Enrich Nodes
In Intel Exchange, you can enrich nodes using third-party enrichment tools, enabling an expanded threat intelligence scope.
Before you Start
Ensure you add and configure the supported third-party enrichment tools. For more information, see Enrichment Tools.
Steps
To enrich nodes during threat investigation, follow these steps:
Right-click the preferred indicator, and select Enrich.
Select the enrichment tool that you want to use.
The following third-party tools are available to enrich nodes in Intel Exchange:
Name of the Tool | Enriches |
|---|---|
Alien Vault | IP, URL, Hash, Domain |
Virus Total | IP, URL, Hash, Domain |
Shodan | IP, Domain |
Recorded Future | IP, Domain, URL, Vulnerability, Hash |
Polyswarm | Hash ( SHA256, MD5, SHA1) |
RiskIQ | IP, Domain, URL |
Cisco Umbrella | IP, Domain, URL |
Whois | IP, Domain |
Farsight DNSDB | IP, Domain |