ThreatMiner
Connector Category: Enrichment Tool
About Integration
ThreatMiner is a threat intelligence portal designed to enable analysts to research under a single interface. Intel Exchange integrates with ThreatMiner to enable analysts to retrieve rich context about IP addresses, hashes, and domains.
Configure ThreatMiner as an Enrichment Tool
Configure ThreatMiner as an enrichment tool to enrich IP address, URL, hash, and domain.
Before you Start
You must have the view, create, and update permissions for Enrichment Management.
You must have the base URL of your ThreatMiner instance.
Steps
To configure ThreatMiner as an enrichment tool in Intel Exchange, follow these steps:
Go to Administration > Enrichment Management > Enrichment Tools.
Search and select the ThreatMiner app.
Click Add Instance and enter the following details:
Account Name: Enter a unique account name to identify the instance. For example, ThreatMiner Enrichment.
Base URL: Enter the base URL of your ThreatMiner instance. The default base URL is
https://api.threatminer.org/v2
.Verify SSL: Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchange and ThreatMiner servers. By default, Verify SSL is selected.
Note
We recommend you enable Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
Click Save.
After successfully adding an account, you can view and enable the ThreatMiner feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests Intel Exchange makes to ThreatMiner. After the quota expires, you can not make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the ThreatMiner enrichment tool per polling, refer to the following table:
Enrichment Tool | Feed Enrichment Type | Number of API Calls | Quota Consumed |
---|---|---|---|
ThreatMiner | IP | 6 | 6 |
Domain | 6 | 6 | |
Hash | 7 | 7 |
You can configure an enrichment policy to automatically enrich threat data objects using the ThreatMiner enrichment tool. For more information, see Configure Enrichment Policy.