Sixgill Darkfeed
App Vendor: Sixgill Darkfeed
App Category: Data Enrichment & Threat Intelligence
App version: 1.0.0
API version: 1
Hostname: https://api.cybersixgill.com
Default Port: 443
About App
The Sixgill Darkfeed app allows security teams to integrate with Sixgill Darkfeed enterprise application to gain contextual and actionable insights on IOCs and Actors to proactively block threats in real-time.
The Sixgill Darkfeed app in the Orchestrate application can perform the below listed actions:
Action Name | Description |
|---|---|
IOC Enrichment | This action can be used to return the existing IOC data. The IOC data can be used for enrichment purposes. |
Actor POSTID Enrichment | This action can be used to return the threat actor data if present. |
Prerequisites
All the actions configured in the Sixgill Darkfeed app relate to private APIs. Sixgill Darkfeed Enterprise subscription is required to access the private APIs. For on-premise installation, connectivity from CTIX servers to the SixGill URL must be ensured.
Configuration parameters
The following configuration parameters are required for the Sixgill Darkfeed app to communicate with Sixgill Darkfeed enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Client Secret Key | Enter the client's Secret Key. | Password | Required | |
Client ID | Enter the Client ID. | Text | Required | |
Channel ID | Enter the Channel ID. | Text | Required | |
TLS Verification | Optional preference to either verify or skip the Sixgill TLS verification. | Boolean | Optional | Allowed values:
By default, the value is set to "False". |
Action: IOC Enrichment
This action can be used to return the existing IOC data. The IOC data can be used for enrichment purposes.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
IOC Type | Enter the IOC type. | Text | Required | Allowed values:
|
IOC Value | Enter the IOC Value. For example, “107.189.11.170”. | Text | Required | |
Limit | Enter the limit. For example, “10”. | Text | Optional | By default, the limit is set at 50. |
Skip | Enter the number of items to skip before display. For example, “10”. | Text | Optional | By default, the value is 0. |
Example Request
[
{
"ioc_type": "domain",
"ioc_value": "cyware.com",
“limit”: “10”,
“skip”: “10”
}
]Action: Actor POSTID Enrichment
This action can be used to return the threat actor data if present.
Action Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Sixgill Field Type | Enter the Sixgill Field type. For example, actor, “postid”. | Text | Required | |
Sixgill Field Value | Enter the Sixgill Field Value. | Text | Required | |
Limit | Enter the limit. For example, 10. | Text | Optional | By default, the limit is set at 50. |
Skip | Enter the number of items to skip before display. For example, 10. | By default, the value is set as 0. |
Example Request
[
{
"sixgill_field_type": "actor",
“limit”: “10”,
“skip”: “10”
}
]