Skip to content

splunk-soar-connectors/ciscotalosintelligence

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cisco Talos Intelligence

Publisher: Splunk
Connector Version: 1.0.1
Product Vendor: Cisco
Product Name: Talos Intelligence
Product Version Supported (regex): ".*"
Minimum Product Version: 6.3.0

This app provides investigative actions for Cisco Talos Intelligence

Cisco Talos Intelligence license for Splunk SOAR (Cloud)

The Cisco Talos Intelligence license is included with your Splunk SOAR (Cloud) license.

Overview

This app uses the Cisco Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats.

For additional details, see the Cisco Talos Intelligence article in the Splunk SOAR documentation.

Note: The Cisco Talos Intelligence asset is already configured in your Splunk SOAR (Cloud) deployment.

Supported Actions

test connectivity - Validate the asset configuration for connectivity using supplied configuration
ip reputation - Look up Cisco Talos threat intelligence for a given IP address
domain reputation - Look up Cisco Talos threat intelligence for a given domain
url reputation - Look up Cisco Talos threat intelligence for a given URL

action: 'test connectivity'

Validate the asset configuration for connectivity using supplied configuration

Type: test
Read only: True

Action uses the URS API to get a list of the AUP categories used to classify website content.

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'ip reputation'

Look up Cisco Talos threat intelligence for a given IP address

Type: investigate
Read only: True

Provides information on an IP address's reputation, so you can take appropriate action against untrusted or unwanted resources.

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP to query string ip ipv6

Action Output

DATA PATH TYPE CONTAINS EXAMPLE VALUES
action_result.parameter.ip string ip ipv6
action_result.status string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric
action_result.data.*.Observable string
action_result.data.*.Threat_Level string
action_result.data.*.Threat_Categories string
action_result.data.*.AUP string
action_result.summary.message string 72.163.4.185 has a Favorable threat level

action: 'domain reputation'

Look up Cisco Talos threat intelligence for a given domain

Type: investigate
Read only: True

Provides information on a domain's reputation, so you can take appropriate action against untrusted or unwanted resources.

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to query string domain

Action Output

DATA PATH TYPE CONTAINS EXAMPLE VALUES
action_result.parameter.domain string domain
action_result.status string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric
action_result.data.*.Observable string
action_result.data.*.Threat_Level string
action_result.data.*.Threat_Categories string
action_result.data.*.AUP string
action_result.summary.message string splunk.com has a Favorable threat level

action: 'url reputation'

Look up Cisco Talos threat intelligence for a given URL

Type: investigate
Read only: True

Provides information on a URL's reputation, so you can take appropriate action against untrusted or unwanted resources.

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
url required URL to query string url

Action Output

DATA PATH TYPE CONTAINS EXAMPLE VALUES
action_result.parameter.url string url
action_result.status string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric
action_result.data.*.Observable string
action_result.data.*.Threat_Level string
action_result.data.*.Threat_Categories string
action_result.data.*.AUP string
action_result.summary.message string https://splunk.com has a Favorable threat level

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages