Anomali ThreatStream | Marketplace

Details
Content
Dependencies
Version History

Use Anomali ThreatStream to query and submit threats.

Anomali ThreatStream collects global threat data, providing you with the insights you need to determine if an event is a security threat.

What does this pack do?

Checks the reputation of a given URL, IP address, domain name, hash of a file, or email address.
Returns enrichment data for a domain or IP address for available indicators (observables).
Imports indicators (observables) into ThreatStream.
Returns an HTML file with a description of the threat model.
Returns a list of indicators associated with the specified model.
Submits a file or URL to the ThreatStream-hosted sandbox for detonation.
Returns a report of a file or URL submitted to the sandbox.
Returns filtered indicators or intelligence from ThreatStream.
Adds tags to intelligence to filter for related entities.
Creates or updates a threat model with the specified parameters.

This content pack includes 2 playbooks that:

Detonates one or more files. It returns relevant reports to the War Room and file reputations to the context data.
Detonates one or more URLs. It returns relevant reports to the War Room and URL reputations to the context data.

Pack Contributors:

Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Anomali ThreatStream collects global threat data, providing you with the insights you need to determine if an event is a security threat.

What does this pack do?

Checks the reputation of a given URL, IP address, domain name, hash of a file, or email address.
Returns enrichment data for a domain or IP address for available indicators (observables).
Imports indicators (observables) into ThreatStream.
Returns an HTML file with a description of the threat model.
Returns a list of indicators associated with the specified model.
Submits a file or URL to the ThreatStream-hosted sandbox for detonation.
Returns a report of a file or URL submitted to the sandbox.
Returns filtered indicators or intelligence from ThreatStream.
Adds tags to intelligence to filter for related entities.
Creates or updates a threat model with the specified parameters.

This content pack includes 2 playbooks that:

Detonates one or more files. It returns relevant reports to the War Room and file reputations to the context data.
Detonates one or more URLs. It returns relevant reports to the War Room and URL reputations to the context data.

Pack Contributors:

Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
ThreatstreamBuildIocImportJson	Builds A JSON array based on the values provided by the user for the 'threatstream-import-indicator-without-approval' command.

Integrations

Name	Description
Anomali ThreatStream v2 (Deprecated)	Deprecated. Use Anomali ThreatStream v3 integration instead.
Anomali ThreatStream v3	Use Anomali ThreatStream to query and submit threats.
Anomali ThreatStream (Deprecated)	Deprecated. Use Anomali ThreatStream v3 instead. Use Anomali ThreatStream to query and submit threats

Playbooks

Name	Description
Detonate File - ThreatStream	Detonate one or more files using the Anomali ThreatStream v2 integration. This playbook returns relevant reports to the War Room, and file reputations to the context data.
Detonate URL - ThreatStream	Detonates one or more URLs using the Anomali ThreatStream v2 sandbox integration. Returns relevant reports to the War Room and URL reputations to the context data.

Automations

Name	Description
ThreatstreamBuildIocImportJson	Builds A JSON array based on the values provided by the user for the 'threatstream-import-indicator-without-approval' command.

Integrations

Name	Description
Anomali ThreatStream v2 (Deprecated)	Deprecated. Use Anomali ThreatStream v3 integration instead.
Anomali ThreatStream (Deprecated)	Deprecated. Use Anomali ThreatStream v3 instead. Use Anomali ThreatStream to query and submit threats
Anomali ThreatStream v3	Use Anomali ThreatStream to query and submit threats.

Playbooks

Name	Description
Detonate URL - ThreatStream	Detonates one or more URLs using the Anomali ThreatStream v2 sandbox integration. Returns relevant reports to the War Room and URL reputations to the context data.
Detonate File - ThreatStream	Detonate one or more files using the Anomali ThreatStream v2 integration. This playbook returns relevant reports to the War Room, and file reputations to the context data.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Common Playbooks	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

2.2.24 - 1619437 (November 10, 2024)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.114656.

Related pull requests:
- 37059
- 37052
- 37051

Download

2.2.23 - 1425722 (September 24, 2024)

Integrations

Anomali ThreatStream v3

Fixed an issue where the threatstream-get-indicators command failed when more than 1000 indicators were expected to be retrieved.
Updated the docker image to: demisto/py3-tools:1.0.0.112434.

Related pull requests:
- 36369

Download

2.2.22 - R1408452 (September 19, 2024)

Integrations

Anomali ThreatStream v3

Added the threatstream-clone-imported-indicator command to clone indicators that exist in Anomali but are not in the customer environment.
Added the threatstream-edit-classification command to edit an imported/cloned observable and add it to one or more Trusted Circles.

