OpenCTI#
OpenCTI_SearchObservables#
Author: ANSSI
License: AGPL-V3
Version: 2.0
Supported observables types:
- domain
- ip
- url
- fqdn
- uri_path
- user-agent
- hash
- mail
- mail_subject
- registry
- regexp
- other
- filename
Registration required: True
Subscription required: False
Free subscription: False
Third party service: https://www.opencti.io
Description#
Query multiple OpenCTI instances for a list of observables matching a pattern.
Configuration#
| name | Name of OpenCTI servers |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | False |
| url | URL of OpenCTI servers |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| key | API key for each server |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| cert_check | Verify server certificate |
|---|---|
| Default value if not configured | True |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
No template samples to display.
OpenCTI_SearchExactObservable#
Author: ANSSI
License: AGPL-V3
Version: 2.0
Supported observables types:
- domain
- ip
- url
- fqdn
- uri_path
- user-agent
- hash
- mail
- mail_subject
- registry
- regexp
- other
- filename
Registration required: True
Subscription required: False
Free subscription: False
Third party service: https://www.opencti.io
Description#
Query multiple OpenCTI instances for a specific observable.
Configuration#
| name | Name of OpenCTI servers |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | False |
| url | URL of OpenCTI servers |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| key | API key for each server |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| cert_check | Verify server certificate |
|---|---|
| Default value if not configured | True |
| Type of the configuration item | boolean |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
No template samples to display.