NERD#
README
NERD#
NERD is a service provided by CESNET which collects information about malicious IP addresses from CESNET's own detection systems as well as several public sources. It keeps a profile of each known malicious IP address, containing all security-relevant information about the address, and it summarizes it into a reputation score - a number from 0.0 (good) to 1.0 (bad) representing the amount and confidence of recently received reports about that address.
The analyzer comes in a single flavour that will return the reputation score and various tags for provided IP.
Requirements#
You need a valid NERD API integration subscription to use the analyzer.
- Provide your API key as values for the
keyparameter. - Default url of NERD instance is provided for
urlparameter, but you could override it.
NERD#
Author: Vaclav Bartos, CESNET
License: AGPL-V3
Version: 1.1
Supported observables types:
- ip
Registration required: True
Subscription required: False
Free subscription: True
Third party service: https://nerd.cesnet.cz/
Description#
Get Reputation score and other basic information from Network Entity Reputation Database (NERD)
Configuration#
| key | API key |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| url | Base URL of the NERD instance |
|---|---|
| Default value if not configured | https://nerd.cesnet.cz/nerd/ |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
