FireEyeiSight#
README
FireEyeiSight#
FireEyeiSight adds context and priority to global threats before, during and after an attack. Data is gleaned from the adversarial underground, virtual network detection sensors and Mandiant IR investigations from the world’s largest breaches.
The analyzer comes in only one flavor.
Requirements#
You need a valid FireEye iSight subscription to use the analyzer.
- Provide your API key as a value for the
keyparameter. - Provide your associated password as a value for
pwdparameter.
FireEyeiSight#
Author: Davide Arcuri and Andrea Garavaglia, LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
- ip
- hash
- url
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://intelligence.fireeye.com/
Description#
Query domains, IPs, hashes and URLs on FireEye's iSIGHT threat intelligence service.
Configuration#
| key | API key for FireEye iSIGHT. |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| pwd | Password associated to the API key. |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
