diff --git a/Packs/Cyberint/Classifiers/classifier-mapper-incoming-CyberInt.json b/Packs/Cyberint/Classifiers/classifier-mapper-incoming-CyberInt.json
index 3d777de8538d..ef24511cf383 100644
--- a/Packs/Cyberint/Classifiers/classifier-mapper-incoming-CyberInt.json
+++ b/Packs/Cyberint/Classifiers/classifier-mapper-incoming-CyberInt.json
@@ -1,60 +1,46 @@
 {
     "description": "",
     "feed": false,
-    "id": "abcd-5678",
+    "id": "Cyberint (mapper)",
     "mapping": {
         "Cyberint Incident": {
             "dontMapEventToLabels": false,
             "internalMapping": {
+                "Alert URL ID": {
+                    "simple": "id"
+                },
                 "Alert ID": {
                     "simple": "ref_id"
                 },
                 "Alert Name": {
                     "simple": "title"
                 },
-                "CyberInt Alert Data": {
-					"complex": {
-						"filters": [],
-						"root": "alert_data",
-						"transformers": [
-							{
-								"args": {
-									"headers": {},
-									"is_auto_json_transform": {},
-									"json_transform_properties": {},
-									"title": {}
-								},
-								"operator": "JsonToTable"
-							}
-						]
-					}
-				},
-                "CyberInt Alert ID": {
+                "Cyberint Alert ID": {
                     "simple": "ref_id"
                 },
-                "CyberInt Attachments": {
+                "Cyberint Attachments": {
                     "complex": {
                         "filters": [],
                         "root": "attachments",
                         "transformers": []
                     }
                 },
-                "CyberInt Closure reason": {
+                "Cyberint Closure reason": {
                     "simple": "closure_reason"
                 },
-                "CyberInt Closure reason Description": {
+                "Cyberint Closure reason Description": {
                     "simple": "closure_reason_description"
                 },
-                "CyberInt Confidence": {
+                "Cyberint Confidence": {
                     "simple": "confidence"
                 },
-                "CyberInt Created by": {
+                "Cyberint Created by": {
                     "simple": "created_by.email"
                 },
-                "CyberInt Created date": {
+                "Cyberint Created date": {
                     "simple": "created_date"
                 },
-                "CyberInt Credentials Exposed CSV": {
+                "Cyberint Credentials Exposed CSV": {
                     "complex": {
                         "accessor": "content",
                         "filters": [],
@@ -62,7 +48,7 @@
                         "transformers": []
                     }
                 },
-                "CyberInt Description": {
+                "Cyberint Description": {
                     "complex": {
                         "filters": [],
                         "root": "description",
@@ -73,30 +59,13 @@
                         ]
                     }
                 },
-                "CyberInt Expert Analysis": {
+                "Cyberint Expert Analysis": {
                     "simple": "analysis_report.name"
                 },
-                "CyberInt File Type": {
+                "Cyberint File Type": {
                     "simple": "attachments.mimetype"
                 },
-                "CyberInt Impact": {
-                    "complex": {
-                        "filters": [],
-                        "root": "impacts",
-                        "transformers": [
-                            {
-                                "args": {
-                                    "delimiter": {
-                                        "value": {
-                                            "simple": ","
-                                        }
-                                    }
-                                },
-                                "operator": "splitAndTrim"
-                            }
-                        ]
-                    }
-                },"CyberInt Impacts": {
+                "Cyberint Impact": {
                     "complex": {
                         "filters": [],
                         "root": "impacts",
@@ -114,70 +83,54 @@
                         ]
                     }
                 },
-                "CyberInt Payment Card Exposed CSV": {
+                "Cyberint Payment Card Exposed CSV": {
                     "simple": "attachments.content"
                 },
-                "CyberInt Recommendation": {
+                "Cyberint Recommendation": {
                     "complex": {
                         "filters": [],
                         "root": "recommendation",
                         "transformers": []
                     }
                 },
-                "CyberInt Related IOCs": {
+                "Cyberint Related IOCs": {
                     "simple": "iocs"
                 },
-                "CyberInt Related entities": {
+                "Cyberint Related entities": {
                     "simple": "related_entities"
                 },
-                "CyberInt Related Entity": {
-                    "simple": "related_entities"
-                },
-                "CyberInt Source": {
+                "Cyberint Source": {
                     "simple": "source"
                 },
-                "CyberInt Source category": {
+                "Cyberint Source category": {
                     "simple": "source_category"
                 },
-                "CyberInt Status": {
+                "Cyberint Status": {
                     "simple": "status"
                 },
-                "CyberInt Tags": {
+                "Cyberint Tags": {
                     "simple": "tags"
                 },
-                "CyberInt Descriptors": {
-                    "simple": "tags"
-                },
-                "CyberInt Targeted Brand": {
-                    "complex": {
-                        "filters": [],
-                        "root": "targeted_brands",
-                        "transformers": []
-                    }
-                },
-                "CyberInt Targeted Brands": {
+                "Cyberint Targeted Brand": {
                     "complex": {
                         "filters": [],
                         "root": "targeted_brands",
                         "transformers": []
                     }
                 },
-                "CyberInt Targeted Vector": {
-                    "simple": "targeted_vectors"
-                },
-                "CyberInt Targeted Vectors": {
+                "Cyberint Targeted Vector": {
                     "simple": "targeted_vectors"
                 },
-                "CyberInt Threat Actor": {
+                "Cyberint Threat Actor": {
                     "simple": "threat_actor"
                 },
-                "CyberInt Ticket ID": {
+                "Cyberint Ticket ID": {
                     "simple": "ticket_id"
                 },
-                "CyberInt Title": {
+                "Cyberint Title": {
                     "simple": "title"
                 },
-                "CyberInt Type": {
+                "Cyberint Type": {
                     "simple": "type"
                 },
                 "Cyberint Category": {
@@ -219,9 +172,6 @@
                 "Threat Actor": {
                     "simple": "threat_actor"
                 },
-                "name": {
-                    "simple": "alert_name"
-                },
                 "occurred": {
                     "complex": {
                         "filters": [],
@@ -242,7 +192,31 @@
                     }
                 },
                 "severity": {
-                    "simple": "severity"
+                    "complex": {
+                        "filters": [],
+                        "root": "severity",
+                        "transformers": [
+                            {
+                                "args": {
+                                    "input_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "complex": null,
+                                            "simple": "low,medium,high,very_high"
+                                        }
+                                    },
+                                    "mapped_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "complex": null,
+                                            "simple": "1,2,3,4"
+                                        }
+                                    }
+                                },
+                                "operator": "MapValuesTransformer"
+                            }
+                        ]
+                    }
                 },
                 "source": {
                     "simple": "source"
@@ -252,35 +226,38 @@
         "dbot_classification_incident_type_all": {
             "dontMapEventToLabels": false,
             "internalMapping": {
+                "Alert URL ID": {
+                    "simple": "id"
+                },
                 "Alert ID": {
                     "simple": "ref_id"
                 },
                 "Alert Name": {
                     "simple": "title"
                 },
-                "CyberInt Alert ID": {
+                "Cyberint Alert ID": {
                     "simple": "ref_id"
                 },
-                "CyberInt Attachments": {
+                "Cyberint Attachments": {
                     "complex": {
                         "filters": [],
                         "root": "attachments",
                         "transformers": []
                     }
                 },
-                "CyberInt Closure reason": {
+                "Cyberint Closure reason": {
                     "simple": "closure_reason"
                 },
-                "CyberInt Confidence": {
+                "Cyberint Confidence": {
                     "simple": "confidence"
                 },
-                "CyberInt Created by": {
+                "Cyberint Created by": {
                     "simple": "created_by.email"
                 },
-                "CyberInt Created date": {
+                "Cyberint Created date": {
                     "simple": "created_date"
                 },
-                "CyberInt Description": {
+                "Cyberint Description": {
                     "complex": {
                         "filters": [],
                         "root": "description",
@@ -291,31 +268,10 @@
                         ]
                     }
                 },
-                "CyberInt Expert Analysis": {
+                "Cyberint Expert Analysis": {
                     "simple": "analysis_report.name"
                 },
-                "CyberInt Impact": {
-                    "complex": {
-                        "filters": [],
-                        "root": "impacts",
-                        "transformers": [
-                            {
-                                "operator": "Stringify"
-                            },
-                            {
-                                "args": {
-                                    "delimiter": {
-                                        "value": {
-                                            "simple": ","
-                                        }
-                                    }
-                                },
-                                "operator": "splitAndTrim"
-                            }
-                        ]
-                    }
-                },
-                "CyberInt Impacts": {
+                "Cyberint Impact": {
                     "complex": {
                         "filters": [],
                         "root": "impacts",
@@ -336,60 +292,36 @@
                         ]
                     }
                 },
-                "CyberInt Recommendation": {
+                "Cyberint Recommendation": {
                     "simple": "recommendation"
                 },
-                "CyberInt Related IOCs": {
+                "Cyberint Related IOCs": {
                     "simple": "iocs"
                 },
-                "CyberInt Related entities": {
+                "Cyberint Related entities": {
                     "complex": {
                         "filters": [],
                         "root": "related_entities",
                         "transformers": []
                     }
                 },
-                "CyberInt Related Entity": {
-                    "complex": {
-                        "filters": [],
-                        "root": "related_entities",
-                        "transformers": []
-                    }
-                },
-                "CyberInt Source": {
+                "Cyberint Source": {
                     "simple": "source"
                 },
-                "CyberInt Source category": {
+                "Cyberint Source category": {
                     "simple": "source_category"
                 },
                 "CyberInt Status": {
                     "simple": "status"
                 },
-                "CyberInt Tags": {
+                "Cyberint Tags": {
                     "complex": {
                         "filters": [],
                         "root": "tags",
                         "transformers": []
                     }
-                },"CyberInt Descriptors": {
-                    "complex": {
-                        "filters": [],
-                        "root": "tags",
-                        "transformers": []
-                    }
-                },
-                "CyberInt Targeted Brand": {
-                    "complex": {
-                        "filters": [],
-                        "root": "targeted_brands",
-                        "transformers": [
-                            {
-                                "operator": "ConvertToSingleElementArray"
-                            }
-                        ]
-                    }
                 },
-                "CyberInt Targeted Brands": {
+                "Cyberint Targeted Brand": {
                     "complex": {
                         "filters": [],
                         "root": "targeted_brands",
@@ -400,37 +332,30 @@
                         ]
                     }
                 },
-                "CyberInt Targeted Vector": {
-                    "complex": {
-                        "filters": [],
-                        "root": "targeted_vectors",
-                        "transformers": []
-                    }
-                },
-                "CyberInt Targeted Vectors": {
+                "Cyberint Targeted Vector": {
                     "complex": {
                         "filters": [],
                         "root": "targeted_vectors",
                         "transformers": []
                     }
                 },
-                "CyberInt Threat Actor": {
+                "Cyberint Threat Actor": {
                     "simple": "threat_actor"
                 },
-                "CyberInt Ticket ID": {
+                "Cyberint Ticket ID": {
                     "complex": {
                         "filters": [],
                         "root": "ticket_id",
                         "transformers": []
                     }
                 },
-                "CyberInt Title": {
+                "Cyberint Title": {
                     "simple": "title"
                 },
-                "CyberInt Type": {
+                "Cyberint Type": {
                     "simple": "type"
                 },
-                "CyberInt Vulnerable CName Record": {
+                "Cyberint Vulnerable CName Record": {
                     "simple": "alert_data.vulnerable_cname_record"
                 },
                 "Cyberint Category": {
@@ -479,7 +404,7 @@
                     "simple": "mirror_instance"
                 },
                 "name": {
-                    "simple": "alert_name"
+                    "simple": "title"
                 },
                 "occurred": {
                     "complex": {
@@ -504,7 +429,27 @@
                     "complex": {
                         "filters": [],
                         "root": "severity",
-                        "transformers": []
+                        "transformers": [
+                            {
+                                "args": {
+                                    "input_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "complex": null,
+                                            "simple": "low,medium,high,very_high"
+                                        }
+                                    },
+                                    "mapped_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "complex": null,
+                                            "simple": "1,2,3,4"
+                                        }
+                                    }
+                                },
+                                "operator": "MapValuesTransformer"
+                            }
+                        ]
                     }
                 },
                 "source": {
@@ -513,7 +458,7 @@
             }
         }
     },
-    "name": "CyberInt (mapper)",
+    "name": "Cyberint (mapper)",
     "type": "mapping-incoming",
     "version": -1,
     "fromVersion": "6.0.0"
diff --git a/Packs/Cyberint/Classifiers/classifier-mapper-outgoing-CyberInt.json b/Packs/Cyberint/Classifiers/classifier-mapper-outgoing-CyberInt.json
index 57c7e879de00..f2822ebac2fc 100644
--- a/Packs/Cyberint/Classifiers/classifier-mapper-outgoing-CyberInt.json
+++ b/Packs/Cyberint/Classifiers/classifier-mapper-outgoing-CyberInt.json
@@ -1,34 +1,56 @@
 {
-    "description": "",
-    "feed": false,
-    "id": "CyberInt Outgoing (mapper)",
-    "mapping": {
-        "Cyberint Incident": {
-            "dontMapEventToLabels": true,
-            "internalMapping": {
-                "closure_reason": {
-                    "simple": "cyberintclosurereason"
-                },
-                "closure_reason_description": {
-                    "simple": "cyberintclosurereasondescription"
-                },
-                "mirror_direction": {
-                    "simple": "dbotMirrorDirection"
-                },
-                "mirror_instance": {
-                    "simple": "dbotMirrorInstance"
-                },
-                "ref_id": {
-                    "simple": "dbotMirrorId"
-                },
-                "status": {
-                    "simple": "cyberintstatus"
-                }
-            }
-        }
-    },
-    "name": "CyberInt Outgoing (mapper)",
-    "type": "mapping-outgoing",
-    "version": -1,
-    "fromVersion": "6.0.0"
-}
\ No newline at end of file
+	"brands": null,
+	"cacheVersn": 0,
+	"defaultIncidentType": "",
+	"definitionId": "",
+	"description": "",
+	"feed": false,
+	"fromServerVersion": "",
+	"id": "46139b6e-d1e4-4f17-88bb-cf3b4bb5b6df",
+	"incidentSamples": null,
+	"indicatorSamples": null,
+	"instanceIds": null,
+	"itemVersion": "",
+	"keyTypeMap": {},
+	"locked": false,
+	"logicalVersion": 5,
+	"mapping": {
+		"Cyberint Incident": {
+			"dontMapEventToLabels": true,
+			"internalMapping": {
+				"closure_reason": {
+					"simple": "cyberintclosurereason"
+				},
+				"closure_reason_description": {
+					"simple": "cyberintclosurereasondescription"
+				},
+				"mirror_direction": {
+					"simple": "dbotMirrorDirection"
+				},
+				"mirror_instance": {
+					"simple": "dbotMirrorInstance"
+				},
+				"ref_id": {
+					"simple": "dbotMirrorId"
+				},
+				"status": {
+					"simple": "cyberintstatus"
+				}
+			}
+		}
+	},
+	"name": "Cyberint Outgoing (mapper)",
+	"nameRaw": "Cyberint Outgoing (mapper)",
+	"packID": "",
+	"packName": "",
+	"propagationLabels": [
+		"all"
+	],
+	"sourceClassifierId": "",
+	"system": false,
+	"toServerVersion": "",
+	"transformer": {},
+	"type": "mapping-outgoing",
+	"unclassifiedCases": null,
+	"version": -1
+}
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_File_Type.json b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_File_Type.json
index d17930ea723e..325c199aedfb 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_File_Type.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_File_Type.json
@@ -13,7 +13,7 @@
     "id": "incident_cyberintfiletype",
     "isReadOnly": false,
     "locked": false,
-    "name": "CyberInt File Type",
+    "name": "Cyberint File Type",
     "neverSetAsRequired": false,
     "openEnded": false,
     "ownerOnly": false,
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Related_entity.json b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Related_entity.json
index 0ba52913b75f..7c3cef01ade0 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Related_entity.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Related_entity.json
@@ -1,7 +1,7 @@
 {
     "id": "incident_cyberintrelatedentity",
     "version": -1,
-    "name": "CyberInt Related Entity",
+    "name": "Cyberint Related Entity",
     "ownerOnly": false,
     "cliName": "cyberintrelatedentity",
     "type": "multiSelect",
@@ -27,4 +27,4 @@
     "threshold": 72,
     "fromVersion": "6.0.0",
     "openEnded": true
-}
+}
\ No newline at end of file
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Brands.json b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Brands.json
index 62fc973edefe..8926f4f4136d 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Brands.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Brands.json
@@ -1,7 +1,7 @@
 {
     "id": "incident_cyberinttargetedbrands",
     "version": -1,
-    "name": "CyberInt Targeted Brands",
+    "name": "Cyberint Targeted Brands",
     "ownerOnly": false,
     "cliName": "cyberinttargetedbrands",
     "type": "multiSelect",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Vectors.json b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Vectors.json
index 5704e9123fc1..825702d12447 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Vectors.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-CyberInt_Targeted_Vectors.json
@@ -1,7 +1,7 @@
 {
     "id": "incident_cyberinttargetedvectors",
     "version": -1,
-    "name": "CyberInt Targeted Vectors",
+    "name": "Cyberint Targeted Vectors",
     "ownerOnly": false,
     "cliName": "cyberinttargetedvectors",
     "type": "multiSelect",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason.json
index 01d6fa4cd931..859c67faddba 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason.json
@@ -13,7 +13,7 @@
     "id": "incident_cyberintclosurereason",
     "isReadOnly": false,
     "locked": false,
-    "name": "CyberInt Closure reason",
+    "name": "Cyberint Closure reason",
     "neverSetAsRequired": false,
     "openEnded": false,
     "ownerOnly": false,
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason_Description.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason_Description.json
index 0ad99a97df41..5ddc6a323166 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason_Description.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_Closure_reason_Description.json
@@ -24,7 +24,7 @@
     "threshold": 72,
     "type": "shortText",
     "unmapped": false,
-    "unsearchable": true,
+    "unsearchable": false,
     "useAsKpi": false,
     "version": -1,
     "fromVersion": "6.0.0"
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Alert_ID.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Alert_ID.json
index 982634dc03c1..de027309a889 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Alert_ID.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Alert_ID.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberintalertid",
     "version": -1,
     "modified": "2021-02-22T21:50:43.871414193+02:00",
-    "name": "CyberInt Alert ID",
+    "name": "Cyberint Alert ID",
     "ownerOnly": false,
     "cliName": "cyberintalertid",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Confidence.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Confidence.json
index 35a60b4eab6e..33e2220b4f62 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Confidence.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Confidence.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberintconfidence",
     "version": -1,
     "modified": "2021-02-22T21:51:24.438436947+02:00",
-    "name": "CyberInt Confidence",
+    "name": "Cyberint Confidence",
     "ownerOnly": false,
     "cliName": "cyberintconfidence",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Description.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Description.json
index 1a1c0d3454f7..04be5aa8542a 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Description.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Description.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberintdescription",
     "version": -1,
     "modified": "2021-02-22T21:51:53.226184184+02:00",
-    "name": "CyberInt Description",
+    "name": "Cyberint Description",
     "ownerOnly": false,
     "cliName": "cyberintdescription",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_ID.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_ID.json
new file mode 100644
index 000000000000..272190241a7c
--- /dev/null
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_ID.json
@@ -0,0 +1,30 @@
+{
+    "id": "incident_id",
+    "version": -1,
+    "modified": "2024-10-27T20:50:43.871414193+02:00",
+    "name": "Alert URL ID",
+    "ownerOnly": false,
+    "cliName": "id",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "Cyberint Incident"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.0.0"
+}
\ No newline at end of file
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Tags.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Tags.json
index ab2ea9c9df68..9eabef809041 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Tags.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Tags.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberinttags",
     "version": -1,
     "modified": "2021-02-22T21:54:24.562891889+02:00",
-    "name": "CyberInt Tags",
+    "name": "Cyberint Tags",
     "ownerOnly": false,
     "cliName": "cyberinttags",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Threat_Actor.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Threat_Actor.json
index 829f5e337126..3518dfe5a14e 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Threat_Actor.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Threat_Actor.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberintthreatactor",
     "version": -1,
     "modified": "2021-02-22T21:55:13.479151489+02:00",
-    "name": "CyberInt Threat Actor",
+    "name": "Cyberint Threat Actor",
     "ownerOnly": false,
     "cliName": "cyberintthreatactor",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Ticket_ID.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Ticket_ID.json
index fee1e5a2f49a..33576b1dc3c7 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Ticket_ID.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Ticket_ID.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberintticketid",
     "version": -1,
     "modified": "2021-02-22T21:55:22.750862583+02:00",
-    "name": "CyberInt Ticket ID",
+    "name": "Cyberint Ticket ID",
     "ownerOnly": false,
     "cliName": "cyberintticketid",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Title.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Title.json
index 6bc2597e4654..2f9acd30c69d 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Title.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Title.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberinttitle",
     "version": -1,
     "modified": "2021-02-22T21:55:35.77661741+02:00",
-    "name": "CyberInt Title",
+    "name": "Cyberint Title",
     "ownerOnly": false,
     "cliName": "cyberinttitle",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Type.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Type.json
index 2ccd07c852e4..36d65314db8d 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Type.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Type.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberinttype",
     "version": -1,
     "modified": "2021-02-22T21:56:26.928862533+02:00",
-    "name": "CyberInt Type",
+    "name": "Cyberint Type",
     "ownerOnly": false,
     "cliName": "cyberinttype",
     "type": "shortText",
diff --git a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Vulnerable_CName_Record.json b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Vulnerable_CName_Record.json
index 1004b2cfa117..c062559e01d0 100644
--- a/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Vulnerable_CName_Record.json
+++ b/Packs/Cyberint/IncidentFields/incidentfield-Cyberint_CyberInt_Vulnerable_CName_Record.json
@@ -2,7 +2,7 @@
     "id": "incident_cyberinvulnerablecnamerecord",
     "version": -1,
     "modified": "2021-02-22T21:50:43.871414193+02:00",
-    "name": "CyberInt Vulnerable CName Record",
+    "name": "Cyberint Vulnerable CName Record",
     "ownerOnly": false,
     "cliName": "vulnerablecnamerecord",
     "type": "shortText",
diff --git a/Packs/Cyberint/Integrations/Cyberint/Cyberint.py b/Packs/Cyberint/Integrations/Cyberint/Cyberint.py
index 1e5ef9971a17..2865cb663217 100644
--- a/Packs/Cyberint/Integrations/Cyberint/Cyberint.py
+++ b/Packs/Cyberint/Integrations/Cyberint/Cyberint.py
@@ -4,8 +4,7 @@
 import copy
 import json
 from contextlib import closing
-from typing import Any
-from collections.abc import Iterable
+from typing import Any, Dict, Iterable, List, Optional, Tuple
 
