This playbook was featured in a “Playbook Friday” blog: https://threatconnect.com/blog/google-alerts-rss-reader/! The blog post includes installation instructions and a gif of how to setup the playbook.
Once in a while, there is a Google search that turns up a lot of malicious or compromised domains. When this happens, it is helpful to use Google Alerts to create an RSS feed of websites matching the search. This playbook will then read from this RSS feed and create all of the urls as indicators in ThreatConnect. There are details and instructions for setting up an RSS feed for a Google alert here: https://thenextweb.com/google/2013/09/11/google-alerts-regains-rss-delivery-option-it-lost-after-google-readers-demise/.
This playbook expects the following user variables:
Personal Slack Channel
Slack API Token
Variables Declared in the Playbook
The following variables are declared in this playbook: