Publisher: Splunk
Connector Version: 1.0.1
Product Vendor: Cisco
Product Name: Talos Intelligence
Product Version Supported (regex): ".*"
Minimum Product Version: 6.3.0
This app provides investigative actions for Cisco Talos Intelligence
The Cisco Talos Intelligence license is included with your Splunk SOAR (Cloud) license.
This app uses the Cisco Talos API that specializes in identifying, analyzing, and mitigating cybersecurity threats.
For additional details, see the Cisco Talos Intelligence article in the Splunk SOAR documentation.
Note: The Cisco Talos Intelligence asset is already configured in your Splunk SOAR (Cloud) deployment.
test connectivity - Validate the asset configuration for connectivity using supplied configuration
ip reputation - Look up Cisco Talos threat intelligence for a given IP address
domain reputation - Look up Cisco Talos threat intelligence for a given domain
url reputation - Look up Cisco Talos threat intelligence for a given URL
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
Action uses the URS API to get a list of the AUP categories used to classify website content.
No parameters are required for this action
No Output
Look up Cisco Talos threat intelligence for a given IP address
Type: investigate
Read only: True
Provides information on an IP address's reputation, so you can take appropriate action against untrusted or unwanted resources.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ip | required | IP to query | string | ip ipv6 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.ip | string | ip ipv6 |
|
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric | ||
action_result.data.*.Observable | string | ||
action_result.data.*.Threat_Level | string | ||
action_result.data.*.Threat_Categories | string | ||
action_result.data.*.AUP | string | ||
action_result.summary.message | string | 72.163.4.185 has a Favorable threat level |
Look up Cisco Talos threat intelligence for a given domain
Type: investigate
Read only: True
Provides information on a domain's reputation, so you can take appropriate action against untrusted or unwanted resources.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
domain | required | Domain to query | string | domain |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.domain | string | domain |
|
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric | ||
action_result.data.*.Observable | string | ||
action_result.data.*.Threat_Level | string | ||
action_result.data.*.Threat_Categories | string | ||
action_result.data.*.AUP | string | ||
action_result.summary.message | string | splunk.com has a Favorable threat level |
Look up Cisco Talos threat intelligence for a given URL
Type: investigate
Read only: True
Provides information on a URL's reputation, so you can take appropriate action against untrusted or unwanted resources.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL to query | string | url |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.url | string | url |
|
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric | ||
action_result.data.*.Observable | string | ||
action_result.data.*.Threat_Level | string | ||
action_result.data.*.Threat_Categories | string | ||
action_result.data.*.AUP | string | ||
action_result.summary.message | string | https://splunk.com has a Favorable threat level |