Skip to content

Onyphe#

ONYPHE_Summary_API#

Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.1
Supported observables types:
- ip
- domain
- fqdn
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io

Description#

Retrieve summary information Onyphe has for given ip, domain, or fqdn.

Configuration#

key Define the API key to use to connect the service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
verbose_taxonomies Set true if you want detailed taxonomies for port, subnet, geoloc, domain
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

Onyphe_Summary long report sample

Onyphe_Summary mini report sample

ONYPHE_ASM#

Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io

Description#

Retrieve results from ONYPHE Search API for a given ip, domain or fqdn from specified category

Configuration#

key Define the API key to use to connect the service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
time_filter Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language)
Default value if not configured -since:1M
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
fields_filter [!!Advanced!!] Modify ONYPHE fields to return in raw data (see https://www.onyphe.io/docs/onyphe-query-language)
Default value if not configured ip,port,protocol,tag,tls,cpe,cve,hostname,domain,alternativeip,forward,url,organization,transport,organization,device.class,device.product,device.productvendor,device.productversion,product,productvendor,productversion
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
auto_import Automatically import artifacts as observables (risks, cves, assets, ...)
Default value if not configured True
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

ONYPHE ASM report sample (IPs obscured) with click to expand accordion.

ONYPHE ASM mini report showing no. of risks

Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io

Description#

Retrieve results from ONYPHE Search API for a given ip, domain, fqdn or hash (sha256 TLS fingerprint) from specified category

Configuration#

key Define the API key to use to connect the service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
category Specify ONYPHE category to be used for search API (default datascan)
Default value if not configured datascan
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
time_filter Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language)
Default value if not configured -since:1M
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
auto_import Automatically import artifacts as observables (risks, cves, assets, ...)
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

ONYPHE Search report sample (IPs obscured)

ONYPHE Search mini report showing no. of open ports

Onyphe_Summary#

Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io

Description#

Retrieve summary information Onyphe has for given ip, domain or fqdn.

Configuration#

key Define the API key to use to connect the service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
verbose_taxonomies Set true if you want detailed taxonomies for port, subnet, geoloc, domain
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

Onyphe_Summary long report sample

Onyphe_Summary mini report sample

ONYPHE_Vulnscan#

Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io

Description#

Retrieve vulnerability data from ONYPHE vulnscan category for a given ip, domain, fqdn or hash (sha256 TLS fingerprint)

Configuration#

key Define the API key to use to connect the service
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
time_filter Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language)
Default value if not configured -since:1M
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
only_vulnerable Only return results where a CVE exists (-exists:cve)
Default value if not configured True
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
auto_import Automatically import artifacts as observables (risks, cves, assets, ...)
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

ONYPHE Vulnscan report sample (IPs obscured)

ONYPHE Vulnscan mini report showing no. of CVEs