Intel 471
App Vendor: Intel 471
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
About App
The Intel 471 app integrates with Intel 471, a service focused on provisioning of high fidelity and timely indicators feed with rich context, TTP information and malware intelligence reports. It is made to be operationalized easily out of the box within a customer's environment and is accessible via an online portal, restful API and third-party integrations.
The Intel 471 app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Detailed Vulnerability Info | This action retrieves the detailed information for a vulnerability. |
Fetch Actor | This action fetches the actor details. |
Fetch Entity | This action retrieves the entity. |
Fetch IOC | This action retrieves the IOCs. |
Fetch Malware Indicator | This action retrieves the indicators of a particular malware. |
Fetch Malware Intel | This action retrieves the malware intel. |
Fetch Malware NIDS | This action retrieves the NIDs. |
Fetch Malware Yara | This action retrieves the Yara data for the malware. |
Fetch Vulnerability Search | This action performs a vulnerability search. |
Global Search | This action returns the results matching the filter criteria such as IOC, vulnerabilities, and so on. |
Configuration Parameters
The following configuration parameters are required for the Intel 471 app to communicate with the Intel 471 enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL. Example: "https://example.com" | Text | Required | |
Username | Enter the username. | Text | Required | |
API Key | Enter the API key. | Password | Required | |
Verify | Choose to verify. | Boolean | Optional | Allowed values:
|
Action: Detailed Vulnerability Info
This action retrieves the detailed information for a vulnerability.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
UID | Enter the UID. Example: "e7fafbb8f44a6ded005c154976627da4" | Text | Required |
Action: Fetch Actor
This action retrieves the actor details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Actor | Enter the actor name. Example: "testactor" | Text | Required | |
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Enter the sort criteria. | Text | Optional | Allowed values:
|
Pretty print | Select an option for pretty print. | Boolean | Optional |
Action: Fetch Entity
This action retrieves the entity.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Entity | Enter the entity. Example: "syntax" | Text | Required | |
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Enter the sort. Example: "relevance" | Text | Optional | Allowed values:
|
Pretty print | Select an option for pretty print. | Boolean | Optional |
Action: Fetch IOC
This action retrieves the Indicators of Compromise.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IOC | Enter the IOC to be searched for. Example: malicious@domain.com | Text | Required | |
Sort | Sort results by relevance or activity start time. Example: "relevance" | Text | Optional | Allowed values:
|
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Pretty print | Select the option for pretty print. | Boolean | Optional | Allowed values:
|
Action: Fetch Malware Indicator
This action retrieves indicators of a particular malware.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware family | Enter the malware family. Example: "azorult" | Text | Optional | |
Indicator type | Search indicators by type. Example: "ipv4" | Text | Optional | Allowed values:
|
Threat type | Enter the threat type. Example: "malware" | Text | Optional | Allowed values:
|
Indicator | Enter the indicator. Example: "example@domain.com" | Text | Optional | |
Confidence | Enter the confidence. Example: "low" | Text | Optional | Allowed values:
|
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Enter the sort value. Example: "latest" | Text | Optional | Allowed values:
|
Pretty print | Select an option for pretty print. | Boolean | Optional |
Action: Fetch Malware Intel
This action retrieves malware intel.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware family | Enter the malware family. Example: "azorult" | Text | Optional | |
Event | Enter the event. Example: "syntax" | Text | Optional | |
Event type | Enter the event type. Example: "download_execute" | Text | Optional | Allowed values:
|
Threat type | Enter the threat type. Example: "malware" | Text | Optional | Allowed values:
|
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Enter the sort value. | Text | Optional | Allowed values:
|
Pretty print | Select an option for pretty print. | Boolean | Optional |
Action: Fetch Malware NIDS
This action fetches the NIDS.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware family | Enter the malware family name. Example: "azorult" | Text | Optional | |
NIDS | Enter the NIDS. | Text | Optional | |
Nids type | Enter the NIDs type. | Text | Optional | |
Threat type | Enter the threat type. | Text | Optional | |
Confidence | Enter the confidence. Example: "Low" | Text | Optional | Allowed values:
|
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Enter the sort value. Example: "latest" | Text | Optional | Allowed values:
|
Pretty print | Select an option to pretty print. | Boolean | Optional |
Action: Fetch Malware Yara
This action retrieves Yara information for the malware.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware family | Enter the malware family. Example: "azorult" | Text | Optional | |
Yara | Enter the Yara. | Text | Optional | |
Threat type | Enter the threat type. Example: "proxy_service" | Text | Optional | Allowed values:
|
Confidence | Enter the confidence. Example: "Medium" | Text | Optional | Allowed values:
|
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Sort results by relevance or activity start time. Example: "latest" | Text | Optional | Allowed values:
|
Pretty print | Select an option for pretty print. | Boolean | Optional |
Action: Fetch Vulnerability Search
This action performs a vulnerability search.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CVE report | Enter the CVE report name. Example: "cve-2017-234" | Text | Optional | |
CVE type | Search CVE reports by type. Example: "memory corruption" | Text | Optional | Allowed values:
|
CVE status | Search CVE reports by status. Example: "status_historical" | Text | Optional | Allowed values:
|
CVE name | Enter the CVE name. | Text | Optional | |
Vendor name | Enter the vendor name. Example: "microsoft" | Text | Optional | |
Product name | Enter the product name. Example: "windows" | Text | Optional | |
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Enter the sort. | Text | Optional | |
Pretty print | Select the option to pretty print. | Boolean | Optional |
Action: Global Search
This action returns results that are matching the filter criteria such as IOC, vulnerabilities, and so on.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Text | Enter the text to be searched. Example: apt41 | Text | Optional | |
IP address | Enter the IP address. Example: 1.1.1.1 | Text | Optional | |
URL | Enter the URL. Example: "example.com" | Text | Optional | |
Enter the email to be searched for. Example: "abc@example.com" | Text | Optional | ||
Actor | Enter the actor. Example: "apt41" | Text | Optional | |
Entity | Enter the entity. | Text | Optional | |
IOC | Enter the IOC value. Example: "malicious@example.com" | Text | Optional | |
Indicator | Enter the indicator. Example: "1353799838183" | Text | Optional | |
Yara | Enter the Yara. | Text | Optional | |
NIDS | Enter the NIDS. | Text | Optional | |
Event | Enter the event. | Text | Optional | |
Malware family | Enter the malware family name. Example: "azorult" | Text | Optional | |
Confidence | Enter the confidence. | Text | Optional | |
CVE | Enter the CVE. Example: "cve-2018-8348" | Text | Optional | |
From time | Enter the 'from' time, based on which the search results starting from the given creation time are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Until | Enter the 'until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated from | Enter the 'last updated from' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Last updated until | Enter the 'last updated until' time, based on which the search results are returned. The format can be long unix time or string time range. | Text | Optional | Allowed values:
|
Count | Enter the count. Example: 100 | Text | Optional | |
Sort | Enter the sort. | Text | Optional | |
Pretty print | Select an option for pretty print. | Boolean | Optional |