Adds a new Threat IOC (Indicator of Compromise) feed to the system.

Parameters

ParameterDescription
ActionThe feed indicator’s action.
Feed URLThe URL of the IOC feed that will be fetched.
NameThe name of the IOC feed.

Example Output

{
	"uid": "f16bf59e-321d-422a-b9c4-99ae07a67804",
	"name": "example",
	"type": "threat-ioc-feed",
	"domain": {
		"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
		"name": "SMC User",
		"domain-type": "domain"
	},
	"v": "domain",
	"feed-type": "domain",
	"feed-url": "https://example.com/feed.xml",
	"use-gateway-proxy": true,
	"use-custom-feed-settings": false,
	"action": "Detect",
	"enabled": true,
	"custom-headers": [],
	"comments": "",
	"color": "black",
	"icon": "ThreatPrevention/FileGlobe",
	"tags": [],
	"meta-info": {
		"lock": "unlocked",
		"validation-state": "ok",
		"last-modify-time": {
			"posix": 1687872974793,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"last-modifier": "admin",
		"creation-time": {
			"posix": 1687872974793,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"creator": "admin"
	},
	"read-only": true,
	"available-actions": {}
}

Workflow Library Example

Add Threat Ioc Feed with Check Point Management and Send Results Via Email

Preview this Workflow on desktop