[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThreatCrowd integration version 6.0 allows for the identification of related infrastructures and malware through the "Enrich Entities" action.\u003c/p\u003e\n"],["\u003cp\u003eThe "Enrich Entities" action operates on IP Address and Hostname entities, providing detailed enrichment data such as permalink, response code, votes, references, hashes, resolutions, domain, and last resolved date.\u003c/p\u003e\n"],["\u003cp\u003eThe "Ping" action tests connectivity within the ThreatCrowd integration and runs on all entity types.\u003c/p\u003e\n"],["\u003cp\u003eBoth "Enrich Entities" and "Ping" actions return a boolean 'is_success' and 'is_connect' indicator respectively, which is reported as a script result.\u003c/p\u003e\n"],["\u003cp\u003eThe integration configuration guide can be found in the provided documentation, allowing for proper setup of the integration.\u003c/p\u003e\n"]]],[],null,["# ThreatCrowd\n===========\n\nIntegration version: 6.0\n\nConfigure ThreatCrowd integration in Google Security Operations\n---------------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n-------\n\n### Enrich Entities\n\n#### Description\n\nQuickly identify related infrastructures and malware.\n\n#### Parameters\n\nN/A\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on the following entities:\n\n- IP Address\n- Hostname\n\n#### Action Results\n\n##### Entity Enrichment\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n [\n {\n \"EntityResult\": {\n \"permalink\": \"https: //www.threatcrowd.org/ip.php?ip=1.1.1.1\",\n \"response_code\": \"1\",\n \"votes\": -1,\n \"references\": [\n \"http: //www.talosintelligence.com/feeds/ip-filter.blf\",\n \"https: //check.torproject.org/exit-addresses\",\n \"https: //otx.alienvault.com/pulse/56714a2867db8c3f8a46fe95/\"\n ],\n \"hashes\": [],\n \"resolutions\": [{\n \"domain\": \"afplink.net\",\n \"last_resolved\": \"2016-06-24\"\n },{\n \"domain\": \"jabber.zwiebeltoralf.de\",\n \"last_resolved\": \"2016-12-28\"\n }]},\n \"Entity\": \"1.1.1.1\"\n }\n ]\n\n### Ping\n\n#### Description\n\nTest Connectivity.\n\n#### Parameters\n\nN/A\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