 import dateparser
 from CommonServerPython import *
@@ -23,12 +22,24 @@
     "Incoming And Outgoing": "Both",
 }
 
-MIRRORING_FIELDS = [
+MIRRORING_FIELDS_XSOAR = [
+    "cyberintstatus",
+    "cyberintclosurereason",
+    "cyberintclosurereasondescription",
+]
+
+MIRRORING_FIELDS_ARGOS = [
     "status",
     "closure_reason",
     "closure_reason_description",
 ]
 
+MIRRORING_FIELDS_MAPPER = {
+    "cyberintstatus": "status",
+    "cyberintclosurereason": "closure_reason",
+    "cyberintclosurereasondescription": "closure_reason_description",
+}
+
 
 class Client(BaseClient):
     """
@@ -37,7 +48,7 @@ class Client(BaseClient):
 
     def __init__(self, base_url: str, access_token: str, verify_ssl: bool, proxy: bool):
         """
-        Client for CyberInt RESTful API.
+        Client for Cyberint RESTful API.
 
         Args:
             base_url (str): URL to access when getting alerts.
@@ -45,25 +56,34 @@ def __init__(self, base_url: str, access_token: str, verify_ssl: bool, proxy: bo
             verify_ssl (bool): specifies whether to verify the SSL certificate or not.
             proxy (bool): specifies if to use XSOAR proxy settings.
         """
+        params = demisto.params()
         self._cookies = {"access_token": access_token}
-        self.headers = {"x-integration-source": f"XSOAR;{demisto.integrationInstance()}"}
+        self._headers = {
+            "X-Integration-Type": "XSOAR",
+            "X-Integration-Instance-Name": demisto.integrationInstance(),
+            "X-Integration-Instance-Id": "",
+            "X-Integration-Customer-Name": params.get("client_name", ""),
+            "X-Integration-Version": "1.1.4"
+        }
         super().__init__(base_url=base_url, verify=verify_ssl, proxy=proxy)
 
+
+    @logger
     def list_alerts(
         self,
-        page: str | None,
-        page_size: int | None,
-        created_date_from: str | None,
-        created_date_to: str | None,
-        modification_date_from: str | None,
-        modification_date_to: str | None,
-        update_date_from: str | None,
-        update_date_to: str | None,
-        environments: list[str] | None,
-        statuses: list[str] | None,
-        severities: list[str] | None,
-        types: list[str] | None,
-    ) -> dict:
+        page: Optional[str],
+        page_size: Optional[int],
+        created_date_from: Optional[str],
+        created_date_to: Optional[str],
+        modification_date_from: Optional[str],
+        modification_date_to: Optional[str],
+        update_date_from: Optional[str],
+        update_date_to: Optional[str],
+        environments: Optional[List[str]],
+        statuses: Optional[List[str]],
+        severities: Optional[List[str]],
+        types: Optional[List[str]],
+    ) -> Dict:
         """
         Retrieve a list of alerts according to parameters.
 
@@ -74,6 +94,8 @@ def list_alerts(
             created_date_to (str): Maximal ISO-Formatted creation date.
             modification_date_from (str): Minimal ISO-Formatted modification date.
             modification_date_to (str): Maximal ISO-Formatted modification date.
+            update_date_from (str): Minimal ISO-Formatted update date.
+            update_date_to (str): Maximal ISO-Formatted update date.
             environments (list(str)): Environments in which the alerts were created.
             statuses (list(str)): Alerts statuses.
             severities (list(str)): Alerts severities.
@@ -102,11 +124,11 @@ def list_alerts(
 
     def update_alerts(
         self,
-        alerts: list[str],
-        status: str | None,
-        closure_reason: str | None = None,
-        closure_reason_description: str | None = None,
-    ) -> dict:
+        alerts: List[str],
+        status: Optional[str],
+        closure_reason: Optional[str] = None,
+        closure_reason_description: Optional[str] = None,
+    ) -> Dict:
         """
         Update the status of one or more alerts
 
@@ -114,6 +136,7 @@ def update_alerts(
             alerts (list(str)): Reference IDs for the alert(s)
             status (str): Desired status to update for the alert(s)
             closure_reason (str): Reason for updating the alerts status to closed.
+            closure_reason_description (str): Reason for updating the alerts status to closed.
 
         Returns:
             response (Response): API response from Cyberint.
@@ -169,13 +192,12 @@ def get_alert_attachment(self, alert_ref_id: str, attachment_id: str) -> Respons
     def get_alert(
         self,
         alert_ref_id: str,
-    ) -> dict:
+    ) -> Dict:
         """
         Retrieve attachment by alert reference ID and attachment ID.
 
         Args:
             alert_ref_id (str): Reference ID of the alert.
-            attachment_id (str): The ID of the attachment.
 
         Returns:
             Response: API response from Cyberint.
@@ -216,7 +238,7 @@ def test_module(client: Client):
     except DemistoException as exception:
         if "Invalid token or token expired" in str(exception):
             error_message = (
-                "Error verifying access token and / or environment, make sure the "
+                "Error verifying access token and / or URL, make sure the "
                 "configuration parameters are correct."
             )
         else:
@@ -224,7 +246,7 @@ def test_module(client: Client):
         raise DemistoException(error_message)
 
 
-def verify_input_date_format(date: str | None) -> str | None:
+def verify_input_date_format(date: Optional[str]) -> Optional[str]:
     """
     Make sure a date entered by the user is in the correct string format (with a Z at the end).
 
@@ -240,8 +262,8 @@ def verify_input_date_format(date: str | None) -> str | None:
 
 
 def set_date_pair(
-    start_date_arg: str | None, end_date_arg: str | None, date_range_arg: str | None
-) -> tuple[str | None, str | None]:
+    start_date_arg: Optional[str], end_date_arg: Optional[str], date_range_arg: Optional[str]
+) -> Tuple[Optional[str], Optional[str]]:
     """
     Calculate the date range to send to the API based on the arguments from the user.
 
@@ -269,7 +291,7 @@ def set_date_pair(
 
 def extract_data_from_csv_stream(
     client: Client, alert_id: str, attachment_id: str, delimiter: bytes = b"\r\n"
-) -> list[dict]:
+) -> List[dict]:
     """
     Call the attachment download API and parse required fields.
 
@@ -363,9 +385,9 @@ def cyberint_alerts_fetch_command(client: Client, args: dict) -> CommandResults:
             alert["alert_data"]["csv"] = extracted_csv_data
         outputs.append(alert)
     total_alerts = result.get("total")
-    table_headers = ["ref_id", "title", "status", "severity", "created_date", "update_date", "type", "environment"]
+    table_headers = ["id", "ref_id", "title", "status", "severity", "created_date", "update_date", "type", "environment"]
     readable_output = f'Total alerts: {total_alerts}\nCurrent page: {args.get("page", 1)}\n'
-    readable_output += tableToMarkdown(name="CyberInt alerts:", t=outputs, headers=table_headers, removeNull=True)
+    readable_output += tableToMarkdown(name="Cyberint alerts:", t=outputs, headers=table_headers, removeNull=True)
     return CommandResults(
         outputs_key_field="ref_id",
         outputs_prefix="Cyberint.Alert",
@@ -416,7 +438,7 @@ def cyberint_alerts_status_update(client: Client, args: dict) -> CommandResults:
         )
 
     readable_output = tableToMarkdown(
-        name="CyberInt alerts updated information:", t=outputs, headers=table_headers, removeNull=True
+        name="Cyberint alerts updated information:", t=outputs, headers=table_headers, removeNull=True
     )
     return CommandResults(
         outputs_key_field="ref_id",
@@ -429,7 +451,7 @@ def cyberint_alerts_status_update(client: Client, args: dict) -> CommandResults:
 
 def cyberint_alerts_get_attachment_command(
     client: Client, alert_ref_id: str, attachment_id: str, attachment_name: str
-) -> dict:
+) -> Dict:
     """
     Retrieve attachment by alert reference ID and attachment internal ID.
     Attachments includes: CSV files , Screenshots, and alert attachments files.
@@ -450,7 +472,7 @@ def cyberint_alerts_get_attachment_command(
     return fileResult(filename=attachment_name, data=raw_response.content)
 
 
-def cyberint_alerts_get_analysis_report_command(client: Client, alert_ref_id: str, report_name: str) -> dict:
+def cyberint_alerts_get_analysis_report_command(client: Client, alert_ref_id: str, report_name: str) -> Dict:
     """
     Retrieve expert analysis report by alert reference ID and report name.
 
@@ -504,7 +526,7 @@ def create_fetch_incident_attachment(raw_response: Response, attachment_file_nam
     return {"path": file_result["FileID"], "name": attachment_name, "showMediaFile": True}
 
 
-def get_alert_attachments(client: Client, attachment_list: list, attachment_type: str, alert_id: str) -> list:
+def get_alert_attachments(client: Client, attachment_list: List, attachment_type: str, alert_id: str) -> List:
     """
     Retrieve all alert attachments files - Attachments, CSV, Screenshot, and Analysis report.
     For each attachment, we save and return the relevant fields in order to represent the attachment in the layout.
@@ -545,13 +567,12 @@ def convert_date_time_args(date_time: str) -> str:
     Returns:
         str: The updated datetime.
     """
-    datetime_arg = arg_to_datetime(date_time, required=False)
-    if datetime_arg:
+    if datetime_arg := arg_to_datetime(date_time, required=False):
         return datetime_arg.strftime(DATE_FORMAT)
     return ""
 
 
-def get_modified_remote_data(client: Client, args: dict[str, Any]) -> GetModifiedRemoteDataResponse:
+def get_modified_remote_data(client: Client, args: Dict[str, Any]) -> GetModifiedRemoteDataResponse:
     """
     Queries for incidents that were modified since the last update.
 
