Skip to content

CISMCAP#

README

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.

Malicious Code Analysis Platform (MCAP) is a no-cost web-based sandbox which enables MS-ISAC and EI-ISAC members to submit suspicious files such as executables, DLLs, documents, quarantine files, and archives for analysis in a controlled and non-public fashion. The platform also enables users to perform threat analysis based on domain, IP address, URL, hashes, and various Indicators of Compromise (IOCs).

This analyzer allows you to submit a variety of observables to MCAP to analyze files or check feeds for known indicators of compromise for other data types.

To read more, visit https://www.cisecurity.org/ms-isac

CISMCAP#

Author: Joe Lazaro
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- hash
- url
- domain
- fqdn
- file
Registration required: True
Subscription required: False
Free subscription: False
Third party service: https://www.cisecurity.org/ms-isac/services

Description#

Malicious Code Analysis Platform (MCAP) by the Center for Internet Security (CIS). Submit files for analysis or check feeds for known indicators of compromise for other data types.

Configuration#

key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
private_samples Submitted samples will not be shared with other members of the portal
Default value if not configured N/A
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
minimum_confidence Restrict to IOCs with this confidence score or higher.
Default value if not configured 80
Type of the configuration item number
The configuration item can contain multiple values False
Is required False
minimum_severity Restrict to IOCs with this severity score or higher.
Default value if not configured 80
Type of the configuration item number
The configuration item can contain multiple values False
Is required False
polling_interval Interval (seconds) between requests for sample status.
Default value if not configured 120
Type of the configuration item number
The configuration item can contain multiple values False
Is required False
max_sample_result_wait Maximum time to retry requests for sample status.
Default value if not configured 1000
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

Analyzer report for a file

screenshot


Last update: October 21, 2022 15:12:19