ThreatCrowd
Integration version: 6.0
Configure ThreatCrowd integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Actions
Enrich Entities
Description
Quickly identify related infrastructures and malware.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- IP Address
- Hostname
Action Results
Entity Enrichment
| Enrichment Field Name | Logic-When to Apply |
|---|---|
| permalink | Returns if it exists in JSON result |
| response_code | Returns if it exists in JSON result |
| votes | Returns if it exists in JSON result |
| references | Returns if it exists in JSON result |
| hashes | Returns if it exists in JSON result |
| resolutions | Returns if it exists in JSON result |
| domain | Returns if it exists in JSON result |
| last_resolved | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
[
{
"EntityResult"
:
{
"permalink"
:
"https: //www.threatcrowd.org/ip.php?ip=1.1.1.1"
,
"response_code"
:
"1"
,
"votes"
:
-1
,
"references"
:
[
"http: //www.talosintelligence.com/feeds/ip-filter.blf"
,
"https: //check.torproject.org/exit-addresses"
,
"https: //otx.alienvault.com/pulse/56714a2867db8c3f8a46fe95/"
],
"hashes"
:
[],
"resolutions"
:
[{
"domain"
:
"afplink.net"
,
"last_resolved"
:
"2016-06-24"
},{
"domain"
:
"jabber.zwiebeltoralf.de"
,
"last_resolved"
:
"2016-12-28"
}]},
"Entity"
:
"1.1.1.1"
}
]
Ping
Description
Test Connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_connect
|
True/False | is_connect:False |
JSON Result
N/A
Need more help? Get answers from Community members and Google SecOps professionals.