@@ -565,10 +586,10 @@ def get_modified_remote_data(client: Client, args: dict[str, Any]) -> GetModifie
     remote_args = GetModifiedRemoteDataArgs(args)
     last_update = remote_args.last_update
 
-    demisto.debug(f"Get modified remote data from {last_update}")
+    demisto.debug(f"******** Get modified remote data from {last_update}")
     update_date_from = convert_date_time_args(last_update)
     update_date_to = datetime.strftime(datetime.now(), DATE_FORMAT)
-    demisto.debug(f"Get modified remote data {update_date_from=}, {update_date_to=}")
+    demisto.debug(f"******** Get modified remote data {update_date_from=} {update_date_to=}")
     modified_tickets = []
 
     response = client.list_alerts(
@@ -589,7 +610,7 @@ def get_modified_remote_data(client: Client, args: dict[str, Any]) -> GetModifie
     for ticket in response["alerts"]:
         modified_tickets.append(ticket["ref_id"])
 
-    demisto.debug(f"There are {len(modified_tickets)} modified incidents from Cyberint")
+    demisto.debug(f"******** There are {len(modified_tickets)} modified incidents from Cyberint")
 
     return GetModifiedRemoteDataResponse(modified_tickets)
 
@@ -601,12 +622,12 @@ def get_mapping_fields_command() -> GetMappingFieldsResponse:
     Returns:
     GetMappingFieldsResponse: Dictionary with keys as field names.
     """
-    demisto.debug("Get Cyberint mapping fields")
+    demisto.debug("******** Get Cyberint mapping fields")
     mapping_response = GetMappingFieldsResponse()
 
     incident_type_scheme = SchemeTypeMapping(type_name="Cyberint Incident")
 
-    for field in MIRRORING_FIELDS:
+    for field in MIRRORING_FIELDS_ARGOS:
         incident_type_scheme.add_field(field)
 
     mapping_response.add_scheme_type(incident_type_scheme)
@@ -616,7 +637,7 @@ def get_mapping_fields_command() -> GetMappingFieldsResponse:
 
 def update_remote_system(
     client: Client,
-    args: dict[str, Any],
+    args: Dict[str, Any],
 ) -> str:
     """
     This command pushes local changes to the remote system.
@@ -634,37 +655,46 @@ def update_remote_system(
     incident_id = parsed_args.remote_incident_id
 
     demisto.debug(
-        f"Got the following delta keys {str(list(parsed_args.delta.keys()))}"
+        f"******** Got the following delta keys {str(list(parsed_args.delta.keys()))}"
         if parsed_args.delta
-        else "There is no delta fields in Cyberint"
+        else "******** There is no delta fields in Cyberint"
     )
 
     try:
         if parsed_args.incident_changed:
-            demisto.debug(f"Incident changed: {parsed_args.incident_changed}, {parsed_args.delta=}")
+            demisto.debug(f"******** Incident changed: {parsed_args.incident_changed}, {parsed_args.delta=}")
 
             update_args = parsed_args.delta
-            demisto.debug(f"Sending incident with remote ID [{incident_id}] to Cyberint\n")
+            demisto.debug(f"******** Sending incident with remote ID [{incident_id}] to Cyberint\n")
 
             updated_arguments = {}
             if updated_status := update_args.get("status"):
+                closure_reason = update_args.get("closure_reason", "other")
+                closure_reason_description = update_args.get("closure_reason_description", "user wasn't specified closure reason when closed alert")
                 if updated_status != "closed":
                     updated_arguments["status"] = updated_status
                 else:
-                    for key, value in update_args.items():
-                        if key in MIRRORING_FIELDS:
-                            updated_arguments[key] = value
+                    updated_arguments["status"] = updated_status
+                    updated_arguments["closure_reason"] = closure_reason
+                    updated_arguments["closure_reason_description"] = closure_reason_description
+            else:
+                cyberint_response = client.get_alert(alert_ref_id=incident_id)
+                cyberint_alert: Dict[str, Any] = cyberint_response["alert"]
+                cyberint_status = cyberint_alert.get("status")
+                updated_arguments["status"] = cyberint_status
 
             updated_arguments["alerts"] = [incident_id]
 
-            demisto.debug(f"Remote ID [{incident_id}] to Cyberint. {updated_arguments=}|| {update_args=}")
+            demisto.debug(f"******** Remote ID [{incident_id}] to Cyberint. {updated_arguments=}|| {update_args=}")
 
             client.update_alerts(**updated_arguments)
 
-        demisto.info(f"Remote data of {incident_id}: {parsed_args.data}")
+        demisto.debug(f"******** Remote data of {incident_id}: {parsed_args.data}")
 
     except Exception as error:
-        demisto.info(f"Error in Cyberint outgoing mirror for incident {incident_id}  \n Error message: {error}")
+        demisto.error(
+            f"Error in Cyberint outgoing mirror for incident {incident_id}  \n" f"Error message: {error}"
+        )
 
     finally:
         return incident_id
@@ -672,8 +702,8 @@ def update_remote_system(
 
 def get_remote_data_command(
     client: Client,
-    args: dict[str, Any],
-    params: dict[str, Any],
+    args: Dict[str, Any],
+    params: Dict[str, Any],
 ) -> GetRemoteDataResponse:
     """
     Gets new information about the incidents in the remote system
@@ -687,13 +717,17 @@ def get_remote_data_command(
     parsed_args = GetRemoteDataArgs(args)
     incident_id = parsed_args.remote_incident_id
     last_update = date_to_epoch_for_fetch(arg_to_datetime(parsed_args.last_update))
-    demisto.debug(f"Check {incident_id} update from {last_update}")
+    demisto.debug(f"******** Check {incident_id} update from {last_update}")
 
     response = client.get_alert(alert_ref_id=incident_id)
-    mirrored_ticket: dict[str, Any] = response["alert"]
+    mirrored_ticket: Dict[str, Any] = response["alert"]
     ticket_last_update = date_to_epoch_for_fetch(arg_to_datetime(mirrored_ticket.get("update_date")))
 
-    demisto.debug(f"Alert {incident_id} - {ticket_last_update=} {last_update=}")
+    mirrored_ticket["cyberintstatus"] =  MIRRORING_FIELDS_MAPPER.get(mirrored_ticket["status"])
+    mirrored_ticket["cyberintclosurereason"] = mirrored_ticket["closure_reason"]
+    mirrored_ticket["cyberintclosurereasondescription"] = mirrored_ticket["closure_reason_description"]
+
+    demisto.debug(f"******** Alert {incident_id} - {ticket_last_update=} {last_update=}")
 
     entries = []
 
@@ -712,7 +746,7 @@ def get_remote_data_command(
     return GetRemoteDataResponse(mirrored_ticket, entries)
 
 
-def date_to_epoch_for_fetch(date: datetime | None) -> int:
+def date_to_epoch_for_fetch(date: Optional[datetime]) -> int:
     """
     Converts datetime object to date in epoch timestamp (in seconds),
     for fetch command.
@@ -728,16 +762,17 @@ def date_to_epoch_for_fetch(date: datetime | None) -> int:
 
 def fetch_incidents(
     client: Client,
-    last_run: dict[str, int],
+    last_run: Dict[str, int],
     first_fetch_time: str,
-    fetch_severity: list[str] | None,
-    fetch_status: list[str] | None,
-    fetch_type: list[str] | None,
-    fetch_environment: list[str] | None,
-    max_fetch: int | None,
+    fetch_severity: Optional[List[str]],
+    fetch_status: Optional[List[str]],
+    fetch_type: Optional[List[str]],
+    fetch_environment: Optional[List[str]],
+    max_fetch: Optional[int],
     duplicate_alert: bool,
-    mirror_direction: str | None,
-) -> tuple[dict[str, int], list[dict]]:
+    mirror_direction: Optional[str],
+    close_alert: bool,
+) -> Tuple[Dict[str, int], List[dict]]:
     """
     Fetch incidents (alerts) each minute (by default).
     Args:
@@ -750,6 +785,9 @@ def fetch_incidents(
         fetch_type (list(str)): Types to fetch.
         fetch_environment (list(str)): Environments to fetch.
         max_fetch (int): Max number of alerts to fetch.
+        duplicate_alert (bool): Whether to duplicate alerts.
+        mirror_direction (str): Direction to mirror.
+        close_alert (bool): Whether to close alerts.
     Returns:
         Tuple of next_run (seconds timestamp) and the incidents list
     """
@@ -825,8 +863,7 @@ def fetch_incidents(
         alert_name = f"Cyberint alert {alert_id}: {alert_title}"
         alert.update({"alert_name": alert_name})
 
-        alert["closure_reason_description"] = "None"
-        alert["id"] = alert_id
+        alert["closure_reason_description"] = "none"
         alert["incident_id"] = alert_id
         alert["mirror_direction"] = mirror_direction
         alert["mirror_instance"] = demisto.integrationInstance()
@@ -854,6 +891,14 @@ def fetch_incidents(
         else:
             incidents.append(incident)
 
+        # close Cyberint alert if required
+        if close_alert:
+            client.update_alerts(
+                alerts=argToList(alert_id),
+                status="closed",
+                closure_reason="resolved",
+            )
+
     if incidents:
         #  Update the time for the next fetch so that there won't be duplicates.
         last_incident_time = max(incidents, key=lambda item: item["occurred"])
@@ -870,12 +915,12 @@ def main():
     params = demisto.params()
     command = demisto.command()
     access_token = params.get("access_token")
-    environment = params.get("environment")
+    url = params.get("url")
 
     verify_certificate = not params.get("insecure", False)
     first_fetch_time = params.get("first_fetch", "3 days").strip()
     proxy = params.get("proxy", False)
-    base_url = f"https://{environment}.cyberint.io/alert/"
+    base_url = f"{url}/alert/"
     demisto.info(f"Command being called is {command}")
     try:
         client = Client(
@@ -901,6 +946,7 @@ def main():
                 if params.get("mirror_direction") == "None"
                 else MIRROR_DIRECTION_MAPPING[params["mirror_direction"]]
             )
+            close_alert = params.get("close_alert", False)
             next_run, incidents = fetch_incidents(
                 client,
                 demisto.getLastRun(),
@@ -912,6 +958,7 @@ def main():
                 max_fetch,
                 duplicate_alert,
                 mirror_direction,
+                close_alert,
             )
             demisto.setLastRun(next_run)
             demisto.incidents(incidents)
@@ -938,7 +985,7 @@ def main():
     except Exception as e:
         if "Invalid token or token expired" in str(e):
             error_message = (
-                "Error verifying access token and / or environment, make sure the "
+                "Error verifying access token and / or URL, make sure the "
                 "configuration parameters are correct."
             )
         elif "datetime" in str(e).lower():
diff --git a/Packs/Cyberint/Integrations/Cyberint/Cyberint.yml b/Packs/Cyberint/Integrations/Cyberint/Cyberint.yml
index 0c28b65a802b..28452bea4b65 100644
--- a/Packs/Cyberint/Integrations/Cyberint/Cyberint.yml
+++ b/Packs/Cyberint/Integrations/Cyberint/Cyberint.yml
@@ -3,18 +3,23 @@ commonfields:
   id: cyberint
   version: -1
 configuration:
+- display: Company Name
+  additionalinfo: Company (client) name associated with Cyberint instance.
+  name: client_name
+  required: true
+  type: 0
 - display: Cyberint Access Token
   name: access_token
   type: 4
   required: true
   additionalinfo: Cyberint API access token.
-- additionalinfo: Cyberint environment on which the services run (i.e http://{environment}.cyberint.io/...)
-  display: Cyberint API Environment
-  name: environment
+- display: Cyberint API URL
+  additionalinfo: Cyberint API URL on which the services run (i.e https://your-company.cyberint.io)
+  name: url
   required: true
   type: 0
-- additionalinfo: An incident will be created with the originated Alert details per CSV file record.
-  display: Create an incident per CSV record
+- display: Create an incident per CSV record
+  additionalinfo: An incident will be created with the originated Alert details per CSV file record.
   name: duplicate_alert
   required: false
   type: 8
@@ -32,8 +37,8 @@ configuration:
   - medium
   - high
   - very_high
-- additionalinfo: Statuses to fetch. If none is chosen, all statuses will be returned.
-  display: Fetch Status
+- display: Fetch Status
+  additionalinfo: Statuses to fetch. If none is chosen, all statuses will be returned.
   name: fetch_status
   options:
   - open
@@ -41,13 +46,13 @@ configuration:
   - closed
   type: 16
   required: false
-- additionalinfo: Environments to fetch (comma separated). If empty, all available environments will be returned.
-  display: Fetch Environment
+- display: Fetch Environment
+  additionalinfo: Environments to fetch (comma separated). If empty, all available environments will be returned.
   name: fetch_environment
   type: 0
   required: false
-- additionalinfo: 'Choose the direction to mirror the incident: Incoming (from Cyberint to Cortex XSOAR), Outgoing (from Cortex XSOAR to Cyberint), or Incoming and Outgoing (from/to Cortex XSOAR and Cyberint).'
-  display: Incident Mirroring Direction
+- display: Incident Mirroring Direction
+  additionalinfo: 'Choose the direction to mirror the incident: Incoming (from Cyberint to Cortex XSOAR), Outgoing (from Cortex XSOAR to Cyberint), or Incoming and Outgoing (from/to Cortex XSOAR and Cyberint).'
   name: mirror_direction
   type: 15
   required: false
@@ -61,8 +66,8 @@ configuration:
   name: incidentType
   type: 13
   required: false
-- defaultvalue: 'false'
-  display: Close Mirrored XSOAR Incident
+- display: Close Mirrored XSOAR Incident
+  defaultvalue: 'false'
   name: close_incident
   type: 8
   additionalinfo: When selected, closing the Cyberint alert is mirrored in Cortex XSOAR.
@@ -126,8 +131,8 @@ configuration:
   required: false
   additionalinfo: Max number of alerts per fetch. Defaults to the minimum 10, max is 100.
   defaultvalue: '10'
-- defaultvalue: 7 days
-  display: First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
+- display: First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
+  defaultvalue: 7 days
   name: first_fetch
   type: 0
   required: false
@@ -140,7 +145,7 @@ configuration:
   required: false
   type: 8
 description: Cyberint provides intelligence-driven digital risk protection. This integration will help your enterprise effectively consume actionable cyber alerts to increase your security posture.
-display: Cyberint
+display: Cyberint Alerts
 name: cyberint
 script:
   commands:
@@ -163,9 +168,9 @@ script:
       name: updated_date_to
     - description: You can specify a date range to search for from the current time. (<number> <time unit>, e.g., 12 hours, 7 days) instead of a start/end time. updated_date_range will overwrite updated_date.
       name: updated_date_range
-    - description: ISO-Formatted modification date. Get alerts modified since this date (YYYY-MM-DDTHH:MM:SSZ).
+    - description: ISO-Formatted modification date. Get alerts content modified since this date (YYYY-MM-DDTHH:MM:SSZ).
       name: modification_date_from
-    - description: ISO-Formatted modification date. Get alerts modified before this date (YYYY-MM-DDTHH:MM:SSZ).
+    - description: ISO-Formatted modification date. Get alerts content modified before this date (YYYY-MM-DDTHH:MM:SSZ).
       name: modification_date_to
     - description: You can specify a date range to search for from the current time. (<number> <time unit>, e.g., 12 hours, 7 days) instead of a start/end time. modified_date_range will overwrite modified_date.
       name: modified_date_range
@@ -238,6 +243,9 @@ script:
     description: List alerts according to parameters.
     name: cyberint-alerts-fetch
     outputs:
+    - contextPath: Cyberint.Alert.id
+      description: URL ID of the alert.
+      type: Number
     - contextPath: Cyberint.Alert.ref_id
       description: Reference ID of the alert.
       type: String
@@ -553,7 +561,7 @@ script:
       name: lastUpdate
     description: Gets the list of incidents that were modified since the last update time. Note that this method is here for debugging purposes. The get-modified-remote-data command is used as part of a Mirroring feature, which is available in Cortex XSOAR from version 6.1.
     name: get-modified-remote-data
-  dockerimage: demisto/python3:3.10.13.82076
+  dockerimage: demisto/python3:3.10.13.90168
   isfetch: true
   runonce: false
   script: '-'
diff --git a/Packs/Cyberint/Integrations/Cyberint/Cyberint_test.py b/Packs/Cyberint/Integrations/Cyberint/Cyberint_test.py
index 44eaa509d84f..738fa7d1ed37 100644
--- a/Packs/Cyberint/Integrations/Cyberint/Cyberint_test.py
+++ b/Packs/Cyberint/Integrations/Cyberint/Cyberint_test.py
@@ -1,9 +1,8 @@
 import json
 from datetime import datetime, timedelta
-from unittest.mock import patch
 
 import pytest
-from CommonServerPython import *
+from CommonServerPython import EntryType
 
