Contents x
      Intsights Tip 2.3.1
      • 16 Apr 2023
      • 2 Minutes to read
      • Dark
        Light
      • PDF
      Contents

      Intsights Tip 2.3.1

      • Updated on 16 Apr 2023
      • 2 Minutes to read
      • Dark
        Light
      • PDF
      Article summary

      tags: Enrichment | Threat Intel | IntSight TIP | Adaptive Card Display | Clis

      Description

      Integration with IntSight’s Threat Intelligence Platform (TIP) supports CDC users by providing IP/URL/domain and hash-based enrichments, consisting of IOCs and other threat indicator related information. This information enables CDC users to make informed decisions regarding incident response.

      The TIP centralizes and operationalizes thousands of sources of intelligence for streamlined investigation and faster threat blocking. IOCs and other threat indicators are enriched using digital assets and prioritized by severity, bringing context and clarity to threat feeds.

      CyberProof uses custom adaptive cards to display large amounts of complex threat intelligence data in a meaningful intuitive GUI, helping facilitate easy understanding of the data.

      With the help of command line/automated enrichments, the detailed IOCs and other threat indicator information about IP/URL/domain and hash (MD5/SHA1/SHA256) will be obtained based on individual query parameters. For hash, we have provided an additional CLI to re-run the query to get the latest results.

      Integration Type:Threat Intelligence Enrichment
      Information read:IP Address/URL/Domain and Hash values.
      API Supported:API v1
      Input:IP Address/URL/Domain and Hash values to be enriched.
      Output:Detailed enrichment consisting of IOCs and other threat indicators related information of provided Input parameters.

      Customer Configuration

      No customer configuration

      CDC Command Lines

      * **get_enrich_domain_cli**
      This CLI provides the capability to enrich the domain related threat information from IntSight TIP, for the specific domain provided as a parameter in the CLI.

      OptionTypeDescriptionRequired
      domainstringdomain enrich for intsight_tipTrue

      * **get_enrich_hash_cli**
      This CLI provides the capability to enrich the Hash related threat information from IntSights TIP, for the specific hash provided as the parameter in the CLI.

      OptionTypeDescriptionRequired
      hashstringhash enrich for intsight_tip (sha1 , md5 , sha256 )True

      * **get_enrich_ip_cli**
      This is a CLI used to enrich the IP related threat information from IntSights TIP, for the specific IP provided as a parameter in the CLI. Note that Suspicious Rate is not returned for IP enrichment.

      OptionTypeDescriptionRequired
      ipstringIP address enrich for intsight_tipTrue

      * **get_enrich_url_cli**
      This CLI provides the capability to enrich the URL related threat information from IntSights TIP, for the specific URL provided as a parameter in the CLI.

      OptionTypeDescriptionRequired
      urlstringurl enrich for intsight_tipTrue

      * **get_rescan_enrich_cli**
      This CLI provides the capability to rescan and enrich the Hash value related threat information from IntSights TIP. This is for the specific hash value provided as a parameter in the CLI.

      OptionTypeDescriptionRequired
      file_hashstringhash value md5 sha1 sha256True

      Workflows

      * **get_enrich_domain**
      This CLI provides the capability to enrich the domain related threat information from IntSights TIP, for the specific domain provided as a parameter in the CLI.

      * **get_enrich_hash**
      This CLI provides the capability to enrich the Hash related threat information from IntSights TIP, for the specific hash provided as the parameter in the CLI.

      * **get_enrich_ip**
      This is a CLI used to enrich the IP related threat information from IntSights TIP, for the specific IP provided as a parameter in the CLI. Note that Suspicious Rate is not returned for IP enrichment.

      * **get_enrich_tip**
      Get enrich details of IP URL Domain Hash.

      * **get_enrich_url**
      This CLI provides the capability to enrich the URL related threat information from IntSights TIP, for the specific URL provided as a parameter in the CLI.

      * **wait_for_status_change**
      Wait for time before enrich tip.

      Rules

      No rules

      Sensors

      No sensors

      Triggers

      No triggers

      Known Issues

      No known issues

      Was this article helpful?
      What's Next