SpyCloud
Connector Category: Enrichment Tool
About Integration
This integration with the SpyCloud Consumer ATO Prevention tool allows you to retrieve breach and malware data into Intel Exchange for an accelerated threat investigation. This enrichment tool enables you to enrich hashes, IP addresses, and emails to retrieve breach details of your customer and employee accounts allowing you to act swiftly to lock bad actors out of compromised accounts.
Configure SpyCloud as an Enrichment Tool
Configure SpyCloud in Intel Exchange to enrich hashes, IP addresses, and emails.
Before you Start
Ensure that your user group has Create, Update, and View permissions for enrichment tools and their associated policies in Intel Exchange.
You must have the base URL and API key of your SpyCloud Consumer ATO Prevention account.
Note
Ensure that the API key includes the permissions to retrieve hash, IP addresses, and email details.
Steps
To configure SpyCloud as an enrichment tool in Intel Exchange, follow these steps:
Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the SpyCloud enrichment tool.
Click Add Account and enter the following details:
Account Name: Enter a unique account name to identify the instance. For example, SpyCloud Prod.
Base URL: Enter the base URL of your SpyCloud instance. The default base URL is
https://api.spycloud.io/sp-v2
.API Key: Enter the API key of your SpyCloud account to authenticate communication between the Intel Exchangeand SpyCloud servers.
Verify SSL: Enable this option to validate the SSL certificate and secure the connection between Intel Exchange and SpyCloud servers. This option is enabled by default.
Note
Cyware recommends you select Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
Click Save.
After successfully adding an account, you can view and enable the domain and URL feed enrichment types. You can also configure a quota to set a limit on the number of enrichment requests Intel Exchange makes to SpyCloud Consumer ATO Prevention. Once the quota is exhausted, no further enrichment requests can be made until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the SpyCloud enrichment tool per polling, refer to the following table.
Enrichment Tool | Feed Enrichment Type | No. of API calls | Quota Consumed | API URL |
---|---|---|---|---|
SpyCloud | Retrieve Hash Detail | 1 | 1 |
|
Retrieve IP Detail | 1 | 1 |
| |
Retrieve Email Detail | 2 | 2 |
|
You can configure an enrichment policy to automatically enrich threat data objects using the SpyCloud enrichment tool. For more information, see Configure Enrichment Policy.