Hunt.io
Connector Category: Enrichment Tool
Notice
This integration is available in Intel Exchange starting v.3.7.4.0 (Early Access).
About Integration
Hunt.io is a service that provides threat intelligence data about observed network scanning and cyberattacks. This data is collected by a worldwide distributed network of sensors. All interactions with sensors are registered, analyzed, and used to create network host profiles.
Configure Hunt.io as Enrichment Tool
Configure Hunt.io to enrich IP addresses in Intel Exchange.
Before you Start
You must have the view, create, and update permissions for Enrichment Management in Intel Exchange.
You must have the API key of your Hunt.io account.
Note
Ensure that the API key includes the permissions to retrieve threat data details.
Steps
To configure Hunt.io as an enrichment tool in Intel Exchange, follow these steps:
Sign in to Intel Exchange.
Go to Administration > Enrichment Management > Enrichment Tools.
Search and select Hunt.io.
Click Add Account.
In the Credentials section, use the following information:
Account Name: Enter a unique account name to identify the instance. For example, Prod_huntio.
Base URL: Enter the base URL of your Hunt.io instance. The default base URL is
https://api.hunt.io/.API Key: Enter the API key and secret key of your Hunt.io account to authenticate communication between the Intel Exchange and Hunt.io servers.
Verify SSL: Select the checkbox to verify the SSL certificate and secure the connection between the Intel Exchange and Hunt.io servers. By default, the verification is enabled.
Note
It is recommended to enable the SSL verification. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
You can also configure the quota to limit the number of enrichment requests a Hunt.io account makes.
In the Quota section, use the following information:
Quota Duration: Select the frequency at which the enrichment requests are made to Hunt.io. The default value is Daily.
Quota Rate: Enter the maximum number of enrichment requests within the specified quota duration. The default value is 1. After the quota expires, you can not make enrichment requests until the quota resets for the next quota duration.
Start Date & Time: Select the start date and time for the enrichment requests.
Usage Alert: Select the checkbox to receive alerts when the quota limit is close to being met. For example, if the quota specified is 4 enrichment requests every minute, an alert is sent on the third request.
Click Save.
After successfully adding an account, you can view and enable the Hunt.io feed enrichment types. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the Hunt.io enrichment tool for every enrichment request, refer to the following table:
Enrichment Tool | Feed Enrichment Type | No. of API calls | Quota Consumed |
|---|---|---|---|
Hunt.io | Retrieve IP Detail | 1 | 1 |