Add Threat IOC Feed
Adds a new Threat IOC (Indicator of Compromise) feed to the system.
Parameters
| Parameter | Description |
|---|---|
| Action | - |
| Feed URL | The URL of the IOC feed that will be fetched. |
| Name | The name of the IOC feed. |
Example Output
{
"uid": "f16bf59e-321d-422a-b9c4-99ae07a67804",
"name": "example",
"type": "threat-ioc-feed",
"domain": {
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name": "SMC User",
"domain-type": "domain"
},
"v": "domain",
"feed-type": "domain",
"feed-url": "https://example.com/feed.xml",
"use-gateway-proxy": true,
"use-custom-feed-settings": false,
"action": "Detect",
"enabled": true,
"custom-headers": [],
"comments": "",
"color": "black",
"icon": "ThreatPrevention/FileGlobe",
"tags": [],
"meta-info": {
"lock": "unlocked",
"validation-state": "ok",
"last-modify-time": {
"posix": 1687872974793,
"iso-8601": "2023-06-27T16:36+0300"
},
"last-modifier": "admin",
"creation-time": {
"posix": 1687872974793,
"iso-8601": "2023-06-27T16:36+0300"
},
"creator": "admin"
},
"read-only": true,
"available-actions": {}
}
Workflow Library Example
Add Threat Ioc Feed with Check Point Management and Send Results Via Email
Preview this Workflow on desktop