Cisco Talos Intelligence
App Vendor: Cisco Talos Intelligence
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
About App
The Cisco Talos security intelligence and research group (Talos) consists of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products. Talos threat intelligence provides detailed information about what is happening broadly across the threat landscape, acting on that data rapidly and meaningfully, and driving protection against threats. This unique visibility delivers greater context from many data points during an occurring incident or campaign. This, along with other resources like open-source communities and internal vulnerability discovery, creates a massive amount of threat data that translates directly into better protection.
The Cisco Talos Intelligence app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Check blacklist IOC | This action checks the details of a blacklisted IOC from the Cisco Talos Intelligence application. |
Check domain reputation | This action checks the reputation of a domain from the Cisco Talos Intelligence application. |
Check IP address reputation | This action checks the reputation of an IP address from the Cisco Talos Intelligence application. |
Check mail server details | This action checks the mail server details of a domain from the Cisco Talos Intelligence application. |
Check organization details | This action checks an organization's details by domain name from the Cisco Talos Intelligence application. |
Check URL reputation | This action checks the reputation of an URL from the Cisco Talos Intelligence application. |
Remote IOC lookup | This action runs a remote IOC lookup for reputation on IP address, URL in the Cisco Talos Intelligence application. |
Get reputation center feeds | This action retrieves different types of reputation center feeds from the Cisco Talos Intelligence application. |
Configuration Parameters
Configuration parameters are not required for the Cisco Talos Intelligence app to communicate with the Cisco Talos Intelligence application. The app can function after creating instances in the app.
Action: Check blacklist IOC
This action checks the details of a blacklisted IOC from the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IOC value | Enter the IOC value. Example: "1.1.1.1" | Text | Required | Allowed values:
|
IOC type | Enter the IOC type. Example: "ipaddr" | Text | Required | Allowed values:
|
Example Request
[
{
"ioc_type": "ipaddr",
"ioc_value": "68.183.31.66"
}
]Action: Check domain reputation
This action checks the reputation of a domain from the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain value. Example: "mail.example.com" | Text | Required | |
Filters | Specify the filter to get reputation results. Example: "related_ips" | Text | Optional | Allowed values:
Default value:
|
Offset | Enter the offset value for the result. Example: 4 | Integer | Optional | Default value:
|
Limit | Enter the limit value for the result. Example: 90 | Integer | Optional | Default value:
|
Example Request
[
{
"limt": 50,
"domain": "mail.example.com",
"offset": 0,
"filters": "location"
}
]Action: Check IP address reputation
This action checks the reputation of an IP address from the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP address | Enter the IP address as ipv4 or ipv6 format. Example: "68.183.31.66" | Text | Required | |
Filters | Specify the filters to get the reputation results. Example: "related_ips" | Text | Optional | Allowed values:
Default value:
|
Offset | Enter the offset limit for the result. Example: 4 | Integer | Optional | Default value:
|
Limit | Enter the limit for the result. Example: 90 | Integer | Optional | Default value:
|
Example Request
[
{
"limit": 10,
"offset": 10,
"filters": "location",
"ip_address": "68.183.31.66"
}
]Action: Check mail server details
This action checks the mail server details of a domain from the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain name in FQDN format. Example: "mail.example.com" | Text | Required | |
Offset | Enter the offset value for the result. Example: 8 Input the offset; default (min) 0, (max) 10 | Integer | Optional | Default value:
|
Example Request
[
{
"domain": "mail.example.com",
"offset": 8
}
]Action: Check organization details
This action checks an organization's details by domain name from the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain value. Example: "cyware.com" | Text | Required | |
Offset | Enter the offset value for the result. Example: 8 | Integer | Optional | Default values:
|
Limit | Enter the limit for the results. Example: 12 | Integer | Optional | Default value:
|
Example Request
[
{
"limit": 5,
"domain": "cyware.com",
"offset": 3
}
]Action: Check URL reputation
This action checks the reputation of an URL from the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL value to get the reputation details. Example: "http://validaciondemensaje.b-perv.com" | Text | Required |
Example Request
[
{
"url": "http://validaciondemensaje.b-perv.com"
}
]Action: Remote IOC lookup
This action runs a remote IOC lookup for reputation on IP address, URL in the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IOC type | Enter the IOC type for the specified IOC value. Example: "ip" | Text | Required | Allowed values:
|
IOC value | Enter the IOC value to lookup details. Example: "68.183.31.66" | Text | Required | Allowed values:
|
Example Request
[
{
"ioc_type": "ip",
"ioc_value": "68.183.31.66"
}
]Action: Get reputation center feeds
This action retrieves different types of reputation center feeds from the Cisco Talos Intelligence application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sender type | Specify the sender type to get feeds. Example: "spam" | Text | Optional | Allowed values:
Default value:
|
Duration | Specify the duration of the reputation feeds. Example: "lastday" | Text | Optional | Allowed values:
Default value:
|
Example Request
[
{
"duration": "lastday",
"sender_type": "spam_country"
}
]