Skip to content

EmergingThreats#

README

EmergingThreats#

EmergingThreats intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after.

The analyzer is available in 3 flavors: - EmergingThreats_DomainInfo: retrieve ET reputation, related malware, and IDS requests for a given domain. - EmergingThreats_IPInfo: retrieve ET reputation, related malware, and IDS requests for a given IP address. - EmergingThreats_MalwareInfo: retrieve ET details and info related to a malware hash.

Requirements#

You need a valid EmergingThreats API subscription to use the analyzer:

  • Provide your API key as a value for the key parameter.

EmergingThreats_MalwareInfo#

Author: Davide Arcuri and Andrea Garavaglia, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- file
- hash
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://threatintel.proofpoint.com/

Description#

Retrieve ET details and info related to a malware hash.

Configuration#

key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

EmergingThreats: hash long report

EmergingThreats_IPInfo#

Author: Davide Arcuri and Andrea Garavaglia, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://threatintel.proofpoint.com/

Description#

Retrieve ET reputation, related malware, and IDS requests for a given IP address.

Configuration#

key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

EmergingThreats: IP long report

EmergingThreats_DomainInfo#

Author: Davide Arcuri and Andrea Garavaglia, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- fqdn
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://threatintel.proofpoint.com/

Description#

Retrieve ET reputation, related malware, and IDS requests for a given domain.

Configuration#

key API key
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

EmergingThreats: domain long report