 BASE_URL = "https://test.cyberint.io/alert"
 DATE_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
@@ -15,7 +14,7 @@ def load_mock_response(file_name: str) -> str:
     Args:
         file_name (str): Name of the mock response JSON file to return.
     """
-    with open(f"test_data/{file_name}", encoding="utf-8") as mock_file:
+    with open(f"test_data/{file_name}", mode="r", encoding="utf-8") as mock_file:
         return mock_file.read()
 
 
@@ -116,7 +115,7 @@ def test_fetch_incidents(requests_mock, duplicate_alerts, client) -> None:
     requests_mock.post(f"{BASE_URL}/api/v1/alerts", json=mock_response)
 
     last_fetch, incidents = fetch_incidents(
-        client, {"last_fetch": 100000000}, "3 days", [], [], [], [], 50, duplicate_alerts, "Incoming And Outgoing"
+        client, {"last_fetch": 100000000}, "3 days", [], [], [], [], 50, duplicate_alerts, "Incoming And Outgoing", False
     )
     wanted_time = datetime.timestamp(datetime.strptime("2020-12-30T00:00:57Z", DATE_FORMAT))
     assert last_fetch.get("last_fetch") == wanted_time * 1000
@@ -150,7 +149,7 @@ def test_fetch_incidents_no_last_fetch(requests_mock, client):
     requests_mock.post(f"{BASE_URL}/api/v1/alerts", json=mock_response)
 
     last_fetch, incidents = fetch_incidents(
-        client, {"last_fetch": 100000000}, "3 days", [], [], [], [], 50, False, "Incoming And Outgoing"
+        client, {"last_fetch": 100000000}, "3 days", [], [], [], [], 50, False, "Incoming And Outgoing", False
     )
     wanted_time = datetime.timestamp(datetime.strptime("2020-12-30T00:00:57Z", DATE_FORMAT))
     assert last_fetch.get("last_fetch") == wanted_time * 1000
@@ -177,7 +176,7 @@ def test_fetch_incidents_empty_response(requests_mock, client):
     requests_mock.post(f"{BASE_URL}/api/v1/alerts", json=mock_response)
 
     last_fetch, incidents = fetch_incidents(
-        client, {"last_fetch": 100000000}, "3 days", [], [], [], [], 50, False, "Incoming And Outgoing"
+        client, {"last_fetch": 100000000}, "3 days", [], [], [], [], 50, False, "Incoming And Outgoing", False
     )
     assert last_fetch.get("last_fetch") == 100001000
     assert len(incidents) == 0
@@ -317,202 +316,3 @@ def test_test_module(requests_mock, client):
     result = test_module(client)
 
     assert result == "ok"
-
-
-def test_date_to_epoch_for_fetch():
-    """
-    Scenario: Verify date conversion to epoch timestamp.
-    Given:
-     - A valid datetime object.
-    When:
-     - Converting the datetime to an epoch timestamp for fetch command.
-    Then:
-     - Ensure that the returned timestamp is in the expected format.
-    """
-    from Cyberint import date_to_epoch_for_fetch
-
-    input_date = datetime(2023, 2, 14, 0, 0, 57)
-
-    expected_timestamp = int(input_date.timestamp())
-
-    result = date_to_epoch_for_fetch(input_date)
-
-    assert result == expected_timestamp
-
-
-def test_convert_date_time_args():
-    """
-    Scenario: Verify conversion of date_time string to datetime.
-    Given:
-     - A valid date_time string.
-    When:
-     - Converting the date_time string to a datetime and formatting it.
-    Then:
-     - Ensure that the returned datetime string matches the expected format.
-    """
-    from Cyberint import convert_date_time_args
-
-    date_time_str = "2023-02-14 12:30:45"
-
-    expected_result = "2023-02-14T12:30:45Z"
-
-    result = convert_date_time_args(date_time_str)
-
-    assert result == expected_result
-
-
-def test_get_modified_remote_data(client):
-    """
-    Scenario: Verify getting modified remote data.
-    Given:
-     - A valid Cyberint API client.
-     - Valid command arguments.
-     - Mocked response from the client.
-    When:
-     - Calling the function to get modified remote data.
-    Then:
-     - Ensure that the returned response matches the expected format.
-    """
-    from Cyberint import get_modified_remote_data
-
-    mock_response = {"alerts": [{"ref_id": "incident1"}, {"ref_id": "incident2"}]}
-
-    with patch("Cyberint.Client") as MockClient:
-        client_instance = MockClient.return_value
-        client_instance.list_alerts.return_value = mock_response
-
-        args = {
-            "lastUpdate": "2023-02-14 12:30:45",
-        }
-
-        with patch("Cyberint.convert_date_time_args") as mock_convert_date_time_args:
-            mock_convert_date_time_args.return_value = "2023-02-14 12:30:45"
-
-            result = get_modified_remote_data(client_instance, args)
-
-            expected_response = GetModifiedRemoteDataResponse(["incident1", "incident2"])
-            assert result.modified_incident_ids == expected_response.modified_incident_ids
-
-
-def test_get_mapping_fields_command():
-    """
-    Scenario: Verify fetching mapping fields.
-    Given:
-     - No specific input required for this function.
-    When:
-     - Calling the function to fetch mapping fields.
-    Then:
-     - Ensure that the returned response matches the expected format.
-    """
-    from Cyberint import MIRRORING_FIELDS, get_mapping_fields_command
-
-    result = get_mapping_fields_command()
-
-    expected_response = GetMappingFieldsResponse()
-    incident_type_scheme = SchemeTypeMapping(type_name="Cyberint Incident")
-
-    for field in MIRRORING_FIELDS:
-        incident_type_scheme.add_field(field)
-
-    expected_response.add_scheme_type(incident_type_scheme)
-
-    assert result.scheme_types_mappings[0].type_name == expected_response.scheme_types_mappings[0].type_name
-    assert result.scheme_types_mappings[0].fields == expected_response.scheme_types_mappings[0].fields
-
-
-def test_get_remote_data_command():
-    """
-    Scenario: Verify fetching remote data.
-    Given:
-     - A valid Cyberint API client.
-     - Valid command arguments.
-     - Mocked response from the client.
-    When:
-     - Calling the function to fetch remote data.
-    Then:
-     - Ensure that the returned response matches the expected format.
-    """
-    from Cyberint import get_remote_data_command
-
-    mock_response = {
-        "alert": {
-            "alert_ref_id": "incident123",
-            "status": "closed",
-            "update_date": "2023-02-14 12:30:45",
-        }
-    }
-
-    with patch("Cyberint.Client") as MockClient:
-        client_instance = MockClient.return_value
-        client_instance.get_alert.return_value = mock_response
-
-        args = {
-            "id": "incident123",
-            "lastUpdate": "2023-02-14 12:30:45",
-        }
-
-        with patch("Cyberint.arg_to_datetime") as mock_arg_to_datetime:  # noqa: SIM117
-            with patch("Cyberint.date_to_epoch_for_fetch") as mock_date_to_epoch_for_fetch:
-                mock_arg_to_datetime.return_value = datetime(2023, 2, 14, 12, 30, 45)
-                mock_date_to_epoch_for_fetch.return_value = 123456789
-
-                result = get_remote_data_command(client_instance, args, {})
-
-                expected_response = GetRemoteDataResponse(
-                    {
-                        "alert_ref_id": "incident123",
-                        "status": "closed",
-                        "update_date": "2023-02-14 12:30:45",
-                    },
-                    [
-                        {
-                            "Type": "note",
-                            "Contents": {"dbotIncidentClose": True, "closeReason": "Closed from Cyberint."},
-                            "ContentsFormat": "json",
-                        }
-                    ],
-                )
-
-                assert result.mirrored_object == expected_response.mirrored_object
-
-
-def test_update_remote_system():
-    """
-    Scenario: Verify updating the remote system.
-    Given:
-     - A valid Cyberint API client.
-     - Valid command arguments.
-     - Mocked response from the client.
-    When:
-     - Calling the function to update the remote system.
-    Then:
-     - Ensure that the remote incident ID is returned.
-    """
-    from Cyberint import update_remote_system
-
-    mock_response = {
-        "result": "success",
-    }
-
-    with patch("Cyberint.Client") as MockClient:
-        client_instance = MockClient.return_value
-        client_instance.update_alerts.return_value = mock_response
-
-        args = {
-            "data": {
-                "incident_key": "incident123",
-                "status": "closed",
-            },
-            "entries": [],
-            "incidentChanged": True,
-            "remoteId": "incident123",
-            "status": "new_status",
-            "delta": {},
-        }
-
-        with patch("Cyberint.UpdateRemoteSystemArgs") as mock_UpdateRemoteSystemArgs:
-            mock_UpdateRemoteSystemArgs.return_value = UpdateRemoteSystemArgs(args)
-
-            result = update_remote_system(client_instance, args)
-
-            assert result == "incident123"
diff --git a/Packs/Cyberint/Integrations/Cyberint/README.md b/Packs/Cyberint/Integrations/Cyberint/README.md
index fc5e6877c109..1f5739bc81f1 100644
--- a/Packs/Cyberint/Integrations/Cyberint/README.md
+++ b/Packs/Cyberint/Integrations/Cyberint/README.md
@@ -1,25 +1,28 @@
 Cyberint provides intelligence-driven digital risk protection. This integration will help your enterprise effectively consume actionable cyber alerts to increase your security posture.
-This integration was integrated and tested with version v1 of cyberint
-
-## Configure cyberint in Cortex
-
-
-| **Parameter** | **Description** | **Required** |
-| --- | --- | --- |
-| Incident type |  | False |
-| Cyberint Access Token | Cyberint API access token. | True |
-| Cyberint API Environment | Cyberint environment on which the services run \(i.e http://\{environment\}.cyberint.io/...\) | True |
-| Fetch incidents |  | False |
-| Create an incident per CSV record | An incident will be created with the originated Alert details per CSV file record | False |
-| Fetch Severity | Severities to fetch. If none is chosen, all severity levels will be returned. | False |
-| Fetch Status | Statuses to fetch. If none is chosen, all statuses will be returned. | False |
-| Fetch Environment | Environments to fetch \(comma separated\). If empty, all available environments will be returned. | False |
-| Fetch Types | Types to fetch. If none is chosen, all types will be returned. | False |
-| Fetch Limit | Max number of alerts per fetch. Defaults to  the minimum 10, max is 100. | False |
-| First fetch timestamp (&lt;number&gt; &lt;time unit&gt;, e.g., 12 hours, 7 days) |  | False |
-| Trust any certificate (not secure) |  | False |
-| Use system proxy settings |  | False |
 
+## Configure Cyberint on Cortex XSOAR
+
+1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
+2. Search for Cyberint.
+3. Click **Add instance** to create and configure a new integration instance.
+
+    | **Parameter**                                                                    | **Description** | **Required** |
+    |----------------------------------------------------------------------------------| --- | --- |
+    | Incident type                                                                    |  | False |
+    | Cyberint Access Token                                                            | Cyberint API access token. | True |
+    | Cyberint API URL                                                                 | Cyberint environment on which the services run \(Example: https://yourcompany.cyberint.io) | True |
+    | Fetch incidents                                                                  |  | False |
+    | Create an incident per CSV record                                                | An incident will be created with the originated Alert details per CSV file record | False |
+    | Fetch Severity                                                                   | Severities to fetch. If none is chosen, all severity levels will be returned. | False |
+    | Fetch Status                                                                     | Statuses to fetch. If none is chosen, all statuses will be returned. | False |
+    | Fetch Environment                                                                | Environments to fetch \(comma separated\). If empty, all available environments will be returned. | False |
+    | Fetch Types                                                                      | Types to fetch. If none is chosen, all types will be returned. | False |
+    | Fetch Limit                                                                      | Max number of alerts per fetch. Defaults to  the minimum 10, max is 100. | False |
+    | First fetch timestamp (&lt;number&gt; &lt;time unit&gt;, e.g., 12 hours, 7 days) |  | False |
+    | Trust any certificate (not secure)                                               |  | False |
+    | Use system proxy settings                                                        |  | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
 
