Skip to main content

Cyware Threat Intelligence eXchange

Polyswarm

Connector Category: Enrichment Tool

About Integration

CTIX integrates with PolySwarm to enrich MD5, SHA1, and SHA256 hashes. This integration provides contextual information to the hashes and makes the threat investigation faster.

Use Cases

  • Effective data enrichment for MD5, SHA1, and SHA256 hashes.

  • Early access to relevant threat data with reduced false positives.

  • Effective threat scoring, which is indicative of a file containing malware.

Benefits

Saves time and effort spent by an analyst in investigating false positives.

Configure PolySwarm as Enrichment Tool

Configure the PolySwarm tool in the CTIX application to enrich hashes.

Before you Start

  • You must have the view, create, and update permissions for Enrichment Management in CTIX.

  • You must have the API key of your PolySwarm account.

Steps

To configure PolySwarm as an enrichment tool in CTIX, do the following:

  1. Sign in to CTIX and go to Administration > Enrichment Management > Enrichment Tools.

  2. Search and select the PolySwarm enrichment tool.

  3. Click Add Account.

  4. Enter a unique account name to identify the instance. For example, Prod_PolySwarm.

  5. Enter the API key of your PolySwarm account to authenticate communication between the CTIX and PolySwarm servers.

  6. Select Verify SSL to verify the SSL certificate and secure the connection between the CTIX and PolySwarm servers. By default, Verify SSL is selected.

    Note

    Cyware recommends you select Verify SSL. If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection.

  7. Click Save.

After successfully adding an account, you can view and enable the PolySwarm feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests CTIX makes to PolySwarm. After the quota expires, you can not make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.

To understand the number of API calls and quota units consumed by the PolySwarm enrichment tool per polling, refer to the following table.

Enrichment Tool

Feed Enrichment Type

Number of API Calls

Quota Consumed

PolySwarm

Hash

1

1

You can configure an enrichment policy to automatically enrich hashes using the PolySwarm enrichment tool. For more information, see Configure Enrichment Policy.Configure Enrichment Policy