ThreatCrowd
Integration version: 5.0
Configure ThreatCrowd integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Enrich Entities
Description
Quickly identify related infrastructures and malware.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- IP Address
- Hostname
Action Results
Entity Enrichment
| Enrichment Field Name | Logic-When to Apply |
|---|---|
| permalink | Returns if it exists in JSON result |
| response_code | Returns if it exists in JSON result |
| votes | Returns if it exists in JSON result |
| references | Returns if it exists in JSON result |
| hashes | Returns if it exists in JSON result |
| resolutions | Returns if it exists in JSON result |
| domain | Returns if it exists in JSON result |
| last_resolved | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[
{
"EntityResult": {
"permalink": "https: //www.threatcrowd.org/ip.php?ip=1.1.1.1",
"response_code": "1",
"votes": -1,
"references": [
"http: //www.talosintelligence.com/feeds/ip-filter.blf",
"https: //check.torproject.org/exit-addresses",
"https: //otx.alienvault.com/pulse/56714a2867db8c3f8a46fe95/"
],
"hashes": [],
"resolutions": [{
"domain": "afplink.net",
"last_resolved": "2016-06-24"
},{
"domain": "jabber.zwiebeltoralf.de",
"last_resolved": "2016-12-28"
}]},
"Entity": "1.1.1.1"
}
]
Ping
Description
Test Connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_connect | True/False | is_connect:False |
JSON Result
N/A