EmergingThreats#
README
EmergingThreats#
EmergingThreats intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after.
The analyzer is available in 3 flavors: - EmergingThreats_DomainInfo: retrieve ET reputation, related malware, and IDS requests for a given domain. - EmergingThreats_IPInfo: retrieve ET reputation, related malware, and IDS requests for a given IP address. - EmergingThreats_MalwareInfo: retrieve ET details and info related to a malware hash.
Requirements#
You need a valid EmergingThreats API subscription to use the analyzer:
- Provide your API key as a value for the
key
parameter.
EmergingThreats_DomainInfo#
Author: Davide Arcuri and Andrea Garavaglia, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://threatintel.proofpoint.com/
Description#
Retrieve ET reputation, related malware, and IDS requests for a given domain.
Configuration#
key | API key |
---|---|
Default value if not configured | N/A |
Type of the configuration item | string |
The configuration item can contain multiple values | False |
Is required | True |
Templates samples for TheHive#
EmergingThreats_IPInfo#
Author: Davide Arcuri and Andrea Garavaglia, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://threatintel.proofpoint.com/
Description#
Retrieve ET reputation, related malware, and IDS requests for a given IP address.
Configuration#
key | API key |
---|---|
Default value if not configured | N/A |
Type of the configuration item | string |
The configuration item can contain multiple values | False |
Is required | True |
Templates samples for TheHive#
EmergingThreats_MalwareInfo#
Author: Davide Arcuri and Andrea Garavaglia, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- hash
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://threatintel.proofpoint.com/
Description#
Retrieve ET details and info related to a malware hash.
Configuration#
key | API key |
---|---|
Default value if not configured | N/A |
Type of the configuration item | string |
The configuration item can contain multiple values | False |
Is required | True |