Skip to content

hyasinfosec/splunk-soar-hyasinsight

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
release_notes
release_notes
 
 
wheels
wheels
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
hyasinsight.json
hyasinsight.json
 
 
hyasinsight_connector.py
hyasinsight_connector.py
 
 
hyasinsight_consts.py
hyasinsight_consts.py
 
 
hyasinsight_display_view.html
hyasinsight_display_view.html
 
 
hyasinsight_view.py
hyasinsight_view.py
 
 
logo_hyasinsight.svg
logo_hyasinsight.svg
 
 
logo_hyasinsight_dark.svg
logo_hyasinsight_dark.svg
 
 
readme.html
readme.html
 
 
requirements.txt
requirements.txt
 
 
tox.ini
tox.ini
 
 

Repository files navigation

Hyas Insight

Publisher: Hyas
Connector Version: 1.2.0
Product Vendor: Hyas
Product Name: Hyas Insight
Product Version Supported (regex): ".*"
Minimum Product Version: 5.3.4

This app implements investigative actions that return Hyas Insight Records for the given Indicators

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Hyas Insight asset in SOAR.

VARIABLE REQUIRED TYPE DESCRIPTION
apikey required password API KEY

Supported Actions

test connectivity - Validate the asset configuration for connectivity using supplied configuration
lookup commandcontrol domain - Perform this action to get the C2 Domain Lookup Data for Hyas Insight
lookup commandcontrol email - Perform this action to get the C2 Email address Lookup Data for Hyas Insight
lookup commandcontrol ip - Perform this action to get the C2 IP Lookup Data for Hyas Insight
lookup commandcontrol hash - Perform this action to get the C2 Hash Lookup Data for Hyas Insight
lookup whois domain - Perform this action to get the Whois Domain Lookup Data for Hyas Insight
lookup whois email - Perform this action to get the Whois Email address Lookup Data for Hyas Insight
lookup whois phone - Perform this action to get the Whois Phone number Lookup Data for Hyas Insight
lookup dynamicdns email - Perform this action to get the Dynamicdns Email address Lookup Data for Hyas Insight
lookup dynamicdns ip - Perform this action to get the Dynamicdns IP address Lookup Data for Hyas Insight
lookup dynamicdns domain - Perform this action to get the Dynamicdns Domain Lookup Data for Hyas Insight
lookup sinkhole ip - Perform this action to get the Sinkhole IP address Lookup Data for Hyas Insight
lookup passivehash ip - Perform this action to get the Passivehash IP address Lookup Data for Hyas Insight
lookup passivehash domain - Perform this action to get the Passivehash Domain Lookup Data for Hyas Insight
lookup ssl certificate ip - Perform this action to get the SSL Certificate Lookup Data for Hyas Insight
lookup passivedns domain - Perform this action to get the Passivedns Domain Lookup Data for Hyas Insight
lookup current whois domain - Perform this action to get the Whois current Domain Lookup Data for Hyas Insight
lookup passivedns ip - Perform this action to get the Passivedns IP address Lookup Data for Hyas Insight
lookup malware information hash - Perform this action to get the Malware Information Lookup Data for Hyas Insight
lookup malware record hash - Perform this action to get the Malware Record hash Lookup Data for Hyas Insight
lookup malware record ip - Perform this action to get the Malware Record IP address Lookup Data for Hyas Insight
lookup malware record domain - Perform this action to get the Malware Record Domain Lookup Data for Hyas Insight
lookup os indicator hash - Perform this action to get the OS Indicator Lookup Data for Hyas Insight
lookup ssl certificate hash - Perform this action to get the SSL Certificate hash Lookup Data for Hyas Insight
lookup ssl certificate domain - Perform this action to get the SSL Certificate Domain Lookup Data for Hyas Insight
lookup devicegeo ip - Perform this action to get the Mobile Geolocation Information IP address Lookup Data for Hyas Insight
lookup os indicator domain - Perform this action to get the OS Indicator Domain Lookup Data for Hyas Insight
lookup os indicator ip - Perform this action to get the OS Indicator Lookup Data for IP address Hyas Insight

action: 'test connectivity'

Validate the asset configuration for connectivity using supplied configuration

Type: test
Read only: True

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'lookup commandcontrol domain'