 ## Commands
 
@@ -59,65 +62,66 @@ List alerts according to parameters
 
 #### Context Output
 
-| **Path** | **Type** | **Description** |
-| --- | --- | --- |
-| Cyberint.Alert.ref_id | String | Reference ID of the alert. |
-| Cyberint.Alert.confidence | Number | Confidence score of the alert. |
-| Cyberint.Alert.status | String | Status of the alert. |
-| Cyberint.Alert.severity | String | Severity of the alert |
-| Cyberint.Alert.created_by.email | String | User which has created the alert. |
-| Cyberint.Alert.created_date | Date | Date in which the alert was created. |
-| Cyberint.Alert.category | String | Category of the alert. |
-| Cyberint.Alert.type | String | Type of the alert. |
-| Cyberint.Alert.source_category | String | Source category of the alert. |
-| Cyberint.Alert.source | String | Source of the alert. |
-| Cyberint.Alert.targeted_vectors | String | Vectors targeted by the threat. |
-| Cyberint.Alert.targeted_brands | String | Brands targeted by the threat. |
-| Cyberint.Alert.related_entities | String | Entities related to the alert. |
-| Cyberint.Alert.impacts | String | Impacts made by the threat. |
-| Cyberint.Alert.acknowledged_date | Date | Date in which the alert was acknowledged. |
-| Cyberint.Alert.acknowledged_by.email | String | User which has acknowledged the alert. |
-| Cyberint.Alert.publish_date | Date | Date in which the alert was published. |
-| Cyberint.Alert.title | String | Title of the alert. |
-| Cyberint.Alert.alert_data.url | String | URL impacted by the event. |
-| Cyberint.Alert.alert_data.detection_reasons | String | Reasons why a phishing event has been detected. |
-| Cyberint.Alert.alert_data.tool_name | String | Name of a tool used for an exploit if available. |
-| Cyberint.Alert.alert_data.application | String | Application affected by an event. |
-| Cyberint.Alert.alert_data.source | String | Source of an event if available. |
-| Cyberint.Alert.alert_data.domain | String | Domain related to an event if available. |
-| Cyberint.Alert.alert_data.subdomian | String | Subdomain related to an event if available. |
+| **Path** | **Type** | **Description**                                      |
+| --- | --- |------------------------------------------------------|
+| Cyberint.Alert.id | String | Unique ID of the alert.                              |
+| Cyberint.Alert.ref_id | String | Reference ID of the alert.                           |
+| Cyberint.Alert.confidence | Number | Confidence score of the alert.                       |
+| Cyberint.Alert.status | String | Status of the alert.                                 |
+| Cyberint.Alert.severity | String | Severity of the alert                                |
+| Cyberint.Alert.created_by.email | String | User which has created the alert.                    |
+| Cyberint.Alert.created_date | Date | Date in which the alert was created.                 |
+| Cyberint.Alert.category | String | Category of the alert.                               |
+| Cyberint.Alert.type | String | Type of the alert.                                   |
+| Cyberint.Alert.source_category | String | Source category of the alert.                        |
+| Cyberint.Alert.source | String | Source of the alert.                                 |
+| Cyberint.Alert.targeted_vectors | String | Vectors targeted by the threat.                      |
+| Cyberint.Alert.targeted_brands | String | Brands targeted by the threat.                       |
+| Cyberint.Alert.related_entities | String | Entities related to the alert.                       |
+| Cyberint.Alert.impacts | String | Impacts made by the threat.                          |
+| Cyberint.Alert.acknowledged_date | Date | Date in which the alert was acknowledged.            |
+| Cyberint.Alert.acknowledged_by.email | String | User which has acknowledged the alert.               |
+| Cyberint.Alert.publish_date | Date | Date in which the alert was published.               |
+| Cyberint.Alert.title | String | Title of the alert.                                  |
+| Cyberint.Alert.alert_data.url | String | URL impacted by the event.                           |
+| Cyberint.Alert.alert_data.detection_reasons | String | Reasons why a phishing event has been detected.      |
+| Cyberint.Alert.alert_data.tool_name | String | Name of a tool used for an exploit if available.     |
+| Cyberint.Alert.alert_data.application | String | Application affected by an event.                    |
+| Cyberint.Alert.alert_data.source | String | Source of an event if available.                     |
+| Cyberint.Alert.alert_data.domain | String | Domain related to an event if available.             |
+| Cyberint.Alert.alert_data.subdomian | String | Subdomain related to an event if available.          |
 | Cyberint.Alert.alert_data.misconfiguration_type | String | Type of misconfiguration for a misconfigured domain. |
-| Cyberint.Alert.alert_data.ip | String | IP related to an event. |
-| Cyberint.Alert.alert_data.port | String | Port related to an event. |
-| Cyberint.Alert.alert_data.service | String | Service related to an event. |
-| Cyberint.Alert.alert_data.access_token | String | Access token exposed in an event. |
-| Cyberint.Alert.alert_data.access_token_type | String | Access token exposed in an event. |
-| Cyberint.Alert.alert_data.username | String | Username of an account related to an event. |
-| Cyberint.Alert.alert_data.csv.username | String | Username of an account found in a report CSV. |
-| Cyberint.Alert.alert_data.csv.password | String | Password of an account found in a report CSV. |
-| Cyberint.Alert.alert_data.email | String | Email of an account related to an event. |
-| Cyberint.Alert.alert_data.author_email_address | String | Email of an author related to an event. |
-| Cyberint.Alert.alert_data.repository_name | String | Repository name related to an event. |
-| Cyberint.Alert.alert_data.mail_server | String | Mail server related to an event. |
-| Cyberint.Alert.alert_data.blacklist_repository | String | Blacklist repository name related to an event. |
-| Cyberint.Alert.alert_data.screenshot | String | Screenshot related to an event. |
-| Cyberint.Alert.alert_data.spf_records | String | SPF records if applicable to the event. |
-| Cyberint.Alert.alert_data.dmarc_record | String | DMARC records if applicable to the event. |
-| Cyberint.Alert.alert_data.storage_link | String | Storage link if applicable to the event. |
-| Cyberint.Alert.alert_data.interface_type | String | Interface type if applicable to the event. |
-| Cyberint.Alert.alert_data.vulnerable_cname_record | String | Vulnerable CName record if applicable to the event. |
-| Cyberint.Alert.ioc.type | String | Type of IOC related to the alert. |
-| Cyberint.Alert.ioc.value | String | Value of the IOC related to the alert. |
-| Cyberint.Alert.ticket_id | String | Ticket ID of the alert. |
-| Cyberint.Alert.threat_actor | String | Actor to the threat related to the alert. |
-| Cyberint.Alert.modification_date | Date | Date the alert was last modified. |
-| Cyberint.Alert.closure_date | String | Date the alert was closed. |
-| Cyberint.Alert.closed_by.email | String | User which has closed the alert. |
-| Cyberint.Alert.closure_reason | String | Reason for closing the alert. |
-| Cyberint.Alert.description | String | Description of the alert. |
-| Cyberint.Alert.recommendation | String | Recommendation for the alert |
-| Cyberint.Alert.tags | String | Tags related to the alert |
-| Cyberint.Alert.attachments | String | Attachments related to the alert |
+| Cyberint.Alert.alert_data.ip | String | IP related to an event.                              |
+| Cyberint.Alert.alert_data.port | String | Port related to an event.                            |
+| Cyberint.Alert.alert_data.service | String | Service related to an event.                         |
+| Cyberint.Alert.alert_data.access_token | String | Access token exposed in an event.                    |
+| Cyberint.Alert.alert_data.access_token_type | String | Access token exposed in an event.                    |
+| Cyberint.Alert.alert_data.username | String | Username of an account related to an event.          |
+| Cyberint.Alert.alert_data.csv.username | String | Username of an account found in a report CSV.        |
+| Cyberint.Alert.alert_data.csv.password | String | Password of an account found in a report CSV.        |
+| Cyberint.Alert.alert_data.email | String | Email of an account related to an event.             |
+| Cyberint.Alert.alert_data.author_email_address | String | Email of an author related to an event.              |
+| Cyberint.Alert.alert_data.repository_name | String | Repository name related to an event.                 |
+| Cyberint.Alert.alert_data.mail_server | String | Mail server related to an event.                     |
+| Cyberint.Alert.alert_data.blacklist_repository | String | Blacklist repository name related to an event.       |
+| Cyberint.Alert.alert_data.screenshot | String | Screenshot related to an event.                      |
+| Cyberint.Alert.alert_data.spf_records | String | SPF records if applicable to the event.              |
+| Cyberint.Alert.alert_data.dmarc_record | String | DMARC records if applicable to the event.            |
+| Cyberint.Alert.alert_data.storage_link | String | Storage link if applicable to the event.             |
+| Cyberint.Alert.alert_data.interface_type | String | Interface type if applicable to the event.           |
+| Cyberint.Alert.alert_data.vulnerable_cname_record | String | Vulnerable CName record if applicable to the event.  |
+| Cyberint.Alert.ioc.type | String | Type of IOC related to the alert.                    |
+| Cyberint.Alert.ioc.value | String | Value of the IOC related to the alert.               |
+| Cyberint.Alert.ticket_id | String | Ticket ID of the alert.                              |
+| Cyberint.Alert.threat_actor | String | Actor to the threat related to the alert.            |
+| Cyberint.Alert.modification_date | Date | Date the alert was last modified.                    |
+| Cyberint.Alert.closure_date | String | Date the alert was closed.                           |
+| Cyberint.Alert.closed_by.email | String | User which has closed the alert.                     |
+| Cyberint.Alert.closure_reason | String | Reason for closing the alert.                        |
+| Cyberint.Alert.description | String | Description of the alert.                            |
+| Cyberint.Alert.recommendation | String | Recommendation for the alert                         |
+| Cyberint.Alert.tags | String | Tags related to the alert                            |
+| Cyberint.Alert.attachments | String | Attachments related to the alert                     |
 
