DShield

Integration version: 4.0

Configure DShield integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Get IP Info

Description

Query DShield for information about external IP addresses.

Parameters

N/A

Run On

This action runs on the IP Address.

Action Results

Entity Enrichment

Enrichment Field Name	Logic - When to apply
comment	Returns if it exists in JSON result
count	Returns if it exists in JSON result
updated	Returns if it exists in JSON result
Alexa	Returns if it exists in JSON result
network	Returns if it exists in JSON result
attacks	Returns if it exists in JSON result
maxdate	Returns if it exists in JSON result
asname	Returns if it exists in JSON result
assize	Returns if it exists in JSON result
number	Returns if it exists in JSON result
maxrisk	Returns if it exists in JSON result
as	Returns if it exists in JSON result
asabusecontact	Returns if it exists in JSON result
ascountry	Returns if it exists in JSON result
threatfeeds	Returns if it exists in JSON result
mindate	Returns if it exists in JSON result

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_enriched	True/False	is_enriched:False

JSON Result

[{
   "EntityResult":
    {
      "comment": "Googlepublicrecursivenameserver",
      "count": 8218,
      "updated": "2019-01-2004: 51: 46",
      "Alexa":
        {
         "domains": 1,
         "lastrank": 6178,
         "hostname": "google-public-dns-a.google.com",
         "lastseen": "2016-01-02",
         "firstseen": "2016-01-02"
        },
      "network": "1.1.1.1/24",
      "attacks": 32,
      "maxdate": "2019-01-20",
      "asname": "GOOGLE-GoogleLLC",
      "assize": 609498,
      "number": "1.1.1.1",
      "maxrisk": 0,
      "as": 15169,
      "asabusecontact": "john_doe@example.com",
      "ascountry": "US",
      "threatfeeds":
        {
          "qakbot":
             {
               "lastseen": "2015-04-03",
               "firstseen": "2015-04-02"
             },
          "forumspam":
             {
              "lastseen": "2018-12-05",
              "firstseen": "2011-05-10"
              }
         },
       "mindate": "2019-01-14"
     },
  "Entity": "1.1.1.1"
}]​

Ping

Description

Test Connectivity.

Parameters

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

N/A