Perform this action to get the C2 Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get Lookup Data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup commandcontrol email'

Perform this action to get the C2 Email address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
email required Email address to get Lookup Data for Hyas Insight string email

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.email string email
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup commandcontrol ip'

Perform this action to get the C2 IP Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP address to get Lookup Data for Hyas Insight string ip ipv4 ipv6

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.ip string ip ipv4 ipv6
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup commandcontrol hash'

Perform this action to get the C2 Hash Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
hash required Hash to get Lookup Data for Hyas Insight string sha256 hash

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.hash string sha256 hash
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup whois domain'

Perform this action to get the Whois Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get Lookup Data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup whois email'

Perform this action to get the Whois Email address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
email required Email address to get Lookup Data for Hyas Insight string email

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.email string email
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup whois phone'

Perform this action to get the Whois Phone number Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
phone required Phone number to get Lookup Data for Hyas Insight string phone phone number

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.phone string number
action_result.parameter.phone string phone phone number
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup dynamicdns email'

Perform this action to get the Dynamicdns Email address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
email required Email address to get Lookup Data for Hyas Insight string email

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.email string email
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup dynamicdns ip'

Perform this action to get the Dynamicdns IP address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP address to get Lookup Data for Hyas Insight string ip ipv6

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.ip string ip ipv6
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup dynamicdns domain'

Perform this action to get the Dynamicdns Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get Lookup Data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup sinkhole ip'

Perform this action to get the Sinkhole IP address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ipv4 required IP address to get Lookup Data for Hyas Insight string ip

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.ipv4 string ip
action_result.parameter.ipv4 string ip
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup passivehash ip'

Perform this action to get the Passivehash IP address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ipv4 required IP address to get Lookup Data for Hyas Insight string ip

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.ipv4 string ip
action_result.parameter.ipv4 string ip
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup passivehash domain'

Perform this action to get the Passivehash Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get Lookup Data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup ssl certificate ip'

Perform this action to get the SSL Certificate Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP address to get Lookup Data for Hyas Insight string ip ipv6

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.ip string ip ipv6
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup passivedns domain'

Perform this action to get the Passivedns Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get Lookup Data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup current whois domain'

Perform this action to get the Whois current Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get Lookup Data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup passivedns ip'

Perform this action to get the Passivedns IP address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ipv4 required IP address to get Lookup Data for Hyas Insight string ip ipv6

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.ipv4 string ip
action_result.parameter.ipv4 string ip ipv6
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup malware information hash'

Perform this action to get the Malware Information Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
hash required Hash to get lookup data for Hyas Insight string md5 hash

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.hash string md5
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup malware record hash'

Perform this action to get the Malware Record hash Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
hash required Hash to get the lookup data for Hyas Insight string hash md5 sha256 sha1

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.hash string hash md5 sha256 sha1
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup malware record ip'

Perform this action to get the Malware Record IP address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ipv4 required IP address to get the lookup data for Hyas Insight string ip ipv4

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.ipv4 string ip ipv4
action_result.status string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup malware record domain'

Perform this action to get the Malware Record Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get the lookup data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup os indicator hash'

Perform this action to get the OS Indicator Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
hash required Hash to get lookup data for Hyas Insight string hash md5 sha1 sha256

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.hash string hash md5 sha1 sha256
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup ssl certificate hash'

Perform this action to get the SSL Certificate hash Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
hash required Hash to get lookup data for Hyas Insight string md5 hash sha1 sha256

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.hash string ip
action_result.parameter.hash string md5 hash sha1 sha256
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup ssl certificate domain'

Perform this action to get the SSL Certificate Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get Lookup Data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup devicegeo ip'

Perform this action to get the Mobile Geolocation Information IP address Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP address to get the lookup data for Hyas Insight string ip ipv4 ipv6

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.ip string ip ipv4 ipv6
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup os indicator domain'

Perform this action to get the OS Indicator Domain Lookup Data for Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to get lookup data for Hyas Insight string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.domain string domain
action_result.data string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup os indicator ip'

Perform this action to get the OS Indicator Lookup Data for IP address Hyas Insight

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP address to get the lookup data for Hyas Insight string ip ipv4 ipv6

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.ip string ip ipv4 ipv6
action_result.status string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

8 tags

Packages

No packages published

Languages

  • HTML 58.9%
  • Python 41.1%