ThreatStream

Integrates a variety of generic, reputation, and investigative actions from the Anomali ThreatStream threat intelligence platform

Supported Actions

• test connectivity: Test connectivity to ThreatStream by querying the intelligence endpoint
• file reputation: Get information about a file
• domain reputation: Get information about a given domain
• ip reputation: Get information about a given IP
• email reputation: Get information about a given email
• url reputation: Get information about a URL
• whois ip: Execute a whois lookup on the given IP
• whois domain: Execute a whois lookup on the given domain
• get observable: Get observable present in ThreatStream by ID number
• list observables: List observables present in ThreatStream
• get vulnerability: Get vulnerability present in ThreatStream by ID number
• list vulnerabilities: List vulnerabilities present in ThreatStream
• list incidents: List incidents present in ThreatStream
• delete incident: Delete incident in ThreatStream by ID number
• get incident: Get incident in ThreatStream by ID number
• create incident: Create an incident in ThreatStream
• update incident: Update an incident in ThreatStream by ID number
• import domain observable: Import domain observable into ThreatStream
• import url observable: Import URL observable into ThreatStream
• import ip observable: Import IP observable into ThreatStream
• import file observable: Import file observable into ThreatStream
• import email observable: Import email observable into ThreatStream
• import observables: Import observables into ThreatStream
• tag observable: Add a tag to the observable
• get pcap: Download pcap file of a sample submitted to the sandbox and add it to vault
• detonate file: Detonate file in ThreatStream
• detonate url: Detonate URL in ThreatStream
• get status: Retrieve detonation status present in Threatstream
• get report: Retrieve detonation report present in Threatstream
• on poll: Callback action for the on_poll ingest functionality
• run query: Run observables query in ThreatStream
• list import sessions: List all the import sessions
• update import session: This action updates the fields of the provided item id
• list threat models: List all the threat models
• create threat bulletin: Create a threat bulletin in ThreatStream
• update threat bulletin: Update a threat bulletin in ThreatStream
• list threat bulletins: List threat bulletins present in ThreatStream
• list associations: List associations of an entity present in ThreatStream
• create rule: Creates a new rule in Threatstream
• update rule: Update a rule in ThreatStream by ID number
• list rules: List rules present in ThreatStream
• delete rule: Delete rule in ThreatStream by ID number
• add association: Create associations between threat model entities on the ThreatStream platform
• remove association: Remove associations between threat model entities on the ThreatStream platform
• list actors: List actors present in ThreatStream
• list imports: List imports present in ThreatStream
• create vulnerability: Create a vulnerability in ThreatStream
• update vulnerability: Update the vulnerability in ThreatStream
• create actor: Create an actor in ThreatStream
• update actor: Update an actor in ThreatStream
• delete threat bulletin: Delete threat bulletin in ThreatStream by ID
• delete vulnerability: Delete vulnerability in ThreatStream by ID
• delete actor: Delete actor in ThreatStream by ID number
• update observable: Update an observable in ThreatStream
• create investigation: Create an investigation in ThreatStream
• list investigations: List investigations present in ThreatStream
• get investigation: Retrieve investigation present in Threatstream by ID
• update investigation: Update an investigation in ThreatStream
• delete investigation: Delete investigation in ThreatStream by ID number