Publisher: Splunk
Connector Version: 2.2.2
Product Vendor: Generic
Product Name: RSS
Product Version Supported (regex): ".*"
Minimum Product Version: 6.1.1
Ingest IOCs from an RSS Feed
This app uses the sgmllib3k module which is licensed under the BSD 2-Clause license
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a RSS asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| rss_feed | required | string | RSS Feed |
| save_file | optional | boolean | Save file to vault |
| container_count | optional | numeric | Maximum entries to parse (0 for all) |
| artifact_count | optional | numeric | Maximum artifacts to create per entry (0 for all) |
| ignore_perrors | optional | boolean | Ignore parsing errors |
| ignore_cterrors | optional | boolean | Ignore content type errors |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
on poll - Ingest IOCs from an RSS Feed
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
Ingest IOCs from an RSS Feed
Type: ingest
Read only: True
The action ingests RSS feeds where entries point to HTML or PDF documents only.
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| container_count | optional | Maximum number of events to query for | numeric | |
| artifact_count | optional | Maximum number of artifacts per container | numeric | |
| start_time | optional | Parameter is ignored in this app | string | |
| end_time | optional | Parameter is ignored in this app | string |
No Output