Skip to main content

Anomali ThreatStream

Download With Dependencies

Use Anomali ThreatStream to query and submit threats.

Anomali ThreatStream collects global threat data, providing you with the insights you need to determine if an event is a security threat.

What does this pack do?

  • Checks the reputation of a given URL, IP address, domain name, hash of a file, or email address.
  • Returns enrichment data for a domain or IP address for available indicators (observables).
  • Imports indicators (observables) into ThreatStream.
  • Returns an HTML file with a description of the threat model.
  • Returns a list of indicators associated with the specified model.
  • Submits a file or URL to the ThreatStream-hosted sandbox for detonation.
  • Returns a report of a file or URL submitted to the sandbox.
  • Returns filtered indicators or intelligence from ThreatStream.
  • Adds tags to intelligence to filter for related entities.
  • Creates or updates a threat model with the specified parameters.

This content pack includes 2 playbooks that:

  • Detonates one or more files. It returns relevant reports to the War Room and file reputations to the context data.
  • Detonates one or more URLs. It returns relevant reports to the War Room and URL reputations to the context data.

Pack Contributors:


  • Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Anomali ThreatStream collects global threat data, providing you with the insights you need to determine if an event is a security threat.

What does this pack do?

  • Checks the reputation of a given URL, IP address, domain name, hash of a file, or email address.
  • Returns enrichment data for a domain or IP address for available indicators (observables).
  • Imports indicators (observables) into ThreatStream.
  • Returns an HTML file with a description of the threat model.
  • Returns a list of indicators associated with the specified model.
  • Submits a file or URL to the ThreatStream-hosted sandbox for detonation.
  • Returns a report of a file or URL submitted to the sandbox.
  • Returns filtered indicators or intelligence from ThreatStream.
  • Adds tags to intelligence to filter for related entities.
  • Creates or updates a threat model with the specified parameters.

This content pack includes 2 playbooks that:

  • Detonates one or more files. It returns relevant reports to the War Room and file reputations to the context data.
  • Detonates one or more URLs. It returns relevant reports to the War Room and URL reputations to the context data.

Pack Contributors:


  • Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 30, 2020
Last ReleaseNovember 28, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.