CISMCAP#
README
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.
Malicious Code Analysis Platform (MCAP) is a no-cost web-based sandbox which enables MS-ISAC and EI-ISAC members to submit suspicious files such as executables, DLLs, documents, quarantine files, and archives for analysis in a controlled and non-public fashion. The platform also enables users to perform threat analysis based on domain, IP address, URL, hashes, and various Indicators of Compromise (IOCs).
This analyzer allows you to submit a variety of observables to MCAP to analyze files or check feeds for known indicators of compromise for other data types.
To read more, visit https://www.cisecurity.org/ms-isac
CISMCAP#
Author: Joe Lazaro
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- hash
- url
- domain
- fqdn
- file
Registration required: True
Subscription required: False
Free subscription: False
Third party service: https://www.cisecurity.org/ms-isac/services
Description#
Malicious Code Analysis Platform (MCAP) by the Center for Internet Security (CIS). Submit files for analysis or check feeds for known indicators of compromise for other data types.
Configuration#
| key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| private_samples | Submitted samples will not be shared with other members of the portal |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
| minimum_confidence | Restrict to IOCs with this confidence score or higher. |
|---|---|
| Default value if not configured | 80 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
| minimum_severity | Restrict to IOCs with this severity score or higher. |
|---|---|
| Default value if not configured | 80 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
| polling_interval | Interval (seconds) between requests for sample status. |
|---|---|
| Default value if not configured | 120 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
| max_sample_result_wait | Maximum time to retry requests for sample status. |
|---|---|
| Default value if not configured | 1000 |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
