Skip to content

EclecticIQ#

README

EclecticIQ is a cyber threat intelligence platform which provides aggregation and analysis capabilities for threat intelligence data and integration with organization assets.

The analyzer comes in one flavor to look for an observable in the platform and return any parent entities and their context.

  • EclecticIQ_SearchObservable: returns entity data for a specific observable

Requirements#

The EclecticIQ analyzer requires you to have access to an EclecticIQ Intelligence Center instance.

Three parameters are required for each instance to make the analyzer work:

  • url : URL of the instance, e.g. "https://intel-platform.local"
  • key : API Key for a user of the EclecticIQ Intelligence Center instance

EclecticIQ_SearchObservable#

Author: BW
License: AGPL-V3
Version: 2.0
Supported observables types:
- domain
- ip
- url
- fqdn
- uri_path
- user-agent
- hash
- mail
- mail_subject
- registry
- regexp
- other
- filename
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.eclecticiq.com

Description#

Query EclecticIQ Intelligence Center for a specific observable.

Configuration#

name Name of EclecticIQ instance
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
url URL of EclecticIQ instance
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
key API key for EclecticIQ instance
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
cert_check Verify server certificate
Default value if not configured True
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

No template samples to display.