Cylance#
README
Cylance hashlookup#
Cylance hash lookup enables you to query possible infected clients of yours using a SHA256 hash. The response includes information about the matching sample(s) along with information about affected clients.
FAQ#
Q: Why only SHA256#
Sadly, although the response data contains an MD5 hash, the API only allows you to query with a SHA256
Cylance#
Author: Mikael Keri
License: AGPL-V3
Version: 1.0
Supported observables types:
- hash
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.blackberry.com/
Description#
Search for a specific hash, if there is a match, coresponding client information
Configuration#
| ten_id | Tenant ID |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| app_id | App ID |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| app_secret | App Secret |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| region | Portal region, : NA, US, APN, JP, APS, AU, EU, GOV, SA, SP |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
