12/07/2023 | News release | Distributed by Public on 12/07/2023 08:19
Getting your threat intel management (TIM) program up and running might seem like a daunting task. Picking the right feeds and enrichers can be challenging as there are many different options and flavors to choose from, and these subscriptions sometimes come with a hefty price tag.
So, we have made it easier for our Cortex XSOAR customers to find and install integrations that do not require a subscription and in some cases might not even require registration upfront. We have known and used most of these feeds for a long time now and we have found them as a good stepping stone to get any TIM going.
To make it easier for you to discover and take advantage of these free feeds and enrichers, we've added four new tags to our out-of-the-box feed integrations in the Cortex Marketplace:
To find all of the Plug & Fetch feeds available for XSOAR you can simply use the "Plug & Fetch" tag in the Cortex Marketplace search filters:
As before, you can use the "Free Feed" tag.
An easy setup for an RSS based feed:
These feeds are almost always Plug & Fetch but as they are different in nature, we decided to give them a distinctive tag to enhance searchability.
To make life even easier for our users, we have also created a new XSOAR pack called "Free Feeds". This new pack has all the data presented above and lists all the available new feeds within XSOAR, and any optional dependencies, in one single location. We will update this pack with every new free feed that is added to XSOAR.
Just like with feeds we have also added two new tags to indicators of compromise (IOC) enrichers within XSOAR:
A good example of a Plug & Enrich integration is Team Cymru which provides data about IP addresses:
A nice example of such an enricher is AbuseIPDB which requires an API key in order to install an instance in XSOAR.
Just like with our Free Feeds we also created a new XSOAR pack called "Free Enrichers" which lists all of the free enrichers available in the Marketplace and provides details about the tags used to define them.
These content packs, as well as hundreds of other packs covering a myriad of incident types and use cases can be discovered in the Cortex Marketplace. In order to run these packs, you will need an instance of Cortex XSOAR. You can obtain a free Community Edition here.