Skip to main content

CyberSixgill

Connector Category: API Feed Source

About Integration

Cybersixgill integrates with Intel Exchange to provide security teams with the ability to access, automate, and operationalize the dark feed and Dynamic Vulnerability Exploit (DVE) threat intel coming from Cybersixgill.

Cybersixgill fetches DVE threat intel to enable security teams to track threats from vulnerabilities that may exploit your system. Cybersixgill provides contextual, automated, and preemptive threat intel in the form of malicious indicators of compromise (IOCs), and vulnerabilities.

Use Cases

  • Enable security teams to track undetected and non-remediated threats lurking in your network.

  • Triage and prioritize the vulnerabilities that have a higher chance of being exploited based on the DVE score in the system.

  • Ingests, processes, and analyzes high-fidelity, context-rich dark and deep web threat intelligence to gain visibility and a deeper understanding of attacker intent, exploit availability and trending threat actor campaigns, tactics, techniques, and procedures (TTPs), and more.

Benefits

  • Utilize advanced automation capabilities of Intel Exchange to proactively mitigate threats by feeding Cybersixgill’s intelligence into deployed monitoring, detection, and response security technologies such as SIEM, Firewall, IDS/IPS, SOAR, UEBA, and more.

Configure CyberSixgill as API Feed Source

Configure CyberSixgill as an API feed source in Intel Exchange to fetch dark feeds. Intel Exchange analyses these data feeds for vulnerabilities that may be exploited, analyze attack patterns, and respond to them by blocking them.

Before you Start

  • You must have the client ID and client secret of your CyberSixgill account.

  • You must have View API Feed, View Feed Sources, Create Feed Sources, and Update Feed Sources permissions.

Steps

  1. Navigate to Administration, select Integration Management, and select APIs under FEED SOURCES.

  2. Click Add API Source.

  3. Search for Cybersixgill and click on the app.

  4. Click Add Instance.

  5. Enter a unique name to identify the instance. For example, Prod-Cybersixgill.

  6. Enter the base URL to directly connect to the application's server. For example, https://sitename.com/directoryname/.

  7. Enter the client secret to authenticate your server on the OAuth 2.0 for client APIs.

  8. Enter the client ID to authenticate your application on the server.

  9. Select Verify SSL to verify and secure the connection between the Intel Exchange and CyberSixgill servers.

    If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection. It is recommended to select this option.

  10. Click Save.

You can configure multiple instances of this integration by clicking Manage and Add More on the Manage Instance screen.

To successfully configure the integration between Intel Exchange and CyberSixgill, follow the steps mentioned in API Integrations.