Related pull requests:
- 36087
- 36155

Download

2.2.21 - R1191003 (July 18, 2024)

Integrations

Anomali ThreatStream v3

Updated the Authorization flow due to changes on Anomali API side.
Updated the Docker image to demisto/py3-tools:1.0.0.99035.

Related pull requests:
- 35060

Download

2.2.20 - R1070867 (June 5, 2024)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.93223.

Related pull requests:
- 34465
- 33830
- 33831
- 33828
- 33825
- 33805
- 33871

Download

2.2.19 - 1061293 (June 2, 2024)

Integrations

Anomali ThreatStream v3

Fixed an issue in Base pack (Version 1.33.52) so now Anomali ThreatStream v3 will correctly input email addresses into context under Account.Email and not under Email.

Related pull requests:
- 34684
- 33924

Download

2.2.18 - 976988 (April 25, 2024)

Integrations

Anomali ThreatStream v3

Fixed an issue in the threatstream-get-indicators command where not all of the results were returned when the limit argument was very large.
Added retries to the API calls to prevent connection errors.
Updated the Docker image to: demisto/py3-tools:1.0.0.93223.

Related pull requests:
- 34105

Download

2.2.17 - 916317 (March 26, 2024)

Scripts

ThreatstreamBuildIocImportJson

Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33514
- 33458
- 33455
- 33501
- 33509
- 33490
- 33477
- 33461
- 33365
- 33315
- 33454

Download

2.2.16 - 823153 (February 12, 2024)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.87415.

Related pull requests:
- 32840

Download

2.2.15 - 798475 (February 1, 2024)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.86612.

Related pull requests:
- 32522

Download

2.2.14 - 760302 (January 14, 2024)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.84811.

Related pull requests:
- 32154

Download

2.2.13 - 743135 (January 4, 2024)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.84236.

Related pull requests:
- 31969

Download

2.2.12 - 729445 (January 1, 2024)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.84025.

Related pull requests:
- 31880

Download

2.2.11 - 721233 (December 27, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.83976.

Related pull requests:
- 31814

Download

2.2.10 - 7209615 (December 19, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.83687.

Related pull requests:
- 31553

Download

2.2.9 - 7076512 (December 5, 2023)

Integrations

Anomali ThreatStream v3

Fixed an issue where the threatstream-get-indicators command would not fetch all the indicators.
Updated the Docker image to: demisto/py3-tools:1.0.0.82746.

Related pull requests:
- 31269

Download

2.2.8 - 7066068 (December 4, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.82341.

Related pull requests:
- 31289

Download

2.2.7 - 7029664 (November 30, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.81890.

Related pull requests:
- 31217

Download

2.2.6 - 7012606 (November 28, 2023)

Integrations

Anomali ThreatStream v3

Added a new parameter Default DBOT score for indicators with low Confidence - Toggle between Unknown and Benign.
Updated the Docker image to: demisto/py3-tools:1.0.0.81280.

Related pull requests:
- 30993
- 31151

Download

2.2.5 - 6955725 (November 21, 2023)

Playbooks

Detonate URL - ThreatStream

Fixed an issue where the playbook output listed 'ANYRUN' instead of 'ThreatStream' command output.
Updated the 'URL' playbook input to use 'URL.Data' as the default value.

Related pull requests:
- 30992

Download

2.2.4 - 6944614 (November 20, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.80754.
Improved documentation for the threatstream-import-indicator-without-approval command.

Related pull requests:
- 30976

Download

2.2.3 - 6804257 (November 5, 2023)

Integrations

Anomali ThreatStream v3

Added the remote_api instance configuration, to allow gathering of additional information about the threat model from remote APIs.
Updated the Docker image to: demisto/py3-tools:1.0.0.79870.

Related pull requests:
- 30537
- 30154

Download

2.2.2 - 6636841 (October 18, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.77497.

Related pull requests:
- 30237

Download

2.2.1 - 6608983 (October 15, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.77054.

Related pull requests:
- 30136

Download

2.2.0 - 6453502 (September 28, 2023)

Integrations

Anomali ThreatStream v3

Added 2 commands:
- threatstream-remove-indicator-tag
- threatstream-add-indicator-tag

Related pull requests:
- 29803

Download

2.1.12 - 6437102 (September 27, 2023)

Integrations

Anomali ThreatStream v3

Updated the Docker image to: demisto/py3-tools:1.0.0.75615.

Related pull requests:
- 29871

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	November 10, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.