IntSights 3.5.3
  • 27 Sep 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

IntSights 3.5.3

  • Dark
    Light
  • PDF

Article summary

tags: python | Intsights | Threat Intelligence | External Threat Protection


Description

Integration with IntSights Threat Command supports CDC users by providing the extraction of threat logs as alerts and additional information on observables. This enables CDC users to make informed decisions regarding incident response.

The Threat Command monitors thousands of sources across the clear, deep, and dark web to identify threats that directly target clients’ unique digital footprints. Threat Command finds and reports on external threats targeting clients.

This pack supports two modes of operations: a single customer account operation, where it is mandatory to set the account_id field in the pack configuration; and an MSSP (multiple accounts) based operation, where it is mandatory to leave the account_id field as blank in the pack configuration. For multi-tenant usage, tenant information can be populated in the CDC as the company name as well.

All the read information is passed on to the CDC in the form of an alert, with the information stored as raw information and observables. These observables are also marked as Indicator of Compromise (IoC) based on inputs from the CyberProof Threat Intelligence team. Additional attachments are also available on IntSights. Alerts are read and uploaded and displayed under the File section of a CDC alert.

Integration Type:Threat Intelligence Enrichment
Information read:Alerts read from IntSights – including the attachments.
API Supported:API V1.0
Input:Sensor (no input required)
Output:All alerts available from IntSights, along with attachments including CSV or images.

Customer Configuration

No customer configuration


CDC Command Lines

No CDC command lines


Workflows

* **automate_alert_closing**
Closes IntSights alerts.

* **automate_alert_creation**
Converts IntSights alerts into CDC alerts.

* **upload_image**
Uploads images to the CDC.


Rules

* **Intsights.cdc_closed_alert_listener_for_intsights**
Closes alerts in IntSights.

* **cdc_new_alert_from_intsights**
Triggers injecting new alerts to the CDC workflow when a new alert is created in IntSights.


Sensors

* **IntSightsSensor**
Sensors that pull alerts from IntSights.

Poll interval - 30s


Triggers

No triggers


Known Issues

No known issues


Was this article helpful?

What's Next