Threat Crowd
App Vendor: Threat Crowd
Connector Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
Hostname: https://www.threatcrowd.org/searchApi
Default Port: 443
About App
Threat Crowd is powered by AlienVault and is part of an open Threat Intelligence community that permits global collaboration and sharing of cyber threats. In Orchestrate, this app helps analysts in identifying threats by analyzing Email, File Hash, IP address, and Domain reputation.
The Threat Crowd app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Check Domain Reputation | This action checks the domain & IP safety rating in a threat crowd. |
Check Email ID reputation | This action checks an email ID's reputation in a threat crowd. |
Check File Hash Reputation | This action checks a file hash reputation in the threat crowd. |
Generate Anti-Virus Report | This action generates an anti-virus report for a given malware from a threat crowd. |
Get IP Address Information | This action gets IP address information from the threat crowd. |
Configuration Parameters
The Threat Crowd app does not require any configuration parameter to communicate with the Threat Crowd enterprise application.
Action: Check Domain Reputation
This action checks the domain & IP safety rating in a threat crowd.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain name | Enter the domain name. Example: www.google.com | Text | Required |
Example Request
[
{
"domain": "cyware.com"
}
]Action: Check Email ID reputation
This action checks an email ID's reputation in a threat crowd.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Email id | Enter the Email ID. Example: cyware.com | Text | Required |
Example Request
[
{
"domain": "cyware.com"
}
]Action: Check File Hash Reputation
This action checks a file hash reputation in the threat crowd.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File hash value | Enter the hash value. Example: cf6a4847810c2de6362bfd2d76eb249a27f8b59c2c2ec4b6801e7274af873ac5 | Text | Required |
Example Request
[
{
"input_hash": "<cf6a4847810c2de6362bfd2d76eb249a27f8b59c2c2ec4b6801e7274af873ac5>"
}
]Action: Generate Anti-Virus Report
This action generates an anti-virus report for a given malware from threat crowd.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware name | Enter the malware name. Example: wannacry | Text | Required |
Example Request
[
{
"query": "WannaCry"
}
]Action: Get IP Address Information
This action gets ip address information from threat crowd.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Ip address | Enter the ip address. Example: 1.1.1.1 | Text | Required |
Example Request
[
{
"ip_address": "1.1.1.1"
}
]