Anomali Threatstream
App Vendor: Anomali
App Category: Data Enrichment & Threat Intelligence
Connector Version: 2.0.2
API Version: 2.0.0
About App
Anomali Threatstream is a threat intelligence management application that automates all the processes for collecting, managing, and integrating threat intelligence, and give security analysts the tools and resources to respond quickly to active threats. The Anomali Threatstream app allows security teams to integrate with the enterprise version of the Anomali Threatstream application to retrieve intelligence feeds, execute intelligence search queries, and look up intelligence indicators.
The Anomali Threatstream app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Fetch Intelligence Feeds | This action retrieves intelligence feeds from the Anomali Threatstream application. |
Intelligence Search Query | This action executes intelligence search query from the Anomali Threatstream application. |
Intelligence Indicator Lookup | This action looks up intelligence indicators from the Anomali Threatstream application. |
Configuration Parameters
The following configuration parameters are required for the Anomali Thretstream app to communicate with the Anomali Thretstream enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Username | Enter the API username. Example: "api-username" | Text | Required | |
API Key | Enter the API key. Example: "API-KEY-VALUE-GENERATED" | Password | Required |
Action: Fetch Intelligence Feeds
This action retrieves intelligence feeds from the Anomali Threatstream application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the limit on the number of results retrieved. Example: 10 | Integer | Optional | Default value: 0 |
Example Request
[
{
"limit":10
}
]Action: Intelligence Search Query
This action executes an intelligence search query from the Anomali Threatstream application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search String | Enter the search string to query from the Anomali Threatstream application. Example: "sample_search_string" | Text | Required | |
Limit | Enter the limit on the number of results retrieved. Example: 10 | Integer | Optional | Default value: 0 |
Example Request
[
{
"search_string": "sample_search_string",
"limit": 10
}
]Action: Intelligence Indicator Lookup
This action looks up intelligence indicators from the Anomali Threatstream application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IOC Type | Enter the Indicator of Compromise (IOC) type. Example: "domain" | Text | Required | Allowed values:
|
IOC Value | Enter the IOC value. Example: "cyware.com" | Text | Required | |
Limit | Enter the limit on the number of results retrieved. Example: 10 | Integer | Optional | Default value: 0 |
Example Request
[
{
"ioc_type": "domain",
"ioc_value": "cyware.com",
"limit": 10
}
]