 
 #### Command Example
@@ -164,7 +168,7 @@ List alerts according to parameters
                     "csv_id": 1981,
                     "name": "Company Customer Credentials Exposed.csv"
                 },
-                "description": "CyberInt detected breached credentials of several Chase customers, which were uploaded to an anti-virus repository. The credentials seem to have been obtained through malware, sending user inputs to the operator, and the various credentials were logged in the uploaded .txt files. As such, the file contains users\u2019 credentials not only for chase.com but for other websites as well. \nBreached customers credentials may be used by Threat Actors to carry out fraudulent transactions on their behalf, exposing Chase to both financial impact and legal claims.\n\n\n\n",
+                "description": "Cyberint detected breached credentials of several Chase customers, which were uploaded to an anti-virus repository. The credentials seem to have been obtained through malware, sending user inputs to the operator, and the various credentials were logged in the uploaded .txt files. As such, the file contains users\u2019 credentials not only for chase.com but for other websites as well. \nBreached customers credentials may be used by Threat Actors to carry out fraudulent transactions on their behalf, exposing Chase to both financial impact and legal claims.\n\n\n\n",
                 "environment": "Argos Demo",
                 "impacts": [
                     "data_compromise",
@@ -178,7 +182,7 @@ List alerts according to parameters
                 "iocs": [],
                 "modification_date": "2021-04-12T00:01:12",
                 "publish_date": "2020-11-23T17:44:42",
-                "recommendation": "1. CyberInt recommends enforcing password reset on the compromised accounts. \n2. In addition, CyberInt advises Chase to investigate internally whether any of the accounts have been involved in fraudulent transactions, at least up to the time of detection. In case the accounts were involved in any fraudulent activity, it is recommended to identify and extract relevant IOC\u2019s where possible and monitor them within the bank's systems.\n3. To reduce the chance of customer account takeovers by TAs, Cyberint recommends Chase implement MFA and CAPTCHA mechanisms. The former will help set another obstacle for a TA trying to abuse the account, and the latter can help blocking credentials-stuffing tools.",
+                "recommendation": "1. Cyberint recommends enforcing password reset on the compromised accounts. \n2. In addition, CyberInt advises Chase to investigate internally whether any of the accounts have been involved in fraudulent transactions, at least up to the time of detection. In case the accounts were involved in any fraudulent activity, it is recommended to identify and extract relevant IOC\u2019s where possible and monitor them within the bank's systems.\n3. To reduce the chance of customer account takeovers by TAs, Cyberint recommends Chase implement MFA and CAPTCHA mechanisms. The former will help set another obstacle for a TA trying to abuse the account, and the latter can help blocking credentials-stuffing tools.",
                 "ref_id": "ARG-3",
                 "related_entities": [],
                 "severity": "high",
@@ -246,7 +250,7 @@ List alerts according to parameters
                     "email": "avital@cyberint.com"
                 },
                 "created_date": "2021-04-12T00:01:12",
-                "description": "CyberInt detected an active phishing website impersonating Barclays login page while abusing the brand\u2019s name, logo and photos.\nThe website contains login, registration and checkout forms, where unsuspecting victims could be lured to fill in their PII, credentials and payment details.\nPhishing websites such as the above are often used by attackers to obtain users' credentials and PII. This information can be utilized to take over customers' accounts, causing customer churn and damage to the brand's reputation.",
+                "description": "Cyberint detected an active phishing website impersonating Barclays login page while abusing the brand\u2019s name, logo and photos.\nThe website contains login, registration and checkout forms, where unsuspecting victims could be lured to fill in their PII, credentials and payment details.\nPhishing websites such as the above are often used by attackers to obtain users' credentials and PII. This information can be utilized to take over customers' accounts, causing customer churn and damage to the brand's reputation.",
                 "environment": "Argos Demo",
                 "impacts": [
                     "brand_degradation",
diff --git a/Packs/Cyberint/Integrations/Cyberint/test_data/list_alerts.json b/Packs/Cyberint/Integrations/Cyberint/test_data/list_alerts.json
index c9cf980e8c69..37788250e62f 100644
--- a/Packs/Cyberint/Integrations/Cyberint/test_data/list_alerts.json
+++ b/Packs/Cyberint/Integrations/Cyberint/test_data/list_alerts.json
@@ -1,6 +1,7 @@
 {
     "alerts": [
         {
+            "id": 1234567,
             "acknowledged_by": null,
             "acknowledged_date": null,
             "alert_data": {
@@ -29,7 +30,7 @@
                 "email": "email@cyberint.com"
             },
             "created_date": "2020-12-30T00:00:56",
-            "description": "CyberInt detected breached credentials of several Barclays customers, which were uploaded to an anti-virus repository. The credentials seem to have been obtained through malware, sending user inputs to the operator, and the various credentials were logged in the uploaded .txt files. As such, the file contains users’ credentials not only for barclaycardus.com but for other websites as well. \nBreached customers credentials may be used by Threat Actors to carry out fraudulent transactions on their behalf, exposing Barclays to both financial impact and legal claims.\n\n\n\n",
+            "description": "Cyberint detected breached credentials of several Barclays customers, which were uploaded to an anti-virus repository. The credentials seem to have been obtained through malware, sending user inputs to the operator, and the various credentials were logged in the uploaded .txt files. As such, the file contains users’ credentials not only for barclaycardus.com but for other websites as well. \nBreached customers credentials may be used by Threat Actors to carry out fraudulent transactions on their behalf, exposing Barclays to both financial impact and legal claims.\n\n\n\n",
             "environment": "Argos Demo",
             "impacts": [
                 "data_compromise",
@@ -43,7 +44,7 @@
             "iocs": [],
             "modification_date": "2020-12-30T00:00:56",
             "publish_date": "2020-11-28T12:45:36",
-            "recommendation": "1. CyberInt recommends enforcing password reset on the compromised accounts. \n2. In addition, CyberInt advises Barclays to investigate internally whether any of the accounts have been involved in fraudulent transactions, at least up to the time of detection. In case the accounts were involved in any fraudulent activity, it is recommended to identify and extract relevant IOC’s where possible and monitor them within the bank's systems.\n3. To reduce the chance of customer account takeovers by TAs, Cyberint recommends Barclays implement MFA and CAPTCHA mechanisms. The former will help set another obstacle for a TA trying to abuse the account, and the latter can help blocking credentials-stuffing tools.",
+            "recommendation": "1. Cyberint recommends enforcing password reset on the compromised accounts. \n2. In addition, CyberInt advises Barclays to investigate internally whether any of the accounts have been involved in fraudulent transactions, at least up to the time of detection. In case the accounts were involved in any fraudulent activity, it is recommended to identify and extract relevant IOC’s where possible and monitor them within the bank's systems.\n3. To reduce the chance of customer account takeovers by TAs, Cyberint recommends Barclays implement MFA and CAPTCHA mechanisms. The former will help set another obstacle for a TA trying to abuse the account, and the latter can help blocking credentials-stuffing tools.",
             "ref_id": "ARG-3",
             "related_entities": [],
             "severity": "high",
@@ -58,9 +59,11 @@
             "threat_actor": "",
             "ticket_id": null,
             "title": "Company Customer Credentials Exposed",
-            "type": "compromised_customer_credentials"
+            "type": "compromised_customer_credentials",
+            "update_date": "2022-01-24T13:23:45"
         },
         {
+            "id": 1234568,
             "acknowledged_by": null,
             "acknowledged_date": null,
             "alert_data": {
@@ -109,7 +112,7 @@
                 "email": "avital@cyberint.com"
             },
             "created_date": "2020-12-30T00:00:56",
-            "description": "CyberInt detected an active phishing website impersonating Barclays login page while abusing the brand’s name, logo and photos.\nThe website contains login, registration and checkout forms, where unsuspecting victims could be lured to fill in their PII, credentials and payment details.\nPhishing websites such as the above are often used by attackers to obtain users' credentials and PII. This information can be utilized to take over customers' accounts, causing customer churn and damage to the brand's reputation.",
+            "description": "Cyberint detected an active phishing website impersonating Barclays login page while abusing the brand’s name, logo and photos.\nThe website contains login, registration and checkout forms, where unsuspecting victims could be lured to fill in their PII, credentials and payment details.\nPhishing websites such as the above are often used by attackers to obtain users' credentials and PII. This information can be utilized to take over customers' accounts, causing customer churn and damage to the brand's reputation.",
             "environment": "Argos Demo",
             "impacts": [
                 "brand_degradation",
@@ -134,7 +137,7 @@
             ],
             "modification_date": "2020-12-30T00:00:56",
             "publish_date": "2020-09-02T00:06:49",
-            "recommendation": "CyberInt recommends Barclays take down the site; upon request, CyberInt can submit the take down request on behalf of Barclays. ",
+            "recommendation": "Cyberint recommends Barclays take down the site; upon request, CyberInt can submit the take down request on behalf of Barclays. ",
             "ref_id": "ARG-4",
             "related_entities": [],
             "severity": "very_high",
@@ -149,9 +152,11 @@
             "threat_actor": "",
             "ticket_id": null,
             "title": "Active Phishing Website Targeting Company",
-            "type": "phishing_website"
+            "type": "phishing_website",
+            "update_date": "2023-01-24T13:23:45"
         },
         {
+            "id": 1234569,
             "acknowledged_by": null,
             "acknowledged_date": null,
             "alert_data": {
@@ -170,7 +175,7 @@
                 "email": "avital@cyberint.com"
             },
             "created_date": "2020-12-30T00:00:56",
-            "description": "CyberInt discovered a misconfiguration on an HSBC subdomain which exposes it to takeover.\nCurrently, the domain names refer to the CNAME records listed above. However, those CNAME records are no longer owned by Target, and they may have expired. This situation allows others to obtain the record, and practically get access to the HSBC subdomain.\n\nTaking over HSBC subdomains could be used to conduct complex phishing attack on the organization's employees and customers, as well potentially hijack sessions of logged-in users in any service using the vulnerable domains.",
+            "description": "Cyberint discovered a misconfiguration on an HSBC subdomain which exposes it to takeover.\nCurrently, the domain names refer to the CNAME records listed above. However, those CNAME records are no longer owned by Target, and they may have expired. This situation allows others to obtain the record, and practically get access to the HSBC subdomain.\n\nTaking over HSBC subdomains could be used to conduct complex phishing attack on the organization's employees and customers, as well potentially hijack sessions of logged-in users in any service using the vulnerable domains.",
             "environment": "Argos Demo",
             "impacts": [
                 "data_compromise",
@@ -180,7 +185,7 @@
             "iocs": [],
             "modification_date": "2020-12-30T00:00:56",
             "publish_date": "2020-11-24T20:28:00",
-            "recommendation": "CyberInt advises HSBC to choose either of the following courses of action:\n1. Update the CNAME record of the subdomains so that they no longer redirect traffic to the vulnerable subdomains.\n2. Re-purchase the record and thus avoid contradiction between the CNAME record and the Fastly interface.",
+            "recommendation": "Cyberint advises HSBC to choose either of the following courses of action:\n1. Update the CNAME record of the subdomains so that they no longer redirect traffic to the vulnerable subdomains.\n2. Re-purchase the record and thus avoid contradiction between the CNAME record and the Fastly interface.",
             "ref_id": "ARG-8",
             "related_entities": [],
             "severity": "very_high",
@@ -197,7 +202,8 @@
             "threat_actor": "",
             "ticket_id": null,
             "title": "Company Subdomain Vulnerable to Hijacking",
-            "type": "hijackable_subdomains"
+            "type": "hijackable_subdomains",
+            "update_date": "2024-01-24T13:23:45"
         }
     ],
     "total": 3
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/Cyberint_image.png b/Packs/Cyberint/Integrations/FeedCyberint/Cyberint_image.png
new file mode 100644
index 000000000000..7881d4212f6f
Binary files /dev/null and b/Packs/Cyberint/Integrations/FeedCyberint/Cyberint_image.png differ
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint.py b/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint.py
new file mode 100644
index 000000000000..fa4fed810672
--- /dev/null
+++ b/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint.py
@@ -0,0 +1,459 @@
+import http
+from json import JSONDecodeError
+
+import demistomock as demisto
+import urllib3
+from CommonServerPython import *
+
+import json
+from typing import Any, List, Dict
+
+urllib3.disable_warnings()
+
+DATE_FORMAT = "%Y-%m-%d"
+DEFAULT_INTERVAL = 240
+PAGE_SIZE = 50000
+EXECUTION_TIMEOUT_SECONDS = 1200  # 20 minutes
+MAX_LIMIT_SIZE = 500000
+
+
+class Client(BaseClient):
+    """
+    Client to use in the Cyberint Feed integration.
+    """
+
+    def __init__(
+        self,
+        base_url: str,
+        access_token: str,
+        verify: bool = False,
+        proxy: bool = False,
+    ):
+        params = demisto.params()
+        self._cookies = {"access_token": access_token}
+        self._headers = {
+            "X-Integration-Type": "XSOAR",
+            "X-Integration-Instance-Name": demisto.integrationInstance(),
+            "X-Integration-Instance-Id": "",
+            "X-Integration-Customer-Name": params.get("client_name", ""),
+            "X-Integration-Version": "1.1.4"
+        }
+        super().__init__(base_url, verify=verify, proxy=proxy)
+
+
+    @logger
+    def request_daily_feed(self, date_time: str = None, limit: int = 1000, execution_start_time: datetime = datetime.now(),
+                           test: bool = False) -> List[Dict[str, Any]]:
+        """
+        Retrieves all entries from the feed with pagination support.
+
+        Args:
+            date_time (str): The date-time value to use in the URL. Defaults to None.
+            limit (int): The maximum number of entries to retrieve per request. Defaults to 1000.
+            execution_start_time (datetime): The start time of the execution. Defaults to now.
+            test (bool): If true, only return one page for testing connection.
+
+        Returns:
+            A list of objects, containing the indicators.
+        """
+        result = []
+        offset = 0
+        has_more = True
+
+        while has_more:
+            if (offset >= MAX_LIMIT_SIZE):
+                has_more = False
+                continue
+
+            demisto.debug(f'Fetching feed offset {offset}')
+
+            # if the execution exceeded the timeout we will break
+            if not test:
+                if is_execution_time_exceeded(start_time=execution_start_time):
+                    demisto.debug(f'Execution time exceeded: {EXECUTION_TIMEOUT_SECONDS} seconds from: {execution_start_time}')
+                    has_more = False
+                    continue
+
+            start_time = time.time()
+
+            # Using the method to fetch and process the feed response
+            indicators = self.process_feed_response(date_time, limit, offset)
+
+            if not indicators:
+                # No more data or an error occurred
+                has_more = False
+            else:
+                result.extend(indicators)  # Append valid indicators to the result
+
+                end_time = time.time()
+                demisto.debug(f'Duration of offset processing {offset}: {end_time - start_time} seconds')
+                # Update the offset for the next request
+                offset += limit
+                has_more = True
+                demisto.debug(f'has_more = {has_more}')
+
+            if test:  # if test module, end the loop
+                demisto.debug('Test execution')
+                has_more = False
+                continue
+
+        return result
+
+
+    def process_feed_response(self, date_time: str, limit: int, offset: int) -> List[Dict[str, Any]]:
+        """
+        Makes the API request to retrieve the indicators, handles JSON decoding, and processes the feed.
+
+        Args:
+            date_time (str): The date-time value to use in the URL.
+            limit (int): The maximum number of entries to retrieve per request.
+            offset (int): The offset to retrieve the correct page of results.
+
+        Returns:
+            A list of indicator dictionaries, or an empty list if no valid indicators are found.
+        """
+        result = []
+        response = self.retrieve_indicators_from_api(date_time, limit, offset)
+
+        try:
+            # If json is invalid, return empty list (non 200 or invalid JSON)
+            feeds = response.strip().split("\n")
+            ioc_feeds = [json.loads(feed) for feed in feeds]
+        except JSONDecodeError as e:
+            demisto.error(f'Failed to decode JSON: {e}')
+            return result  # Return empty result on failure
+
+        if not ioc_feeds:  # No data found
+            demisto.debug('No more indicators found')
+            return result
+
+        # Process valid feeds
+        for indicator in ioc_feeds:
+            ioc_value = indicator.get('ioc_value')
+            if auto_detect_indicator_type(ioc_value):
+                result.append(indicator)
+
+        return result
+
+
+    @logger
+    def retrieve_indicators_from_api(self, date_time, limit, offset):
+        url_suffix = f"{date_time or get_today_time()}?limit={limit}&offset={offset}"
+        demisto.debug('URL to fetch indicators: {}'.format(url_suffix))
+        response = self._http_request(
+            method="GET",
+            url_suffix=url_suffix,
+            cookies=self._cookies,
+            resp_type="text",
+            timeout=120,
+            retries=3,
+        )
+        return response
+
+
+def test_module(client: Client) -> str:
+    """
+    Builds the iterator to check that the feed is accessible.
+
+    Args:
+        client: Client object.
+
+    Returns:
+        Outputs.
+    """
+    try:
+        client.request_daily_feed(limit=10, test=True)
+    except DemistoException as exc:
+        if exc.res:
+            if exc.res.status_code == http.HTTPStatus.UNAUTHORIZED or exc.res.status_code == http.HTTPStatus.FORBIDDEN:
+                return "Authorization Error: invalid `API Token`"
+
+        raise exc
+
+    return "ok"
+
+
+def fetch_indicators(
+    client: Client,
+    tlp_color: str,
+    feed_names: list[str],
+    indicator_types: list[str],
+    confidence_from: int,
+    severity_from: int,
+    date_time: str = None,
+    feed_tags: List = [],
+    limit: int = -1,
+    execution_start_time: datetime = datetime.now(),
+) -> list[dict[str, Any]]:
+    """
+    Retrieves indicators from the feed.
+
+    Args:
+        client (Client): API Client.
+        tlp_color (str):  The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed.
+        feed_names (list): The feed names.
+        indicator_types (list): Which indicator types to fetch.
+        confidence_from (int): The value of confidence to fetch indicators from.
+        severity_from (int): The value of severity to fetch indicators from.
+        date_time (str): Date time string to fetch indicators from.
+        feed_tags (list): tags to assign fetched indicators.
+        limit (int): The maximum number of results to return.
+        execution_start_time (datetime): The start time of the execution. Defaults to now.
+
+    Returns:
+        Indicators.
+    """
+    iterator = client.request_daily_feed(date_time, limit = PAGE_SIZE, execution_start_time = execution_start_time)
+    indicators = []
+
+    for item in iterator:
+        if (
+            ("All" in indicator_types or item.get("ioc_type") in indicator_types)
+            and ("All" in feed_names or item.get("detected_activity") in feed_names)
+            and (item.get("confidence") >= confidence_from)
+            and (item.get("severity_score") >= severity_from)
+        ):
+            indicator_value = item["ioc_value"]
+            if indicator_type := auto_detect_indicator_type(indicator_value):
+                indicator_obj = {
+                    "type": indicator_type,
+                    "value": indicator_value,
+                    "service": "Cyberint",
+                    "rawJSON": item,
+                    "fields": {
+                        "reportedby": "Cyberint",
+                        "firstseenbysource": item.get("observation_date"),
+                        "detected_activity": item.get("detected_activity"),
+                        "severity_score": item.get("severity_score"),
+                        "confidence": item.get("confidence"),
+                        "description": item.get("description")
+                    },
+                }
+
+                if feed_tags:
+                    indicator_obj["fields"]["tags"] = feed_tags
+
+                if tlp_color:
+                    indicator_obj["fields"]["trafficlightprotocol"] = tlp_color
+
+                indicators.append(indicator_obj)
+
+        if limit > 0 and len(indicators) >= limit:
