Adding result of new custom Integration as Threat indicators results

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Adding result of new custom Integration as Threat indicators results

L2 Linker



I made a custom Integration that get the verdict of (URLs) like (Malicious - Benign). Now I have a question How to add the name and result of this integration like the prebuilt Integrations which are in the screenshots (virus total - urlscan - etc..)..



kindly find the screenshot for claridication




L4 Transporter

Hi @oDarweesh2, Your post did not contain a screenshot so I'm making an assumption that you were talking about reputation sources. When returning the indicator you need to specify the vendor. Example screenshots of code and output below.

Screen Shot 2022-11-18 at 11.34.52 am.png


Screen Shot 2022-11-18 at 11.36.10 am.png

L2 Linker

Yes that what I am talking about.


But how to reflect it as you here put (indicator_value) in script. i replaced the values as you mentioned and when i ran it from command line. nothing changed.


Kindly find my code below in screenshot.



L4 Transporter

Hi @oDarweesh2, The example that I provided cannot be run inside a warroom. Depending on the way your server is setup it may not work. Try the below method. For more information refer -


The script I've attached below (Change extension from xml to yml) should be added as a Reputation Script inside the indicator type object. 

 - Go to Settings -> Object Setup -> Indicators -> Types

 - Select an Indicator type and click the Edit button. Screenshot below for reference.

Screen Shot 2022-11-21 at 11.36.07 am.png


Depending on your server setup you can then call indicator enrichment. Try !Print value= auto-extract=inline.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!