PolySwarm 2.0.0
App Vendor: PolySwarm
App Category: Data Enrichment & Threat Intelligence
Connector Version: 2.0.0
API Version: API 3.0.0
About App
PolySwarm is a more effective way to detect, analyze, and respond to the latest threats, the ones more likely to go undetected by existing solutions. PolySwarm is powered by a network of threat detection engines. it combines wide coverage from commercial engines, with the ability to detect threats earlier from specialized solutions.
The PolySwarm app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Generic Action | This is a generic action to transcend the actions implemented by making a request to any endpoint. |
List Scans | The action scans hash. |
Search Hash | The action is used to look up a hash. |
Search URL | The action searches for the URL and finds its details. |
Configuration Parameters
The following configuration parameters are required for the PolySwarm app to communicate with the PolySwarm enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Token | Enter the api token. | Password | Required |
|
verify | Choose to perform or skip the SSL certificate verification. | Boolean | Optional | Default value: True |
timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with the PolySwarm. | Integer | Optional | Allowed range: 15-120 secs Default value: 15 secs |
Action: Generic Action
This is a generic action to transcend the actions implemented by making a request to any endpoint
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make a request to an endpoint. Example: GET | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to make the request. Example: /search/instances | Text | Required |
|
Query params | Enter the query parameters to pass to the API. | Key Value | Optional |
|
Payload | Enter the payload to pass to the API. | JSON | Optional |
|
Additional fields | Enter the additional parameters to pass. For available keys refer to the document. Example: {'download':true,'custoum_output':'this is a custom output'} | Key Value | Optional | Available keys:
|
Example Request
[
{
"method": "GET",
"endpoint": "/search/instances",
"extra_fields": {},
"query_params": {
"hash": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"
}
}
]Action: List Scans
The action scans a hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash | Enter the hash to scan. Example: 88a8b10e503a2edc25c4f12745720d86992b73074af6b8d12b82d240d14235c8 | Text | Optional |
Example Request
[
{
"hash": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"
}
]Action: Search Hash
The action is used to lookup a hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash | Enter a hash to search. Example: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f) | Text | Required | |
Hash type | Enter the hash type. Example:
| Text | Required |
Example Request
[
{
"hash": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f",
"hash_type": "sha256"
}
]Action: Search URL
The action searches for the URL and finds its details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL. Example: http://text.com or https://text.com | Text | Required |
Example Request
[
{
"url": "https://www.google.com"
}
]