Updates an existing Threat IOC (Indicator of Compromise) feed with new information.

Parameters

ParameterDescription
ActionThe feed indicator’s action.
Feed URLThe URL of the IOC feed that will be fetched.
IOC FeedThe IOC to update. Select the feed’s name or manually type its name/ID.
New NameThe new name of the IOC feed.

Example Output

{
	"uid": "f16bf59e-321d-422a-b9c4-99ae07a67804",
	"name": "example-updated",
	"type": "threat-ioc-feed",
	"domain": {
		"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde",
		"name": "SMC User",
		"domain-type": "domain"
	},
	"v": "domain",
	"feed-type": "domain",
	"feed-url": "https://example.com/feed.xml",
	"use-gateway-proxy": true,
	"use-custom-feed-settings": false,
	"action": "Prevent",
	"enabled": true,
	"custom-headers": [],
	"comments": "",
	"color": "black",
	"icon": "ThreatPrevention/FileGlobe",
	"tags": [],
	"meta-info": {
		"lock": "unlocked",
		"validation-state": "ok",
		"last-modify-time": {
			"posix": 1687873017010,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"last-modifier": "admin",
		"creation-time": {
			"posix": 1687872974795,
			"iso-8601": "2023-06-27T16:36+0300"
		},
		"creator": "admin"
	},
	"read-only": true,
	"available-actions": {}
}

Workflow Library Example

Update Threat Ioc Feed with Check Point Management and Send Results Via Email

Preview this Workflow on desktop