topic Re: Help with feeds in Cortex XSOAR Discussions https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/help-with-feeds/m-p/577347#M3072 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307134">@tlmarques</a>, I would first check out the free feeds and free enrichers content packs in the XSOAR marketplace. These provide a large list of free feeds and enrichment integrations that can be used to help determine whether a domain is malicious or not. You can also leverage the Unit42 ATOMs feed as well. Overall I would not rely on a single feed or enrichment source to determine if an indicator is malicious or not. Try to enrich the URLs and domains against a few different enrichment sources to see what the verdict is. Some good enrichment sources for domains: VirusTotal, whois, Ipinfo. Combine those enrichment sources with feeds such as Unit42 ATOMs, SpamHaus, OpenPhish and this can help you to determine if an URL or Domain is malicious or not.</P> Thu, 15 Feb 2024 15:09:59 GMT elmitchell 2024-02-15T15:09:59Z Help with feeds https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/help-with-feeds/m-p/575186#M3028 <P><SPAN>Hello, I need your help. I need feeds for domain classification and another feed for phishing, to determine whether domains have been compromised or not. What do you recommend for <LI-PRODUCT title="Cortex XSOAR" id="Cortex_XSOAR"></LI-PRODUCT>&nbsp;#</SPAN></P> Wed, 31 Jan 2024 23:50:15 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/help-with-feeds/m-p/575186#M3028 tlmarques 2024-01-31T23:50:15Z Re: Help with feeds https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/help-with-feeds/m-p/577347#M3072 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307134">@tlmarques</a>, I would first check out the free feeds and free enrichers content packs in the XSOAR marketplace. These provide a large list of free feeds and enrichment integrations that can be used to help determine whether a domain is malicious or not. You can also leverage the Unit42 ATOMs feed as well. Overall I would not rely on a single feed or enrichment source to determine if an indicator is malicious or not. Try to enrich the URLs and domains against a few different enrichment sources to see what the verdict is. Some good enrichment sources for domains: VirusTotal, whois, Ipinfo. Combine those enrichment sources with feeds such as Unit42 ATOMs, SpamHaus, OpenPhish and this can help you to determine if an URL or Domain is malicious or not.</P> Thu, 15 Feb 2024 15:09:59 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/help-with-feeds/m-p/577347#M3072 elmitchell 2024-02-15T15:09:59Z