+            demisto.debug(f'Indicators limit reached (total): {len(indicators)}')
+            break
+
+    return indicators
+
+
+def get_indicators_command(
+    client: Client,
+    args: dict[str, Any],
+) -> CommandResults:
+    """
+    Wrapper for retrieving indicators from the feed to the war-room.
+
+    Args:
+        args: Command arguments.
+
+    Returns:
+        Outputs indicators.
+    """
+
+    date = args.get("date") or datetime.now().strftime("%Y-%m-%d")
+    limit = int(args.get("limit")) or 50
+    offset = int(args.get("offset")) or 0
+
+    indicators = client.process_feed_response(date, limit, offset)
+
+    human_readable = tableToMarkdown(
+        "Indicators from Cyberint Feed:",
+        indicators,
+        headers=["detected_activity", "ioc_type", "ioc_value", "observation_date", "severity_score", "confidence", "description"],
+        headerTransform=header_transformer,
+        removeNull=True,
+    )
+
+    return CommandResults(
+        readable_output=human_readable,
+        outputs_prefix="Cyberint",
+        outputs_key_field="value",
+        raw_response=indicators,
+        outputs=indicators,
+    )
+
+
+def fetch_indicators_command(
+    client: Client,
+    params: dict[str, Any],
+) -> list[dict[str, Any]]:
+    """
+    Wrapper for fetching indicators from the feed to the Indicators tab.
+
+    Args:
+        client: Cyberint API Client.
+        params: Integration parameters.
+
+    Returns:
+        Indicators.
+    """
+    tlp_color = params.get("tlp_color", "")
+    feed_tags = argToList(params.get("feedTags"))
+    severity_from = arg_to_number(params.get("severity_from")) or 0
+    confidence_from = arg_to_number(params.get("confidence_from")) or 0
+    feed_names = argToList(params.get("feed_name"))
+    indicator_types = argToList(params.get("indicator_type"))
+    fetch_interval = arg_to_number(params.get("feedFetchInterval")) or DEFAULT_INTERVAL
+
+    indicators = []
+
+    # if now-interval is yesterday, call feeds for yesterday too
+    if is_x_minutes_ago_yesterday(fetch_interval):
+        indicators = fetch_indicators(
+            client=client,
+            date_time=get_yesterday_time(),
+            tlp_color=tlp_color,
+            feed_tags=feed_tags,
+            feed_names=feed_names,
+            indicator_types=indicator_types,
+            severity_from=severity_from,
+            confidence_from=confidence_from,
+        )
+
+    indicators += fetch_indicators(
+        client=client,
+        tlp_color=tlp_color,
+        feed_tags=feed_tags,
+        feed_names=feed_names,
+        indicator_types=indicator_types,
+        severity_from=severity_from,
+        confidence_from=confidence_from,
+    )
+    return indicators
+
+
+def get_today_time() -> str:
+    """Get current date time.
+
+    Returns:
+        str: Today date string.
+    """
+    return datetime.now().strftime(DATE_FORMAT)
+
+
+def get_yesterday_time() -> str:
+    """Get yesterday date time.
+
+    Returns:
+        str: Yesterday date string.
+    """
+    current_time = datetime.now()
+    yesterday = current_time - timedelta(days=1)
+    return yesterday.strftime(DATE_FORMAT)
+
+
+def is_x_minutes_ago_yesterday(minutes: int) -> bool:
+    """Check if x minutes ago is yesterday.
+
+    Args:
+        minutes (int): The amount of minutes to reduce from today.
+
+    Returns:
+        bool: True if x minutes ago is yesterday, else False.
+    """
+    current_time = datetime.now()
+    x_minutes_ago = current_time - timedelta(minutes=minutes)
+    yesterday = current_time - timedelta(days=1)
+    return x_minutes_ago.date() == yesterday.date()
+
+
+@logger
+def main():
+    """
+    PARSE AND VALIDATE INTEGRATION PARAMS
+    """
+    params = demisto.params()
+    args = demisto.args()
+
+    url = params.get("url")
+    base_url = f"{url}/ioc/api/v1/feed/daily/"
+    access_token = params.get("access_token").get("password")
+    insecure = not params.get("insecure", False)
+    proxy = params.get("proxy", False)
+
+    command = demisto.command()
+    demisto.info(f"Command being called is {command}")
+
+    try:
+        client = Client(
+            base_url=base_url,
+            access_token=access_token,
+            verify=insecure,
+            proxy=proxy,
+        )
+
+        if command == "test-module":
+            return_results(test_module(client))
+
+        elif command == "cyberint-get-indicators":
+            return_results(get_indicators_command(client, args))
+
+        elif command == "fetch-indicators":
+            indicators = fetch_indicators_command(client, params)
+            demisto.debug(f'Total {len(indicators)} indicators')
+            for iter_ in batch(indicators, batch_size=5000):
+                demisto.debug(f'About to push {len(iter_)} indicators to XSOAR')
+                demisto.createIndicators(iter_)
+            demisto.debug(f'{command} operation completed')
+
+        else:
+            raise NotImplementedError(f"Command {command} is not implemented.")
+
+    except Exception as e:
+        return_error(f"Failed to execute {command} command.\nError:\n{str(e)}")
+
+
+@logger
+def is_execution_time_exceeded(start_time: datetime) -> bool:
+    """
+    Checks if the execution time so far exceeded the timeout limit.
+
+    Args:
+        start_time (datetime): the time when the execution started.
+
+    Returns:
+        bool: true, if execution passed timeout settings, false otherwise.
+    """
+    end_time = datetime.utcnow()
+    secs_from_beginning = (end_time - start_time).seconds
+    demisto.debug(f'Execution duration is {secs_from_beginning} secs so far')
+
+    return secs_from_beginning > EXECUTION_TIMEOUT_SECONDS
+
+
+def header_transformer(header: str) -> str:
+    """
+    Returns a correct header.
+    Args:
+        header (Str): header.
+    Returns:
+        header (Str).
+    """
+    if header == 'detected_activity':
+        return 'Detected activity'
+    if header == 'ioc_type':
+        return 'IoC type'
+    if header == 'ioc_value':
+        return 'IoC value'
+    if header == 'observation_date':
+        return 'Observation date'
+    if header == 'severity_score':
+        return 'Severity score'
+    if header == 'confidence':
+        return 'Confidence'
+    if header == 'description':
+        return 'Description'
+    return string_to_table_header(header)
+
+
+if __name__ in ["__main__", "builtin", "builtins"]:
+    main()
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint.yml b/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint.yml
new file mode 100644
index 000000000000..7db3cc605b80
--- /dev/null
+++ b/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint.yml
@@ -0,0 +1,182 @@
+commonfields:
+  id: Cyberint Feed
+  version: -1
+fromversion: 6.9.0
+name: Cyberint Feed
+display: Cyberint Feed
+category: Data Enrichment & Threat Intelligence
+description: Use the Cyberint Feed integration to get indicators from the feed.
+configuration:
+- display: Cyberint API URL
+  additionalinfo: Cyberint API URL on which the services run (i.e https://your-company.cyberint.io)
+  name: url
+  required: true
+  type: 0
+- display: Company Name
+  additionalinfo: Company (client) name associated with Cyberint instance.
+  name: client_name
+  required: true
+  type: 0
+- display: API Key (Leave empty. Fill in the API Key in the password field.)
+  displaypassword: API access token
+  name: access_token
+  hiddenusername: true
+  type: 9
+  required: true
+- display: Fetch indicators
+  name: feed
+  defaultvalue: "true"
+  type: 8
+  required: false
+- display: Indicator Reputation
+  name: feedReputation
+  defaultvalue: Good
+  type: 18
+  options:
+  - None
+  - Good
+  - Suspicious
+  - Bad
+  additionalinfo: Indicators from this integration instance will be marked with this reputation
+  required: false
+- display: Source Reliability
+  name: feedReliability
+  defaultvalue: F - Reliability cannot be judged
+  type: 15
+  required: true
+  options:
+  - A - Completely reliable
+  - B - Usually reliable
+  - C - Fairly reliable
+  - D - Not usually reliable
+  - E - Unreliable
+  - F - Reliability cannot be judged
+  additionalinfo: Reliability of the source providing the intelligence data
+- additionalinfo: The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed
+  display: Traffic Light Protocol Color
+  name: tlp_color
+  options:
+  - RED
+  - AMBER
+  - GREEN
+  - WHITE
+  type: 15
+  required: false
+- additionalinfo: Which indicator types to fetch
+  defaultvalue: All
+  display: Indicator Type
+  name: indicator_type
+  options:
+  - All
+  - IP
+  - Domain
+  - URL
+  - File
+  required: true
+  type: 16
+- display: Feed Name
+  name: feed_name
+  defaultvalue: All
+  options:
+  - All
+  - malware_payload
+  - cnc_server
+  - infected_machine
+  - phishing_website
+  - payload_delivery
+  - cc_skimming
+  - botnet
+  - anonymization
+  required: true
+  type: 16
+- additionalinfo: Confidence about the indicator details. The value of confidence to fetch indicators from. The value between 0-100.
+  display: Confidence
+  name: confidence_from
+  defaultvalue: "0"
+  type: 0
+  required: false
+- additionalinfo: Severity about the indicator details. The value of severity to fetch indicators from. The value between 0-100.
+  display: Severity
+  name: severity_from
+  defaultvalue: "0"
+  type: 0
+  required: false
+- display: ""
+  name: feedExpirationPolicy
+  defaultvalue: suddenDeath
+  type: 17
+  options:
+  - never
+  - interval
+  - indicatorType
+  - suddenDeath
+  required: false
+- display: ""
+  name: feedExpirationInterval
+  defaultvalue: "20160"
+  type: 1
+  required: false
+- display: Feed Fetch Interval
+  name: feedFetchInterval
+  defaultvalue: "240"
+  type: 19
+  required: false
+- additionalinfo: Supports CSV values.
+  display: Tags
+  name: feedTags
+  type: 0
+  required: false
+- display: Bypass exclusion list
+  name: feedBypassExclusionList
+  defaultvalue: "true"
+  type: 8
+  additionalinfo: When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.
+  required: false
+- display: Trust any certificate (not secure)
+  name: insecure
+  type: 8
+  required: false
+- display: Use system proxy settings
+  name: proxy
+  type: 8
+  required: false
+script:
+  script: ''
+  type: python
+  commands:
+  - name: cyberint-get-indicators
+    arguments:
+    - name: date
+      description: Date of data feed for retrieval (e.g. 2024-12-31). The default value is today.
+    - name: limit
+      description: The maximum number of results to return. The default value is 50.
+      defaultValue: "50"
+    - name: offset
+      description: Specifies the starting point or position from which data retrieval or processing should begin.
+      defaultValue: "0"
+    outputs:
+    - contextPath: Cyberint.detected_activity
+      description: Detected activity.
+      type: String
+    - contextPath: Cyberint.ioc_type
+      description: The indicator type.
+      type: String
+    - contextPath: Cyberint.ioc_value
+      description: The indicator value.
+      type: String
+    - contextPath: Cyberint.observation_date
+      description: Observation date.
+      type: String
+    - contextPath: Cyberint.severity_score
+      description: Severity score.
+      type: String
+    - contextPath: Cyberint.confidence
+      description: Confidence.
+      type: String
+    - contextPath: Cyberint.description
+      description: Description.
+      type: String
+    description: Gets indicators from the feed.
+  dockerimage: demisto/python3:3.10.13.90168
+  feed: true
+  subtype: python3
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint_test.py b/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint_test.py
new file mode 100644
index 000000000000..645a0049891d
--- /dev/null
+++ b/Packs/Cyberint/Integrations/FeedCyberint/FeedCyberint_test.py
@@ -0,0 +1,182 @@
+from datetime import datetime
+from unittest import mock
+
+import FeedCyberint
+import pytest
+
+date_time = str((datetime.now().strftime(FeedCyberint.DATE_FORMAT)))
+
+BASE_URL = "https://feed-example.com/"
+REQUEST_URL1 = f"{BASE_URL}{date_time}?limit=1000&offset=0"
+REQUEST_URL2 = f"{BASE_URL}{date_time}?limit=1000&offset=1000"
+REQUEST_URL3 = f"{BASE_URL}{date_time}?limit=20000&offset=0"
+REQUEST_URL4 = f"{BASE_URL}{date_time}?limit=20000&offset=20000"
+TOKEN = "example_token"
+
+
+def load_mock_response() -> str:
+    """Load mock file that simulates an API response.
+
+    Returns:
+        str: Mock file content.
+    """
+    with open("test_data/indicators.jsonb", "r") as file:
+        return file.read()
+
+
+def load_mock_empty_response() -> str:
+    """Load mock file that simulates an API response.
+
+    Returns:
+        str: Mock file content.
+    """
+    with open("test_data/empty.jsonb", "r") as file:
+        return file.read()
+
+
+@pytest.fixture()
+def mock_client() -> FeedCyberint.Client:
+    """
+    Establish a mock connection to the client with access token.
+
+    Returns:
+        Client: Mock connection to client.
+    """
+    return FeedCyberint.Client(
+        base_url=BASE_URL,
+        access_token=TOKEN,
+        verify=False,
+        proxy=False,
+    )
+
+
+@mock.patch('FeedCyberint.is_execution_time_exceeded')
+def test_build_iterator(
+    is_execution_time_exceeded_mock,
+    requests_mock,
+    mock_client: FeedCyberint.Client,
+):
+    """
+    Scenario:
+    - Test retrieving a list IOCs from Cyberint feed.
+
+    Given:
+    - mock_client.
+
+    When:
+    - Called the build_iterator request (this request called by all integration commands).
+
+    Then:
+    - Ensure that the IP values is correct.
+    - Ensure that the URL values is correct.
+    """
+    is_execution_time_exceeded_mock.return_value = False
+
+    response1 = load_mock_response()
+    response2 = load_mock_empty_response()
+
+    requests_mock.get(REQUEST_URL1, text=response1)
+    requests_mock.get(REQUEST_URL2, text=response2)
+
+    expected_url = "http://www.tal1.com/"
+    expected_ip = "1.1.1.1"
+
+    indicators = mock_client.request_daily_feed()
+    print(f'Indicators: {indicators}')
+
+    url_indicators = {indicator["value"] for indicator in indicators if indicator["type"] == "URL"}
+    ip_indicators = {indicator["value"] for indicator in indicators if indicator["type"] == "IP"}
+
+    assert expected_url in url_indicators
+    assert expected_ip in ip_indicators
+
+
+@mock.patch('FeedCyberint.is_execution_time_exceeded')
+def test_get_indicators_command(
+    is_execution_time_exceeded_mock,
+    requests_mock,
+    mock_client: FeedCyberint.Client,
+):
+    """
+    Scenario:
+    - Test retrieving indicators by filters from feed.
+
+    Given:
+    - mock_client.
+
+    When:
+    - Called the get_indicators_command.
+
+    Then:
+    - Ensure that the IP values is correct.
+    - Ensure that the URL values is correct.
+    """
+    is_execution_time_exceeded_mock.return_value = False
+
+    response1 = load_mock_response()
+    response2 = load_mock_empty_response()
+
+    requests_mock.get(REQUEST_URL3, text=response1)
+    requests_mock.get(REQUEST_URL4, text=response2)
+
+    expected_url = "http://www.tal1.com/"
+    expected_ip = "1.1.1.1"
+
+    args = {"limit": 20}
+
+    result = FeedCyberint.get_indicators_command(mock_client, args)
+
+    url_indicators = {indicator["value"] for indicator in result.raw_response if indicator["type"] == "URL"}
+    ip_indicators = {indicator["value"] for indicator in result.raw_response if indicator["type"] == "IP"}
+
+    assert expected_url in url_indicators
+    assert expected_ip in ip_indicators
+
+
+@mock.patch('FeedCyberint.is_execution_time_exceeded')
+def test_fetch_indicators_command(
+    is_execution_time_exceeded_mock,
+    requests_mock,
+    mock_client: FeedCyberint.Client,
+):
+    """
+    Scenario:
+    - Test retrieving indicators by filters from feed.
+
+    Given:
+    - mock_client.
+
+    When:
+    - Called the fetch_indicators_command.
+
+    Then:
+    - Ensure that the IP values is correct.
+    - Ensure that the URL values is correct.
+    """
+    is_execution_time_exceeded_mock.return_value = False
+
+    response1 = load_mock_response()
+    response2 = load_mock_empty_response()
+
+    requests_mock.get(REQUEST_URL3, text=response1)
+    requests_mock.get(REQUEST_URL4, text=response2)
+
+    expected_url = "http://www.tal1.com/"
+    expected_ip = "1.1.1.1"
+
+    params = {
+        "tlp_color": "GREEN",
+        "severity_from": "0",
+        "confidence_from": "0",
+        "feed_name": ["All"],
+        "indicator_type": ["All"],
+        "feedFetchInterval": 300,
+    }
+
+    result = FeedCyberint.fetch_indicators_command(mock_client, params)
+
+    url_indicators = {indicator["value"] for indicator in result if indicator["type"] == "URL"}
+    ip_indicators = {indicator["value"] for indicator in result if indicator["type"] == "IP"}
+
+    assert expected_url in url_indicators
+    assert expected_ip in ip_indicators
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/README.md b/Packs/Cyberint/Integrations/FeedCyberint/README.md
new file mode 100644
index 000000000000..909b3f81902a
--- /dev/null
+++ b/Packs/Cyberint/Integrations/FeedCyberint/README.md
@@ -0,0 +1,282 @@
+Use the Cyberint Feed integration to get indicators from the feed.
+This integration was integrated and tested with version 1 of Cyberint Feed.
+
+## Configure Cyberint Feed on Cortex XSOAR
+
+1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
+2. Search for Cyberint Feed.
+3. Click **Add instance** to create and configure a new integration instance.
+
+    | **Parameter** | **Description**                                                                                                                                                                                        | **Required** |
+    | --- |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| --- |
+    | Cyberint API URL | Example: https://yourcompany.cyberint.io                                                                                                                                                               | True |
+    | API access token |                                                                                                                                                                                                        | True |
+    | Fetch indicators | Should be checked (true)                                                                                                                                                                               | False |
+    | Indicator Type | Which indicator types to fetch                                                                                                                                                                         | True |
+    | Confidence | Confidence about the indicator details. The value of confidence to fetch indicators from. The value between 0-100.                                                                                     | False |
+    | Severity | Severity about the indicator details. The value of severity to fetch indicators from. The value between 0-100.                                                                                         | False |
+    | Tags | Supports CSV values.                                                                                                                                                                                   | False |
+    | Bypass exclusion list | When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. | False |
+    | Trust any certificate (not secure) |                                                                                                                                                                                                        | False |
+    | Use system proxy settings |                                                                                                                                                                                                        | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
+
+## Commands
+
+You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+After you successfully execute a command, a DBot message appears in the War Room with the command details.
+
+### cyberint-get-indicators
+
+***
+Gets indicators from the feed.
+
+#### Base Command
+
+`cyberint-get-indicators`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| limit | The maximum number of results to return. The default value is 10. Default is 10. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| Cyberint.value | String | The indicator value. |
+| Cyberint.type | String | The indicator type. |
+| Cyberint.Tags | String | Tags that are associated with the indicator. |
+| Cyberint.description | String | The feed description. |
+| Cyberint.detected_activity | String | The feed detected activity. |
+| Cyberint.observation_date | String | The feed observation date. |
+| Cyberint.severity_score | String | The feed severity score. |
+| Cyberint.confidence | String | The feed confidence. |
+
+#### Command example
+```!cyberint-get-indicators limit=10 execution-timeout=700```
+#### Context Example
+```json
+{
+    "Cyberint": [
+        {
+            "fields": {
+                "Description": "Recognized as Malicious.",
+                "FirstSeenBySource": "2024-01-23T22:53:36+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as Malicious.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc1",
+                "observation_date": "2024-01-23T22:53:36+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc1"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as zzz.",
+                "FirstSeenBySource": "2024-01-23T22:55:36+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as zzz.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc2",
+                "observation_date": "2024-01-23T22:55:36+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc2"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as xxx.",
+                "FirstSeenBySource": "2024-01-23T22:53:35+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc3",
+                "observation_date": "2024-01-23T22:53:35+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc3"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as xxx.",
+                "FirstSeenBySource": "2024-01-23T22:55:31+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc4",
+                "observation_date": "2024-01-23T22:55:31+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc4"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as xxx.",
+                "FirstSeenBySource": "2024-01-23T22:55:35+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc5",
+                "observation_date": "2024-01-23T22:55:35+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc5"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as Trojan.xxx.",
+                "FirstSeenBySource": "2024-01-23T22:55:39+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as Trojan.xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc6",
