Pangea
App Vendor: Pangea
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: v1 & v2
About App
Pangea consolidates key security capabilities, offering a full range of services and APIs within a unified framework, simplifying integration and procurement for rapid security implementation.
The Pangea app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Domain Reputation | This action retrieves the reputation of a domain. |
Get Hash Reputation | This action retrieves the reputation of a hash. |
Get IP Health Check | This action checks the health of an IP address. |
Get IP Reputation | This action retrieves the reputation of the given IP addresses. |
Get ISO Health Check | This action checks the health of an ISO code. |
Get URL Reputation | This action retrieves the reputation of a URL. |
Scan a File | This action scans a file. |
Generic Action | This is a generic action used to transcend the actions implemented by making a request to any endpoint. |
Configuration Parameters
The following configuration parameters are required for the Pangea app to communicate with the Pangea enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain name to connect to Pangea. Examples:
| Text | Required | |
Token | Enter the API token to authenticate with Pangea. | Password | Required | |
Version | Enter the API version of Pangea. | Text | Optional | Default value: v2 |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Pangea. | Integer | Optional | Default value: 15 seconds Allowed range: 15 - 120 seconds |
Verify | Choose your preference to verify SSL while making requests. It is recommended to set this option to yes. If no is passed, it may result in an incorrect connection establishment, potentially resulting in a broken connection. | Boolean | Optional | Default value: false |
Action: Get Domain Reputation
This action retrieves the reputation of a domain from a provider. When you request reputation for multiple domains, the response will be asynchronous.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domains | Enter the list of domains to get the reputation. Example: [example1.com, example2.com] | List | Required | You can add a minimum of 1 and a maximum of 100 domains. |
Providers | Enter the provider name to get the reputation. | Text | Required | Allowed values:
|
Additional Data | Enter the extra parameters if any. Example: verbose: true raw: true | Key Value | Optional |
Example Request
[
{
"domains": [
"google.com"
],
"provider": "domaintools",
"extra_params": {
"verbose": "true",
"raw": "true"
}
}
]Action: Get Hash Reputation
This action retrieves the reputation of a hash from a provider. When you request reputation for multiple file hashes, the response will be asynchronous. See API Reference/Asynchronous Responses
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash Type | Enter the type of hash. Example:
| Text | Required | You can add a minimum of 1 hash and a maximum of 100 hashes. |
Hash Value | Enter the hash value to get the reputation. Example: [d41d8cd98f00b204e9800998ecf8427e, e23d8cd98f00b204e9800998ecf8427f] | List | Required | |
Providers | Enter the list of providers. | Text | Required | Allowed values:
|
Additional Data | Enter the extra parameters if any. Example: verbose: true raw: true | Key Value | Optional |
Example Request
[
{
"hash_type": "md5",
"providers": "crowdstrike",
"hash_value": [
"d41d8cd98f00b204e9800998ecf8427e"
],
"extra_params": {
"verbose": "true",
"raw": "true"
}
}
]Action: Get IP Health Check
This action checks the health of an IP address. This checks IPs against known sanction and trade embargo lists.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP addresses to check the health. Example: 1.1.1.1 | Text | Required | Geolocates this IP, checks the country, and compares it with the countries listed in the embargo lists. |
Example Request
[
{
"ip_address": "1.1.1.1"
}
] Action: Get IP Reputation
This action retrieves the reputation of the given IP addresses from a provider. When you request reputation for multiple IP addresses, the response will be asynchronous.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Addresses | Enter the list of IP addresses to get the reputation. Example: [1.1.1.1, 7.7.7.7] | List | Required | You can enter a minimum of 1 and a maximum of 100 IP addresses. |
Providers | Enter the provider name to get the reputation. | Text | Required | Allowed values:
|
Additional Data | Enter the extra parameters if any. Example: verbose: true raw: true | Key Value | Optional |
Example Request
[
{
"ips": [
"1.1.1.1"
],
"provider": "cymru",
"extra_params": {
"verbose": "true",
"raw": "true"
}
}
]Action: Get ISO Health Check
This action checks the health of an ISO code. This action checks this two-character country ISO code against the enabled embargo lists.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
ISO Code | Enter the ISO code to check the health. Example: US | Text | Required |
Example Request
[
{
"iso_code": "CU"
}
]Action: Get URL Reputation
This action retrieves the reputation of a URL from a provider. When you request reputation for multiple URLs, the response will be asynchronous.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URLs | Enter the list of URLs to get the reputation. Example: [https://www.example1.com, https://www.example2.com] | List | Required | You can add a minimum of 1 URL and a maximum of 100 URLs. |
Providers | Enter the provider name to get the reputation. | Text | Required | Allowed values: crowdstrike |
Additional Data | Enter the extra parameters if any. Example: verbose: true raw: true | Key Value | Optional |
Example Request
[
{
"urls": [
"https://google.com"
],
"provider": "crowdstrike",
"extra_params": {
"verbose": "true",
"raw": "true"
}
}
]Action: Scan a File
This action scans a file for malicious content using the provider configured in File-Scan settings or uses the optional “provider” parameter to specify the provider to be used.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File Path | Enter the file path to scan. Example: /home/user/file.txt | Text | Required | |
Additional Data | Enter the extra parameters if any. Example: verbose: true raw: true | Key Value | Optional |
[
{
"file_path": [
"/home/user/file.txt"
]
}
]Action: Generic Action
This is a generic action that transcends the actions implemented by making a request to any endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Service Name | Enter the service name to make the request. Example:
| Text | Required | |
Method | Enter the HTTP method to make the request. Example: GET POST DELETE PATCH | Text | Required | |
Endpoint | Enter the endpoint to make the request. Example: /ip/check | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. Example: verbose: true raw: true | Key Value | Optional |