Pangea
Notice
This integration is available in Intel Exchange starting v.3.7.4.0 (Early Access).
Connector Category: Enrichment Tool
About Integration
Pangea unites the most important security capabilities by delivering a comprehensive set of services and APIs through a single framework. Pangea is a collection of security services and offers Security APIs for cost-effective and effortless composable application security. Intel Exchange integrates with Pangea to enrich the following indicator of compromise (IOC) types:
Hash (Supported hash types are SHA1, SHA256, and MD5)
IP Address
URL
Domain
Pangea partners with third-party providers to receive threat intel and enrich IOCs in Intel Exchange. The third-party providers that Pangea supports to enrich the IOC types are:
File Hash Intel: ReversingLabs and CrowdStrike
IP Intel: Team Cymru and CrowdStrike
Domain Intel: DomainTools and CrowdStrike
URL Intel: CrowdStrike
Note
You can enrich hashes, IP addresses, and domains using one of the providers configured as the default provider. To configure a default provider for an IOC type in Pangea, select the IOC type from Menu > INTELLIGENCE and set the default provider in Settings.
Configure Pangea as an Enrichment Tool
Configure Pangea to enrich hashes, IP addresses, domain names, and URLs.
Before you Start
You must have the view, update, and create enrichment tools permissions in Intel Exchange.
You must have the bearer token of your Pangea instance to authenticate access to Pangea services. For more information, see Pangea Tokens. To enrich hashes, IP addresses, domain names, and URLs using the Pangea enrichment tool, the bearer token must include access to the following services:
File Intel
IP Intel
Domain Intel
URL Intel
Steps
To configure Pangea as an enrichment tool in Intel Exchange, follow these steps:
Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the Pangea enrichment tool.
Click Add Account and enter the following details:
Account Name: Enter a unique account name to identify the instance. For example, Pangea_Intel.
Domain: Enter the domain name of your Pangea instance. The default domain is
aws.us.pangea.cloud. The domain format is<csp>.<geo>.pangea.cloud. The domain is used to form the Uniform Resource Identifier (URI) for each enrichment type of the Pangea enrichment tool. For more information, see Pangea URI Structure.API Token: Enter the bearer token of your Pangea instance to authenticate communication between the Intel Exchange and Pangea services.
Verify SSL: Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchange and Pangea servers. By default, Verify SSL is selected.
Note
We recommend you enable Verify SSL. If you disable it, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.
Click Save.
After successfully adding an account, you can view and enable the domain and URL feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests Intel Exchange makes to Pangea in a specific duration. After the quota expires, you cannot make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the Pangea enrichment tool per polling, refer to the following table.
Enrichment Tool | Feed Enrichment Type | No. of API calls | Quota Consumed | API Endpoint |
|---|---|---|---|---|
Pangea | Retrieve Domain Detail | 1 | 1 |
|
Retrieve URL Detail | 1 | 1 |
| |
Retrieve Hash Detail | 1 | 1 |
| |
Retrieve IP Detail | 1 | 1 |
|
You can configure an enrichment policy to automatically enrich threat data objects using the Pangea enrichment tool. For more information, see Configure Enrichment Policy.