Blueliv Community
App Vendor: Blueliv Community
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
About App
Blueliv helps organizations stay secure by enabling analysts to map timelines, IOCs, and malwares to efficiently search through threat intelligence data.
The Blueliv Community app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
List Timeline | This action lists the timeline on Blueliv. |
List Discover Timeline | This action lists the discover timeline on Blueliv. |
Get Spark Details | This action retrieves the spark details on Blueliv. |
List IOCs | This action lists the IOCs of a spark on Blueliv. |
Create Spark | This action creates a spark on Blueliv. |
List IOC Type | This action lists the IOC types on Blueliv. |
List IOCs from Discover Timeline | This action lists the IOCs from discover timeline on Blueliv. |
Search IOCs | This action performs a search for IOCs on Blueliv. |
Search Sparks | This action performs a search for sparks on Blueliv. |
Crawl IOCs from URL | This action crawls the IOCs from the URL using Blueliv. |
List Malwares | This action lists all the malwares. |
Get Malware Details | This action retrieves the malware details. |
Configuration Parameters
The following configuration parameters are required for the Blueliv Community app to communicate with the Blueliv community enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Token | Enter the API token to authorize with. | Password | Required |
Action: List Timeline
This action lists the timeline on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Since ID | Enter the reference to show notifications after that ID. | Text | Optional | |
Limit | Enter the maximum number of results to display. | Integer | Optional |
Action: List Discover Timeline
This action lists the discover timeline on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Since ID | Enter the reference to show notifications after that ID. | Text | Optional | |
Limit | Enter the maximum number of results to display. | Integer | Optional |
Action: Get spark details
This action retrieves the spark details on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Spark ID | Enter the spark ID. | Text | Required |
Action: List IOCs
This action lists the IOCs of a spark on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Spark ID | Enter the spark ID to retrieve the IOCs. | Text | Required | |
Since ID | Enter the reference to show notifications after that ID. | Text | Optional | |
Limit | Enter the maximum number of results to display. | Integer | Optional |
Action: Create Spark
This action creates a spark on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Title | Enter the title of the spark. | Text | Required | |
Description | Enter the description of the spark. | Text | Required | |
Source URL list | Enter the source URL list(s) of the spark. Example: "$list[https://www.google.com, https://www.facebook.com]" | List | Required | |
Source malware ID | Enter the source malware ID of the spark. Example: "$list[https://www.google.com, https://www.facebook.com]" | Text | Required | |
Tag List | Enter the tag list of the spark to attach. | List | Required | |
IOC List | Enter the IOC list of the spark to attach. Example: {"content": "http://www.domain.com","type": "url"} | List | Required | |
TLP | Enter the TLP of the spark | Text | Required |
Action: List IOC Type
This action retrieves the list of all IOC types on Blueliv.
Action Input Parameters
This action does not require any input parameter.
Action: List IOCs from Timeline
This action lists the IOCs from timeline on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Since ID | Enter the reference to show notifications after that ID. | Text | Optional | |
Limit | Enter the maximum number of results to display. | Integer | Optional |
Action: List IOCs from discover timeline
This action lists the IOCs from discover timeline on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Since ID | Enter the reference to show notifications after that ID. | Text | Optional | |
Limit | Enter the maximum number of results to display. | Integer | Optional |
Action: Search IOCs
This action performs a search for the IOCs on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search | Enter the search string to query. Example: "domain.com" | Text | Required | |
Tag | Enter the tag to filter by. Example: "botnet" | Text | Optional | |
Limit | Enter the maximum number of results to display. | Integer | Optional | |
Since ID | Enter the reference to show notifications after that ID. | Text | Optional |
Action: Search sparks
This action performs a search for the sparks on Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search | Enter the search string to query. Example: "582ae7638f91d1059e375c3e" | Text | Required | |
Tag | Enter the tag to filter by. Example: "newtag2" | Text | Optional | |
Limit | Enter the maximum number of results to display. | Integer | Optional | |
Since ID | Enter the reference to show notifications after that ID. | Text | Optional |
Action: Crawl IOCs from URL
This action crawls IOCs from the URL using Blueliv.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL to crawl | Enter the URL to crawl. | Text | Required | |
Text | Choose if the URL is sanitised or not. | Boolean | Optional | Default value: False |
Action: List Malwares
This action lists all the malwares.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page | Enter the page number to query. | Text | Optional | |
Page size | Enter the page size of response. | Integer | Optional |
Action: Get Malware Details
This action retrieves the malware details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware ID | Enter the malware ID to retrieve the details. | Text | Required |