Intsights TIP 2.2.1

tags: Enrichment | Threat Intel | IntSight TIP | Adaptive Card Display | Clis

Description

Integration with IntSight’s Threat Intelligence Platform (TIP) supports CDC users by providing IP/URL/domain and hash-based enrichments, consisting of IOCs and other threat indicators related information. This information enables CDC users to make informed decisions regarding incident response.

The TIP centralizes and operationalizes thousands of sources of intelligence for streamlined investigation and faster threat blocking. IOCs and other threat indicators are enriched using digital assets and prioritized by severity, bringing context and clarity to threat feeds.

CyberProof uses custom adaptive cards to display large amounts of complex threat intelligence data in a meaningful intuitive GUI, helping facilitate easy understanding of the data.

With the help of command line/automated enrichments, the detailed IOCs and other threat indicator information about IP/URL/domain and hash (MD5/SHA1/SHA256) will be obtained based on individual query parameters. For Hash, we have provided an additional CLI to re-run the query to get the latest results.

Customer Configuration

No customer configuration

CDC Command Lines

* **get_rescan_enrich_cli**
This CLI provides the capability to rescan and enrich the Hash value related threat information from IntSight TIP. This is for the specific hash value provided as a parameter in the CLI.

* **get_enrich_domain_cli**
This CLI provides the capability to enrich the domain related threat information from IntSight TIP, for the specific domain provided as a parameter in the CLI.

* **get_enrich_hash_cli**
This CLI provides the capability to enrich the hash related threat information from IntSight TIP, for the specific hash provided as the parameter in the CLI.

* **get_enrich_ip_cli**
This is a CLI used to enrich the IP related threat information from IntSight TIP, for the specific IP provided as a parameter in the CLI. Note: Suspicious Rate is not returned for IP enrichment.

* **get_enrich_url_cli**
This CLI provides the capability to enrich the URL related threat information from IntSight TIP, for the specific URL provided as a parameter in the CLI.

Workflows

* **get_enrich_domain**
This CLI provides the capability to enrich the domain related threat information from IntSight TIP, for the specific domain provided as a parameter in the CLI.

* **get_enrich_hash**
This CLI provides the capability to enrich the Hash related threat information from IntSight TIP, for the specific hash provided as the parameter in the CLI.

* **get_enrich_ip**
This is a CLI used to enrich the IP related threat information from IntSight TIP, for the specific IP provided as a parameter in the CLI. Note: Suspicious Rate is not returned for IP enrichment.

* **get_enrich_tip**
Get enrich details of the IP URL Domain Hash.

* **get_enrich_url**
This CLI provides the capability to enrich the URL related threat information from IntSight TIP, for the specific URL provided as a parameter in the CLI.

* **wait_for_status_change**
Wait for time before enrich TIP.

* **post_get_enrich_domain**
Post get_enrich_domain in the CDC, by the ID of the incident/message/channel.

* **post_get_enrich_hash**
Post get_enrich_hash in the CDC, by the ID of the incident/message/channel.

* **post_get_enrich_ip**
Post get_enrich_ip in the CDC, by the ID of the incident/message/channel.

* **post_get_enrich_url**
Post get_enrich_url in the CDC, by the ID of the incident/message/channel.

Rules

No rules

Sensors

No sensors

Triggers

No triggers

Known Issues

No known issues