This integration utilizes Analyst1's system to enrich XSOAR indicators with data provided by the Analyst1 REST API, such as actor and malware information, activity and reported dates, evidence and hit counts, and more.
Analyst1
- Details
- Content
- Dependencies
- Version History
This integration utilizes Analyst1's system to support multiple operations to assist the cyber analyst. These include intelligence collection from any source, deployment of configured indicator or signature sets for improved boundary/host defense, and enriching XSOAR indicators with data provided by the Analyst1 REST API, such as actor and malware information, activity and reported dates, evidence and hit counts, and more. For assistance with this app and any use cases please contact support@analyst1.com.
Integrations
| Name | Description |
|---|---|
| Analyst1 (Partner Contribution) | |
| illuminate (Deprecated) (Partner Contribution) | Deprecated. Use Analyst1 integration instead. |
Playbooks
| Name | Description |
|---|---|
Illuminate Integration Demonstration | Deprecated. No available replacement. A quick demonstration of the various illuminate enrichment commands. |
Analyst1 Integration Demonstration | A quick demonstration of the various Analyst1 enrichment commands. |
Integrations
| Name | Description |
|---|---|
| Analyst1 (Partner Contribution) | This integration utilizes Analyst1's system to enrich XSOAR indicators with data provided by the Analyst1 REST API, such as actor and malware information, activity and reported dates, evidence and hit counts, and more. |
| illuminate (Deprecated) (Partner Contribution) | Deprecated. Use Analyst1 integration instead. |
Playbooks
| Name | Description |
|---|---|
Analyst1 Integration Demonstration | A quick demonstration of the various Analyst1 enrichment commands. |
Illuminate Integration Demonstration | Deprecated. No available replacement. A quick demonstration of the various illuminate enrichment commands. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Filters And Transformers | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (2)
| Pack Name | Pack By |
|---|---|
| Filters And Transformers | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
1.1.14 - 5747792 (November 5, 2025)
- 41567
- 41796
Download
Integrations
Analyst1
- Improved implementation of XSOAR Verdict calculation to use Analyst1 Risk Score instead of the benign field.
- Added 6 risk score mapping parameters to customize how Analyst1 risk scores (Lowest, Low, Moderate, High, Critical, Unknown) map to XSOAR verdicts (Benign, Unknown, Suspicious, Malicious).
- Added the Apply Analyst1 entity-type tags to indicators parameter (default: disabled) to optionally tag indicators with their Analyst1 entity classifications.
- Improved implementation of entity classification handling where indicators classified by Analyst1 as Assets, Ignored Assets, In Home/Private/System Range, or Ignored Indicators are now marked as benign in XSOAR with appropriate entity-type tags when tagging is enabled.
- Improved implementation of reputation commands to display clear "not found" messages for indicators that don't exist in Analyst1, and show entity type classifications for non-indicator entities in the war room.
- Updated the analyst1-batch-check-post command to support both comma-delimited and newline-delimited input formats for the values argument.
- Updated the Docker image to: demisto/python3:3.12.11.4819260.
- 41567
- 41796
Download
1.1.0 - R5866730 (July 25, 2023)
- 27685
- 28418
Download
Integrations
Analyst1
- Updated the Docker image to: demisto/python3:3.10.12.65389.
- Added multiple new commands to support newer Analyst1 API functions:
-- analyst1-get-sensor-taskings
-- analyst1-get-sensors
-- analyst1-batch-check
-- analyst1-get-sensor-config
-- analyst1-get-sensor-diff
-- analyst1-indicator-by-id
-- analyst1-batch-check-post
-- analyst1-evidence-submit
-- analyst1-evidence-status - Regression testing against Analyst1 2.1.0
- 27685
- 28418
Download
1.1.14 - 5747792 (November 5, 2025)
- 41567
- 41796
Download
Integrations
Analyst1
- Improved implementation of XSOAR Verdict calculation to use Analyst1 Risk Score instead of the benign field.
- Added 6 risk score mapping parameters to customize how Analyst1 risk scores (Lowest, Low, Moderate, High, Critical, Unknown) map to XSOAR verdicts (Benign, Unknown, Suspicious, Malicious).
- Added the Apply Analyst1 entity-type tags to indicators parameter (default: disabled) to optionally tag indicators with their Analyst1 entity classifications.
- Improved implementation of entity classification handling where indicators classified by Analyst1 as Assets, Ignored Assets, In Home/Private/System Range, or Ignored Indicators are now marked as benign in XSOAR with appropriate entity-type tags when tagging is enabled.
- Improved implementation of reputation commands to display clear "not found" messages for indicators that don't exist in Analyst1, and show entity type classifications for non-indicator entities in the war room.
- Updated the analyst1-batch-check-post command to support both comma-delimited and newline-delimited input formats for the values argument.
- Updated the Docker image to: demisto/python3:3.12.11.4819260.
- 41567
- 41796
Download
1.1.0 - R5866730 (July 25, 2023)
- 27685
- 28418
Download
Integrations
Analyst1
- Updated the Docker image to: demisto/python3:3.10.12.65389.
- Added multiple new commands to support newer Analyst1 API functions:
-- analyst1-get-sensor-taskings
-- analyst1-get-sensors
-- analyst1-batch-check
-- analyst1-get-sensor-config
-- analyst1-get-sensor-diff
-- analyst1-indicator-by-id
-- analyst1-batch-check-post
-- analyst1-evidence-submit
-- analyst1-evidence-status - Regression testing against Analyst1 2.1.0
- 27685
- 28418
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Partner | |
| Created | June 30, 2020 | |
| Last Release | November 5, 2025 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
