We have configured the RSS integration in the community supported RSS content pack (https://xsoar.pan.dev/marketplace/details/RSS) to ingest CISA NCAS alerts as incidents for our threat intel teams to investigate. This is using the public feed at https://www.cisa.gov/uscert/ncas/alerts.xml .
The integration appears to fetch incidents correctly the first time it runs. However, when the feed is updated, the new incidents are not ingested. I've enabled debug and can see in the logs that it's running, but it doesn't seem to detect the new feed entries. If I clear the last run timestamp, it runs and creates new incidents for the entire feed.
I'm planning on duplicating the integration and throwing some debug lines in it to get a better handle on what might be causing it. However, I just wanted to see if anyone has encountered something similar with this integration and might be able to guide me in the right direction.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!