Publisher: Hyas
Connector Version: 1.1.0
Product Vendor: Hyas
Product Name: Hyas Protect
Product Version Supported (regex): ".*"
Minimum Product Version: 5.2.0
This app implements investigative actions that return Hyas Protect Verdict for the given Indicators
The app uses HTTP/ HTTPS protocol for communicating with the Hyas Protect server. Below are the default ports used by the Splunk SOAR Connector.
| Service Name | Transport Protocol | Port |
|---|---|---|
| http | tcp | 80 |
| https | tcp | 443 |
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Hyas Protect asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| apikey | required | password | API KEY |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
ip verdict - Perform this action to get the Hyas Verdict for IP
domain verdict - Perform this action to get the Hyas Verdict for Domain
fqdn verdict - Perform this action to get the Hyas Verdict for FQDN
nameserver verdict - Perform this action to get the Hyas Verdict for Nameserver
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
Perform this action to get the Hyas Verdict for IP
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| ip | required | IP to get Hyas Verdict | string | ip ipv6 |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.ip | string | ip ipv6 |
| action_result.*.Verdict | string | |
| action_result.*.Reasons | string | |
| action_result.status | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Perform this action to get the Hyas Verdict for Domain
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| domain | required | Domain to get Hyas Verdict | string | domain |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.domain | string | domain |
| action_result.*.Verdict | string | |
| action_result.*.Reasons | string | |
| action_result.status | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Perform this action to get the Hyas Verdict for FQDN
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| fqdn | required | FQDN to get Hyas Verdict | string |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.fqdn | string | |
| action_result.*.Verdict | string | |
| action_result.*.Reasons | string | |
| action_result.status | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Perform this action to get the Hyas Verdict for Nameserver
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| nameserver | required | Nameserver to get Hyas Verdict | string | domain |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.nameserver | string | domain |
| action_result.*.Verdict | string | |
| action_result.*.Reasons | string | |
| action_result.status | string | |
| action_result.message | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |