Polyswarm
Connector Category: Enrichment Tool
About Integration
CTIX integrates with PolySwarm to enrich MD5, SHA1, and SHA256 hashes. This integration provides contextual information to the hashes and makes the threat investigation faster.
Use Cases
Effective data enrichment for MD5, SHA1, and SHA256 hashes.
Early access to relevant threat data with reduced false positives.
Effective threat scoring, which is indicative of a file containing malware.
Benefits
Saves time and effort spent by an analyst in investigating false positives.
Configure PolySwarm as Enrichment Tool
Configure the PolySwarm tool in the CTIX application to enrich hashes.
Before you Start
You must have the view, create, and update permissions for Enrichment Management in CTIX.
You must have the API key of your PolySwarm account.
Steps
To configure PolySwarm as an enrichment tool in CTIX, do the following:
Sign in to CTIX and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the PolySwarm enrichment tool.
Click Add Account.
Enter a unique account name to identify the instance. For example, Prod_PolySwarm.
Enter the API key of your PolySwarm account to authenticate communication between the CTIX and PolySwarm servers.
Select Verify SSL to verify the SSL certificate and secure the connection between the CTIX and PolySwarm servers. By default, Verify SSL is selected.
Note
Cyware recommends you select Verify SSL. If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection.
Click Save.
After successfully adding an account, you can view and enable the PolySwarm feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests CTIX makes to PolySwarm. After the quota expires, you can not make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the PolySwarm enrichment tool per polling, refer to the following table.
Enrichment Tool | Feed Enrichment Type | Number of API Calls | Quota Consumed |
---|---|---|---|
PolySwarm | Hash | 1 | 1 |
You can configure an enrichment policy to automatically enrich hashes using the PolySwarm enrichment tool. For more information, see Configure Enrichment Policy.