Intezer

Intezer connector for Splunk SOAR enables security teams to automate the analysis, detection, and response of threats by integrating Intezer's technology into their Splunk workflows

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• detonate file: Analyze a file from Splunk vault with Intezer
• detonate hash: Analyze a file hash (SHA1, SHA256, or MD5) with Intezer
• get file report: Get a file analysis report based on an analysis ID or a file hash
• detonate url: Analyze a suspicious URL with Intezer
• get url report: Get a URL analysis report based on a URL analysis ID
• get alert: Get an ingested alert triage and response information using alert ID
• submit alert: Submit a new alert, including the raw alert information, to Intezer for processing
• submit suspicious email: Submit a suspicious phishing email in a raw format (.MSG or .EML) to Intezer for processing
• index file: Index the file's genes into the organizational database
• unset index file: Unset file's indexing