Gets bundle of IOCs in STIX2 format.
External DocumentationTo learn more, visit the Cybersixgill documentation.

Parameters

ParameterDescription
Channel IDThe channel ID of IOCs.
LimitAmount of IOCs to return.

Example Output

{
	"id": "bundle--b56c1e2e-a40c-44ca-83dd-09e25936d273",
	"objects": [
		{
			"created": "2019-05-01T06:13:14.000Z",
			"description": "this is the description'",
			"id": "example--1",
			"labels": [
				"[\"aaa\",\"bbb\",\"ccc\"]"
			],
			"lang": "en",
			"modified": "2019-05-08T03:43:44.000Z",
			"sixgill_actor": "actor name",
			"sixgill_confidance": 80,
			"sixgill_feedid": "darkfeed_015",
			"sixgill_feedname": "name of feed",
			"sixgill_postid": "f1b1ddcc181313841edbee47cbc114ef6e82c81a",
			"sixgill_posttitle": "post title",
			"sixgill_source": "twitter",
			"spec_version": "2.0",
			"type": "example",
			"valid_from": "2019-05-08T03:43:44.000Z",
			"sixgill_severity": 80,
			"pattern": "[ipv4-addr:value = '195.123.241.195']",
			"external_reference": [
				{
					"description": "Mitre attack tactics and technique reference",
					"mitre_attack_tactic": "Establish & Maintain Infrastructure",
					"mitre_attack_tactic_id": "TA0022",
					"mitre_attack_tactic_url": "https://attack.mitre.org/tactics/TA0022/",
					"mitre_attack_technique": "Compromise 3rd party infrastructure to support delivery",
					"mitre_attack_technique_id": "T1334",
					"mitre_attack_technique_url": "https://attack.mitre.org/techniques/T1334/",
					"source_name": "mitre-attack"
				}
			],
			"additionalProp1": {}
		}
	],
	"spec_version": "2.0",
	"type": "bundle"
}

Workflow Library Example

Get Bulk Iocs in Bundle with Cybersixgill and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop