Silent Push ThreatCheck
App Vendor: Silent Push
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.0
API Version: v1
About App
The Silent Push ThreatCheck app helps security teams identify attacker-controlled infrastructure before it is used in campaigns. Analyzing global internet data at scale, it highlights high-risk domains and IPs to strengthen proactive threat detection.
The Silent Push ThreatCheck app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Check Indicator Listing on IOFA Feed | This action retrieves the listing status of an IP address or hostname against Silent Push's indicators of future attack (IOFA) feeds. |
Get Traffic Origin Data for an Indicator | This action retrieves the traffic origin data of an IP address or hostname. |
Generic Action | This is a generic action used to make requests to any Silent Push ThreatCheck endpoint. |
Configuration Parameters
The following configuration parameters are required for the Silent Push ThreatCheck app to communicate with the Silent Push ThreatCheck enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access Key | Enter the ThreatCheck access key to authenticate your requests to the Silent Push ThreatCheck API. You can find this key in your Silent Push subscription details. | Text | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with the Silent Push ThreatCheck app. | Integer | Optional | Allowed range: 15-120 seconds Default value: 15 seconds |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in connection errors. | Boolean | Optional | By default, verification is enabled. |
Action: Check Indicator Listing on IOFA Feed
This action retrieves the listing status of an IP address or hostname against Silent Push's Indicators of Future Attack (IOFA) feeds.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator Type | Enter the type of indicator you want to check against the IOFA feed. | Single-select | Required | Allowed values: hostname (for hostnames/domains) and ip (for IP addresses) |
Indicator Value | Enter the indicator value you want to check to determine if it is listed on the IOFA feed. Example: Use 'silentpush.com' for a hostname or '192.168.1.1' for an IP address. | Text | Required |
Example Request
[
{
"ioc_type": "ip",
"ioc_value": "178.16.54.200"
}
]Action: Get Traffic Origin Data for an Indicator
This action retrieves the traffic origin data of an IP address or hostname.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator Value | Enter the indicator value you want to check to determine if it is listed on the traffic origin feed. Example: Use silentpush.com for a hostname or 192.168.1.1 for an IP address. | Text | Required | |
Indicator Type | Select the type of indicator you want to check against the traffic origin feed. | Single-select | Required | Allowed values: hostname (for hostnames/domains) and ip (for IP addresses) |
Action: Generic Action
This is a generic action used to make requests to any Silent Push ThreatCheck endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter a base URL to override the default API base URL, allowing connection to a specific URL. | Text | Optional | Default value: https://api.threatcheck.silentpush.com/v1/ |
Method | Enter the HTTP method to make the request. | Text | Required | Allowed value: GET, POST, PUT, DELETE |
Endpoint | Enter the endpoint to make the request to. | Text | Optional | |
Query Params | Enter the query parameters to pass to the API. Example: "t" : "name" | Key Value | Optional | |
Payload JSON | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: headers, payload_data, custom_output, download, filename, files, retry_wait, retry_count, and response_type |
Example Request
[
{
"method": "GET",
"extra_fields": {},
"query_params": {
"d": "iofa",
"q": "silentpush.com",
"t": "name"
}
}
]Changelog
The following table shows the changelog for each app version:
Version | Changes |
|---|---|
v1.1.0 | Introduced the Get Traffic Origin Data action. |