Analyst1
App Vendor: Analyst1
App Category: Analytics & SIEM
Connector Version: 1.2.1
API Version: v1
Note
This is a beta-app and the documentation is in progress.
About App
Analyst1 connector enables cyber security analysts to collect and analyze evidence of malicious activity, identify threats, assess risk, and provide indications and warnings.
The Analyst1 app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Bulk Lookup Indicators | This action retrieves indicators in bulk. |
Generic Action | This is a generic action to perform any additional use case on Analyst1. |
Get Rules | This action retrieves the rules. |
Get Sensors | This action retrieves the sensors. |
Lookup Indicator | This action retrieves the details of an indicator. |
Get Indicators by Rule | This action retrieves a list of indicators for a rule. |
Get Indicators by Sensor | This action retrieves a list of indicators for a sensor. |
Publish Evidence | This action publishes evidence. |
Get Difference | This action retrieves the changes between the last known version and the new version of a sensor. |
Sensor Config Download | This action downloads the sensor configuration file. |
Upload Statistics | This action ingests hit statistics file. |
Get Rules by Sensor | This action retrieves a list of rules for a sensor. |
Get Sensor tasking rules and indicators | This action retrieves both a list of sensor tasking rules and indicators for any specific sensor. |
Get Current Version of Rule | This action retrieves the current version for a specific rule. |
Get Current Version of Sensor | This action retrieves a current version for a specific sensor. |
Batch Check Indicators | This action retrieves details for a batch of indicators. |
Configuration Parameters
The following configuration parameters are required for the Analyst1 app to communicate with the Analyst1 enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to connect to Analyst1. | Text | Required |
|
Username | Enter the username to authenticate the client. | Text | Required |
|
Password | Enter the password to authenticate the client. | Password | Required |
|
Verify | Choose to verify the SSL certificates. Example: true | Boolean | Optional | Default value: false Allowed values:
|
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Analyst1. | Integer | Optional | Allowed values: 15 -120 seconds Default value: 15 seconds |
Action: Bulk Lookup Indicators
This action retrieves indicators in bulk.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter query parameters to retrieve indicators. Example: $JSON{'type':'ip','value':'18x.61.1xx.154', 'value':'17x.67.1xx.157} | Key Value | Optional |
Action: Generic Action
This is a generic action to perform any additional use case on Analyst1.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
HTTP method | Enter the HTTP endpoint method. Example:
| Text | Required | |
Endpoint | Enter the complete endpoint to initiate the call. Example: "/api/1_0/indicator/bulkMatch" | Text | Required | |
Payload JSON | Enter the payload in JSON format to perform a generic action. | Any | Optional | |
Payload Data | Enter the payload data. | Any | Optional | |
Query Params | Enter the query parameters to filter the result. | Key Value | Optional |
Action: Get Rules
This action retrieves the rules.
Action Input Parameters
This action does not require any action input parameter.
Action: Get Sensors
This action retrieves the sensors.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters to filter the response. Example: {'type':'PALO_ALTO'} | Key Value | Optional |
|
Action: Lookup Indicator
This action retrieves the details of an indicator.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter query parameters to retrieve indicator details. Example: $JSON{'type':'domain','value':'sampledomain.com'} | Key Value | Optional |
|
Offset | Enter the offset. | Integer | Optional | Default value: 0 |
Page Size | Enter the page size. | Integer | Optional | Default value: 1010 |
Action: Get Indicators by Rule
This action retrieves a list of indicators for a rule.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Rule ID | Enter the rule ID. | Text | Required |
|
Offset | Enter the offset. | Integer | Optional | Default: 0 |
Page Size | Enter the page size. | Integer | Optional | Default: 1010 |
Action: Get Indicators by Sensor
This action retrieves a list of indicators for a sensor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sensor ID | Enter the sensor ID. | Text | Required |
|
Offset | Enter the offset. | Integer | Optional | Default value: 0 |
Page Size | Enter the page size. | Integer | Optional | Default: 1010 |
Action: Publish Evidence
This action publishes evidence.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
File Path | Enter the file path to access evidence. | Text | Required |
|
TLP | Enter the TLP status. Example:
| Text | Required |
|
Evidence File Classification | Enter the classification of the evidence file. Example: U | Text | Required |
|
Extra Parameters | Enter the extra parameters in key-value pairs. | Key Value | Optional | Allowed keys:
|
Action: Get Difference
This action retrieves the changes between the last known version and the new version of a sensor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sensor ID | Enter the sensor ID. | Text | Required |
|
Last Version | Enter the last known version. | Text | Required |
|
Action: Sensor Config Download
This action downloads the sensor configuration file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sensor ID | Enter the sensor ID. | Text | Required |
|
Action: Upload Statistics
This action ingests hit statistics file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File Path | Enter the file path to upload hit statistics file. | Text | Required |
|
Action: Get Rules by Sensor
This action retrieves a list of rules for a sensor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sensor ID | Enter the sensor ID | Text | Required |
|
Offset | Enter the offset. | Integer | Optional | Default: 0 |
Page Size | Enter the page size. | Integer | Optional | Default: 1010 |
Action: Get Sensor tasking rules and indicators
This action is used to get both list of sensor tasking rules and indicators for any specific sensor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Sensor ID | Enter the sensor ID to retrieve a list of rules and indicators. | Text | Required |
|
Get Current Version of Rule
This action retrieves the current version for a specific rule.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Rule ID | Enter the rule ID. | Text | Required |
|
Get Current Version of Sensor
This action retrieves a current version for a specific sensor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sensor ID | Enter the sensor ID. | Text | Required |
|
Batch Check Indicators
This action retrieves details for a batch of indicators.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Values | Enter the values. Example: 1.2.3.4, abc.com, google.com | Text | Optional |
|
Files | Enter the file path. | Text | Optional |
|