Silent Push
Notice
This integration is available in Intel Exchange starting v3.7.4.1 onwards
Connector Category: Enrichment Tool
About Integration
Silent Push provides intelligence on suspicious and malicious infrastructure by analyzing domain and IP behaviors. Within Intel Exchange, it augments domain and IP observables with infrastructure threat intelligence, adding relevant context through custom fields in the respective domain and IP SDOs.
Supported Threat Data Objects for Enrichment Using Silent Push
You can enrich Indicator (Domain and IP) threat data objects using the Silent Push integration in Intel Exchange.
Configure Silent Push as an Enrichment Tool
Configure Silent Push in Intel Exchange to enrich domain and IP threat data objects.
Before you Start
Ensure that you have the API token of your Silent Push account.
Ensure that your user group has Create, Update, and View permissions for enrichment tools and their associated policies in Intel Exchange.
Note
Ensure that the API key includes the permissions to retrieve IPv4 addresses.
Steps
To configure Silent Push as an enrichment tool in Intel Exchange, follow these steps:
Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the Silent Push tool.
Click Add Account and enter the following details:
Account Name: Enter a unique account name to identify the instance. For example, Silent Push Prod.
API Key: Enter the API key of your Silent Push account to authenticate communication between Intel Exchange and Silent Push servers.
Domain Query Type: Select one or more query types to enrich domains with infrastructure intelligence. These queries retrieve passive DNS records (like A, MX, or CNAME) to reveal how the domain is configured and used.
IP Query Type: Select one or more query types to enrich IP addresses with infrastructure intelligence. These queries fetch passive DNS records, associated domains, and other metadata that reveal the IP's context and potential risk.
Click Save.
After you save the account, you can use Silent Push to enrich domain and IP threat data objects.
Enable Silent Push Enrichment Types
After successfully adding an account, you can view and enable Silent Push feed enrichment types.
Configure Enrichment Quota
You can also configure quota to define a limit to the number of enrichment requests Intel Exchange makes to Silent Push. After the quota expires, you cannot make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.
You can configure an enrichment policy to automatically enrich threat data objects using the Silent Push enrichment tool. For more information, see Enrichment Policy.
Enrichment Tool | Feed Enrichment Type |
|---|---|
Silent Push | Retrieve Domain Detail |
Retrieve IP Detail |
Enrich Threat Data Object
You can use Silent Push to enrich domain and IP indicators with contextual data such as DNS records, associated infrastructure, and potential threat signals.
To enrich a threat data object, follow these steps:
Go to Main Menu > Collection > Threat Data and filter threat data objects by Indicator Object Type.
Select the object you want to enrich.
Note
Silent Push supports enrichment only for domain and IP indicator types.
In the Enrichment tab, select Silent Push under Enrichment Details, then click Enrich.
You can view the enrichment details in Enrichment Payload. You can also click Re-Enrich to enrich the threat data object again.
Enrich Object in Threat Investigation Canvas
Enhance threat data in the Threat Investigation Canvas by interacting directly with nodes, allowing you to gain deeper insights into observable or threat objects and visualize the enriched data for more informed analysis.
Before you Start
Ensure that you have Create, View and Update Threat Investigations permissions.
Steps
To enrich a threat data object using threat investigation canvas, follow these steps:
Go to Main Menu > Analysis > Threat Investigations.
Enter a unique title for the canvas. For example, Indicator Analysis
Click the Add Node icon on the left. You can view the Indicator, Domain Objects, and Observables.
Select an object type that you need for your investigation or drag it to the canvas. For Silent Push, you can select Domain, IPv4, or IPv6 from the Indicator object type. For example, Domain
Enter the value of the object. For example, maliciousdomain.com
To enrich the object, right-click the node, expand Enrich, select Silent Push, and click Enrich.
After a successful enrichment, double-click the node and go to the Enrichments tab to view the enrichment details.
Rate Limits
Silent Push enforces monthly rate limits based on your subscription plan. These limits define the maximum number of enrichment requests you can make through the API each month.
To understand the monthly rate limits for each subscription type, refer the following table:
Subscription Type | Monthly Rate Limit |
|---|---|
Community | 250 |
Professional | 500 |
Team | 1000 |
Enterprise | Unlimited |