observed Domains (NOD) -Apex-level domains (e.g. `example.com` but not `www.example.com`) that we observe for the first time, and have not observed previously with our global DNS sensor network. +Real-Time Threat Intelligence Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet. Newly Active Domains surfaces apex-level domains seen for the first time or after ten or more days of inactivity. Newly Observed Domains surfaces domains that we observe for the first time. +This integration was integrated and tested with version 1.0.0 of FeedDomainTools. \ No newline at end of file