Anomali ThreatStream collects global threat data, providing you with the insights you need to determine if an event is a security threat.
What does this pack do?
- Checks the reputation of a given URL, IP address, domain name, hash of a file, or email address.
- Returns enrichment data for a domain or IP address for available indicators (observables).
- Imports indicators (observables) into ThreatStream.
- Returns an HTML file with a description of the threat model.
- Returns a list of indicators associated with the specified model.
- Submits a file or URL to the ThreatStream-hosted sandbox for detonation.
- Returns a report of a file or URL submitted to the sandbox.
- Returns filtered indicators or intelligence from ThreatStream.
- Adds tags to intelligence to filter for related entities.
- Creates or updates a threat model with the specified parameters.
This content pack includes 2 playbooks that:
- Detonates one or more files. It returns relevant reports to the War Room and file reputations to the context data.
- Detonates one or more URLs. It returns relevant reports to the War Room and URL reputations to the context data.