Onyphe
ONYPHE_Summary_API
Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.1
Supported observables types:
- ip
- domain
- fqdn
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io
Description
Retrieve summary information Onyphe has for given ip, domain, or fqdn.
Configuration
key |
Define the API key to use to connect the service |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
verbose_taxonomies |
Set true if you want detailed taxonomies for port, subnet, geoloc, domain |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
Templates samples for TheHive
ONYPHE_ASM
Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io
Description
Retrieve results from ONYPHE Search API for a given ip, domain or fqdn from specified category
Configuration
key |
Define the API key to use to connect the service |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
time_filter |
Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language) |
Default value if not configured |
-since:1M |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
False |
fields_filter |
[!!Advanced!!] Modify ONYPHE fields to return in raw data (see https://www.onyphe.io/docs/onyphe-query-language) |
Default value if not configured |
ip,port,protocol,tag,tls,cpe,cve,hostname,domain,alternativeip,forward,url,organization,transport,organization,device.class,device.product,device.productvendor,device.productversion,product,productvendor,productversion |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
False |
auto_import |
Automatically import artifacts as observables (risks, cves, assets, ...) |
Default value if not configured |
True |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
Templates samples for TheHive
Onyphe_Summary
Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io
Description
Retrieve summary information Onyphe has for given ip, domain or fqdn.
Configuration
key |
Define the API key to use to connect the service |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
verbose_taxonomies |
Set true if you want detailed taxonomies for port, subnet, geoloc, domain |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
Templates samples for TheHive
ONYPHE_Vulnscan
Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io
Description
Retrieve vulnerability data from ONYPHE vulnscan category for a given ip, domain, fqdn or hash (sha256 TLS fingerprint)
Configuration
key |
Define the API key to use to connect the service |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
time_filter |
Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language) |
Default value if not configured |
-since:1M |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
only_vulnerable |
Only return results where a CVE exists (-exists:cve) |
Default value if not configured |
True |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
auto_import |
Automatically import artifacts as observables (risks, cves, assets, ...) |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
Templates samples for TheHive
ONYPHE_Search
Author: Pierre Baudry, Adrien Barchapt, Andrea Garavaglia, Davide Arcuri, James Atack
License: AGPL-V3
Version: 1.0
Supported observables types:
- ip
- domain
- fqdn
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.onyphe.io
Description
Retrieve results from ONYPHE Search API for a given ip, domain, fqdn or hash (sha256 TLS fingerprint) from specified category
Configuration
key |
Define the API key to use to connect the service |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
category |
Specify ONYPHE category to be used for search API (default datascan) |
Default value if not configured |
datascan |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
time_filter |
Specify ONYPHE time filter to be used for searches (see https://www.onyphe.io/docs/onyphe-query-language) |
Default value if not configured |
-since:1M |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
auto_import |
Automatically import artifacts as observables (risks, cves, assets, ...) |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
Templates samples for TheHive