+                "observation_date": "2024-01-23T22:55:39+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc6"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as xxx.",
+                "FirstSeenBySource": "2024-01-12T01:39:06+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc7",
+                "observation_date": "2024-01-12T01:39:06+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc7"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as xxx.",
+                "FirstSeenBySource": "2024-01-23T22:55:36+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc8",
+                "observation_date": "2024-01-23T22:55:36+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc8"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as xxx.",
+                "FirstSeenBySource": "2023-12-16T21:28:01+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 70,
+                "description": "Recognized as xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc9",
+                "observation_date": "2023-12-16T21:28:01+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc9"
+        },
+        {
+            "fields": {
+                "Description": "Recognized as xxx.",
+                "FirstSeenBySource": "2024-01-23T22:55:35+00:00",
+                "reportedby": "Cyberint",
+                "trafficlightprotocol": "GREEN"
+            },
+            "rawJSON": {
+                "confidence": 80,
+                "description": "Recognized as xxx.",
+                "detected_activity": "malware_payload",
+                "ioc_type": "file/sha256",
+                "ioc_value": "ioc10",
+                "observation_date": "2024-01-23T22:55:35+00:00",
+                "severity_score": 100
+            },
+            "service": "Cyberint",
+            "type": "File",
+            "value": "ioc10"
+        }
+    ]
+}
+```
+
+#### Human Readable Output
+
+>### Indicators from Cyberint Feed:
+>|Value|Type|
+>|---|---|
+>| ioc1 | File |
+>| ioc2 | File |
+>| ioc3 | File |
+>| ioc4 | File |
+>| ioc5 | File |
+>| ioc6 | File |
+>| ioc7 | File |
+>| ioc8 | File |
+>| ioc9 | File |
+>| ioc10 | File |
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/command_examples.txt b/Packs/Cyberint/Integrations/FeedCyberint/command_examples.txt
new file mode 100644
index 000000000000..0db0dcf265d8
--- /dev/null
+++ b/Packs/Cyberint/Integrations/FeedCyberint/command_examples.txt
@@ -0,0 +1 @@
+!cyberint-get-indicators limit=10 execution-timeout=700
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/test_data/empty.jsonb b/Packs/Cyberint/Integrations/FeedCyberint/test_data/empty.jsonb
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/Packs/Cyberint/Integrations/FeedCyberint/test_data/indicators.jsonb b/Packs/Cyberint/Integrations/FeedCyberint/test_data/indicators.jsonb
new file mode 100644
index 000000000000..773e22bbc3cd
--- /dev/null
+++ b/Packs/Cyberint/Integrations/FeedCyberint/test_data/indicators.jsonb
@@ -0,0 +1,24 @@
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"1.1.1.1","observation_date":"2024-01-06T12:49:40+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware ."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"2.2.2.2","observation_date":"2024-01-06T12:36:08+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware Lumma."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"3.3.3.3","observation_date":"2023-12-28T19:04:05.371576+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware RedLine."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"4.4.4.4","observation_date":"2023-12-28T19:04:05.857843+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware Aurora."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"5.5.5.5","observation_date":"2024-01-06T12:36:16+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware Lumma."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"6.6.6.6","observation_date":"2024-01-06T12:49:34+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware ."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"7.7.7.7","observation_date":"2023-12-28T19:04:05.845773+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware Aurora."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"8.8.8.8","observation_date":"2024-01-06T12:49:34+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware ."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"9.9.9.9","observation_date":"2023-12-28T19:04:05.746751+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware Aurora."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"10.10.10.10","observation_date":"2023-12-28T19:04:05.786749+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware RedLine."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"11.11.11.11","observation_date":"2024-01-06T12:49:32+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware ."}
+{"detected_activity":"infected_machine","ioc_type":"ipv4","ioc_value":"12.12.12.12","observation_date":"2024-01-06T12:49:36+00:00","severity_score":20,"confidence":90,"description":"Observed infection of malware ."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal1.com/","observation_date":"2024-01-08T04:25:36+00:00","severity_score":100,"confidence":80,"description":"Recognized as Script:SNH-gen [Trj]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal2.com/","observation_date":"2024-01-08T04:25:01+00:00","severity_score":100,"confidence":70,"description":"Recognized as Trojan/Generic.ASMalwAD.D9A."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal3.com/","observation_date":"2024-01-08T04:25:36+00:00","severity_score":100,"confidence":80,"description":"Recognized as Script:SNH-gen [Trj]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal4.com/","observation_date":"2024-01-08T04:25:43+00:00","severity_score":100,"confidence":80,"description":"Recognized as Script:SNH-gen [Trj]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal5.com/","observation_date":"2024-01-08T04:25:36+00:00","severity_score":100,"confidence":70,"description":"Recognized as Script:SNH-gen [Trj]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal6.com/","observation_date":"2024-01-08T04:25:13+00:00","severity_score":100,"confidence":80,"description":"Recognized as JS:Agent-EKP [Trj]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal7.com/","observation_date":"2024-01-01T04:35:55+00:00","severity_score":100,"confidence":80,"description":"Recognized as Trojan.GenericKD.71009443."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal8.com/","observation_date":"2024-01-08T04:25:50+00:00","severity_score":100,"confidence":70,"description":"Recognized as HTML:Phishing-BYE [Phish]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal9.com/","observation_date":"2024-01-08T04:25:42+00:00","severity_score":100,"confidence":80,"description":"Recognized as Script:SNH-gen [Trj]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal10.com/","observation_date":"2024-01-08T04:27:01+00:00","severity_score":100,"confidence":80,"description":"Recognized as PDF:PhishingX-gen [Phish]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"hhttp://www.tal11.com/","observation_date":"2024-01-08T04:27:01+00:00","severity_score":100,"confidence":80,"description":"Recognized as PDF:PhishingX-gen [Phish]."}
+{"detected_activity":"malware_payload","ioc_type":"url","ioc_value":"http://www.tal12.com/","observation_date":"2024-01-08T04:25:42+00:00","severity_score":100,"confidence":80,"description":"Recognized as Script:SNH-gen [Trj]."}
diff --git a/Packs/Cyberint/Layouts/layoutscontainer-Cyberint_Incident_Layout.json b/Packs/Cyberint/Layouts/layoutscontainer-Cyberint_Incident_Layout.json
index 17b343236594..f70d47ad1488 100644
--- a/Packs/Cyberint/Layouts/layoutscontainer-Cyberint_Incident_Layout.json
+++ b/Packs/Cyberint/Layouts/layoutscontainer-Cyberint_Incident_Layout.json
@@ -1,5 +1,4 @@
 {
-    "description": "Cyberint incident layout",
     "details": {
         "sections": [
             {
@@ -584,7 +583,7 @@
             {
                 "hidden": false,
                 "id": "gyt4oyoflh",
-                "name": "CyberInt Incident",
+                "name": "Cyberint Incident",
                 "sections": [
                     {
                         "displayType": "CARD",
@@ -638,7 +637,7 @@
                                 "fieldId": "cyberintcreatedby",
                                 "height": 53,
                                 "id": "4dcd84c0-7c04-11eb-be8b-1b6b5950a0fc",
-                                "index": 5,
+                                "index": 4,
                                 "listId": "gyt4oyoflh-26cdff80-7c04-11eb-be8b-1b6b5950a0fc",
                                 "sectionItemType": "field",
                                 "startCol": 0
@@ -648,20 +647,20 @@
                                 "fieldId": "cyberintcategory",
                                 "height": 53,
                                 "id": "43348180-7c04-11eb-be8b-1b6b5950a0fc",
-                                "index": 6,
+                                "index": 5,
                                 "sectionItemType": "field",
                                 "startCol": 0
                             },
                             {
-                                "dropEffect": "move",
                                 "endCol": 2,
                                 "fieldId": "cyberintticketid",
                                 "height": 53,
                                 "id": "deb1bbd0-7c06-11eb-be8b-1b6b5950a0fc",
-                                "index": 7,
-                                "listId": "gyt4oyoflh-f50d43a0-7c05-11eb-be8b-1b6b5950a0fc",
+                                "index": 6,
                                 "sectionItemType": "field",
-                                "startCol": 0
+                                "startCol": 0,
+                                "dropEffect": "move",
+                                "listId": "gyt4oyoflh-f50d43a0-7c05-11eb-be8b-1b6b5950a0fc"
                             },
                             {
                                 "dropEffect": "move",
@@ -669,11 +668,20 @@
                                 "fieldId": "cyberintdescription",
                                 "height": 53,
                                 "id": "cf44c250-7c06-11eb-be8b-1b6b5950a0fc",
-                                "index": 8,
+                                "index": 7,
                                 "listId": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-26cdff80-7c04-11eb-be8b-1b6b5950a0fc",
                                 "sectionItemType": "field",
                                 "startCol": 0
                             },
+                            {
+                                "endCol": 1,
+                                "fieldId": "id",
+                                "height": 53,
+                                "id": "83547ae0-7c04-11eb-be8b-1b6b5950a0fc",
+                                "index": 8,
+                                "sectionItemType": "field",
+                                "startCol": 0
+                            },
                             {
                                 "dropEffect": "move",
                                 "endCol": 2,
@@ -724,7 +732,7 @@
                                 "fieldId": "cyberintcreateddate",
                                 "height": 53,
                                 "id": "50183810-7c04-11eb-be8b-1b6b5950a0fc",
-                                "index": 5,
+                                "index": 4,
                                 "listId": "gyt4oyoflh-26cdff80-7c04-11eb-be8b-1b6b5950a0fc",
                                 "sectionItemType": "field",
                                 "startCol": 1
@@ -735,7 +743,7 @@
                                 "fieldId": "cyberinttype",
                                 "height": 53,
                                 "id": "ad063d00-7c05-11eb-be8b-1b6b5950a0fc",
-                                "index": 6,
+                                "index": 5,
                                 "listId": "gyt4oyoflh-26cdff80-7c04-11eb-be8b-1b6b5950a0fc",
                                 "sectionItemType": "field",
                                 "startCol": 1
@@ -744,7 +752,7 @@
                         "maxW": 3,
                         "minH": 1,
                         "moved": false,
-                        "name": "CyberInt Incident Details",
+                        "name": "Cyberint Incident Details",
                         "static": false,
                         "w": 1,
                         "x": 0,
@@ -766,15 +774,15 @@
                                 "startCol": 0
                             },
                             {
-                                "dropEffect": "move",
                                 "endCol": 1,
                                 "fieldId": "cyberinttargetedbrand",
                                 "height": 53,
                                 "id": "5cb5be00-9d5c-11ed-8f36-ab5d128aea6b",
                                 "index": 1,
-                                "listId": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-f50d43a0-7c05-11eb-be8b-1b6b5950a0fc",
                                 "sectionItemType": "field",
-                                "startCol": 0
+                                "startCol": 0,
+                                "dropEffect": "move",
+                                "listId": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-f50d43a0-7c05-11eb-be8b-1b6b5950a0fc"
                             },
                             {
                                 "endCol": 2,
@@ -813,45 +821,15 @@
                                 "startCol": 0
                             },
                             {
-                                "endCol": 2,
-                                "fieldId": "cyberintalertdata",
-                                "filters": [
-                                    [
-                                        {
-                                            "ignoreCase": false,
-                                            "left": {
-                                                "isContext": true,
-                                                "value": {
-                                                    "simple": "cyberintalertdata"
-                                                }
-                                            },
-                                            "operator": "notContainsString",
-                                            "right": {
-                                                "isContext": false,
-                                                "value": {
-                                                    "simple": "tool_name"
-                                                }
-                                            },
-                                            "type": "markdown"
-                                        }
-                                    ]
-                                ],
-                                "height": 106,
-                                "id": "45feb900-8cfd-11ee-a0be-8bb38b509369",
-                                "index": 6,
-                                "sectionItemType": "field",
-                                "startCol": 0
-                            },
-                            {
-                                "dropEffect": "move",
                                 "endCol": 2,
                                 "fieldId": "cyberinttargetedvector",
                                 "height": 53,
                                 "id": "73950280-9d60-11ed-b3d3-65a739574b9a",
                                 "index": 1,
-                                "listId": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-f50d43a0-7c05-11eb-be8b-1b6b5950a0fc",
                                 "sectionItemType": "field",
-                                "startCol": 1
+                                "startCol": 1,
+                                "dropEffect": "move",
+                                "listId": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-f50d43a0-7c05-11eb-be8b-1b6b5950a0fc"
                             }
                         ],
                         "maxW": 3,
@@ -892,7 +870,7 @@
                         "maxW": 3,
                         "minH": 1,
                         "moved": false,
-                        "name": "CyberInt Closing Information",
+                        "name": "Cyberint Closing Information",
                         "static": false,
                         "w": 1,
                         "x": 0,
@@ -906,15 +884,15 @@
                         "i": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-e3bcd230-7c07-11eb-be8b-1b6b5950a0fc",
                         "items": [
                             {
-                                "dropEffect": "move",
                                 "endCol": 2,
                                 "fieldId": "cyberintattachments",
                                 "height": 106,
                                 "id": "ee363f80-7c07-11eb-be8b-1b6b5950a0fc",
                                 "index": 0,
-                                "listId": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-e3bcd230-7c07-11eb-be8b-1b6b5950a0fc",
                                 "sectionItemType": "field",
-                                "startCol": 0
+                                "startCol": 0,
+                                "dropEffect": "move",
+                                "listId": "caseinfoid-gyt4oyoflh-caseinfoid-gyt4oyoflh-e3bcd230-7c07-11eb-be8b-1b6b5950a0fc"
                             }
                         ],
                         "maxW": 3,
@@ -1135,8 +1113,8 @@
                         "y": 4
                     }
                 ],
-                "showEmptyFields": false,
-                "type": "custom"
+                "type": "custom",
+                "showEmptyFields": false
             },
             {
                 "id": "warRoom",
@@ -1168,10 +1146,11 @@
     "group": "incident",
     "id": "Cyberint Incident Layout",
     "name": "Cyberint Incident Layout",
+    "version": -1,
+    "fromVersion": "6.0.0",
+    "description": "Cyberint incident layout",
     "marketplaces": [
         "xsoar"
     ],
-    "system": false,
-    "version": -1,
-    "fromVersion": "6.10.0"
+    "system": false
 }
diff --git a/Packs/Cyberint/ReleaseNotes/1_1_4.md b/Packs/Cyberint/ReleaseNotes/1_1_4.md
new file mode 100644
index 000000000000..1ab27e4c7f45
--- /dev/null
+++ b/Packs/Cyberint/ReleaseNotes/1_1_4.md
@@ -0,0 +1,9 @@
+
+#### Integrations
+
+##### Cyberint
+
+- Fixed mirroring feature
+- Added support for IoC Incident Feed
+- Added internal identifier of alert to incident fields
+- Updated the Docker image to: *demisto/python3:3.10.13.90168*.
diff --git a/Packs/Cyberint/TestPlaybooks/playbook-FeedCyberint_Test.yml b/Packs/Cyberint/TestPlaybooks/playbook-FeedCyberint_Test.yml
new file mode 100644
index 000000000000..e1888b9c18d5
--- /dev/null
+++ b/Packs/Cyberint/TestPlaybooks/playbook-FeedCyberint_Test.yml
@@ -0,0 +1,189 @@
+id: FeedCyberint
+version: 2
+vcShouldKeepItemLegacyProdMachine: false
+name: FeedCyberint
+starttaskid: "0"
+tasks:
+  "0":
+    id: "0"
+    taskid: 4a63f3fd-8ba6-4725-8299-e50d800822f8
+    type: start
+    task:
+      id: 4a63f3fd-8ba6-4725-8299-e50d800822f8
+      version: -1
+      name: ""
+      iscommand: false
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "1"
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 50,
+          "y": 50
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+  "1":
+    id: "1"
+    taskid: 21a48f17-630a-4322-844a-41b749d4a1ab
+    type: regular
+    task:
+      id: 21a48f17-630a-4322-844a-41b749d4a1ab
+      version: -1
+      name: DeleteContext
+      script: DeleteContext
+      type: regular
+      iscommand: true
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "2"
+    scriptarguments:
+      all:
+        simple: "yes"
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 50,
+          "y": 200
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+  "2":
+    id: "2"
+    taskid: b3de9f4f-52ad-4c4f-8bca-4cc935431877
+    type: regular
+    task:
+      id: b3de9f4f-52ad-4c4f-8bca-4cc935431877
+      version: -1
+      name: cyberint-get-indicators
+      script: Cyberint Feed|||cyberint-get-indicators
+      type: regular
+      iscommand: true
+      brand: Cyberint Feed
+    nexttasks:
+      '#none#':
+      - "3"
+    scriptarguments:
+      execution-timeout:
+        simple: "700"
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 50,
+          "y": 400
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+  "3":
+    id: "3"
+    taskid: 7703ebe7-af1a-4d6e-8353-7486104bda5a
+    type: condition
+    task:
+      id: 7703ebe7-af1a-4d6e-8353-7486104bda5a
+      version: -1
+      name: Verify Outputs
+      type: condition
+      iscommand: false
+      brand: ""
+    nexttasks:
+      "yes":
+      - "4"
+    separatecontext: false
+    conditions:
+    - label: "yes"
+      condition:
+      - - operator: isNotEmpty
+          left:
+            value:
+              simple: Cyberint.value
+            iscontext: true
+          right:
+            value: {}
+      - - operator: isNotEmpty
+          left:
+            value:
+              simple: Cyberint.type
+            iscontext: true
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 50,
+          "y": 600
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+  "4":
+    id: "4"
+    taskid: cae3b20c-e093-4b95-8df7-b0d74f9eea96
+    type: title
+    task:
+      id: cae3b20c-e093-4b95-8df7-b0d74f9eea96
+      version: -1
+      name: Test Done
+      type: title
+      iscommand: false
+      brand: ""
+    separatecontext: false
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 50,
+          "y": 800
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+view: |-
+  {
+    "linkLabelsPosition": {},
+    "paper": {
+      "dimensions": {
+        "height": 815,
+        "width": 380,
+        "x": 50,
+        "y": 50
+      }
+    }
+  }
+inputs: []
+outputs: []
diff --git a/Packs/Cyberint/pack_metadata.json b/Packs/Cyberint/pack_metadata.json
index b1f309a37d4b..58a02ff35d18 100644
--- a/Packs/Cyberint/pack_metadata.json
+++ b/Packs/Cyberint/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Cyberint",
     "description": "Cyberint provides intelligence-driven digital risk protection. This integration will help your enterprise effectively consume actionable cyber alerts to increase your security posture.",
     "support": "partner",
-    "currentVersion": "1.1.3",
+    "currentVersion": "1.1.4",
     "author": "Cyberint",
     "url": "https://cyberint.com",
     "email": "support@cyberint.com",
@@ -18,6 +18,6 @@
         "marketplacev2"
     ],
     "itemPrefix": [
-        "CyberInt"
+        "Cyberint"
     ]
 }
\ No newline at end of file