Updates an existing Threat IOC (Indicator of Compromise) feed with new information.

Parameters

ParameterDescription
Action-
Feed URLThe URL of the IOC feed that will be fetched.
IOC FeedThe IOC to update. Select the feed’s name or manually type its name/ID.
New NameThe new name of the IOC feed.

Example Output

{
	"uid": "f16bf59e-321d-422a-b9c4-99ae07a67804",
	"name": "example-updated",
	"type": "threat-ioc-feed",
	"domain": {
		"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
		"name": "SMC User",
		"domain-type": "domain"
	},
	"v": "domain",
	"feed-type": "domain",
	"feed-url": "https://example.com/feed.xml",
	"use-gateway-proxy": true,
	"use-custom-feed-settings": false,
	"action": "Prevent",
	"enabled": true,
	"custom-headers": [],
	"comments": "",
	"color": "black",
	"icon": "ThreatPrevention/FileGlobe",
	"tags": [],
	"meta-info": {
		"lock": "unlocked",
		"validation-state": "ok",
		"last-modify-time": {
			"posix": 1687873017010,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"last-modifier": "admin",
		"creation-time": {
			"posix": 1687872974795,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"creator": "admin"
	},
	"read-only": true,
	"available-actions": {}
}

Workflow Library Example

Update Threat Ioc Feed with Check Point Management and Send Results Via Email

Preview this Workflow on desktop