Publisher: Splunk Community
Connector Version: 1.2.2
Product Vendor: Infoblox
Product Name: Dossier
Product Version Supported (regex): ".*"
Minimum Product Version: 5.2.0
This app supports investigate actions on the Infoblox Dossier platform
This app requires access to port 1175 on your Phantom host(s) in order to function properly.
The Infoblox ActiveTrust Platform has been replaced by the Infoblox BloxOne Platform (csp.infoblox.com). Users need to migrate to the new platform to continue to use Dossier. This fix/update migrates the phantom dossier integration to the new platform to ensure users are able to continue to utilize this integration.
Note: Users will need a new API key.
Users will need to get a new API key from the BloxOne Platform - ActiveTrust Platform API will now be invalid.
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Dossier asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| api_key | required | password | API Key for Dossier Service |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
lookup domain - Check for the presence of a domain in a threat intelligence feed
lookup ip - Check for the presence of an IP in a threat intelligence feed
lookup hash - Check for the presence of a hash in a threat intelligence feed
lookup url - Check for the presence of a url in a threat intelligence feed
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
Check for the presence of a domain in a threat intelligence feed
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| domain | required | Domain to lookup | string | domain url |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.domain | string | domain url |
| action_result.data.*.*.data.record_count | numeric | |
| action_result.data.*.*.data.threat.*.batch_id | string | |
| action_result.data.*.*.data.threat.*.class | string | |
| action_result.data.*.*.data.threat.*.confidence | numeric | |
| action_result.data.*.*.data.threat.*.detected | string | |
| action_result.data.*.*.data.threat.*.dga | string | |
| action_result.data.*.*.data.threat.*.domain | string | domain |
| action_result.data.*.*.data.threat.*.expiration | string | |
| action_result.data.*.*.data.threat.*.extended.audience | string | |
| action_result.data.*.*.data.threat.*.extended.etcategory | string | |
| action_result.data.*.*.data.threat.*.extended.hash_md5 | string | md5 |
| action_result.data.*.*.data.threat.*.extended.hash_sha1 | string | sha1 |
| action_result.data.*.*.data.threat.*.extended.hash_sha256 | string | sha256 |
| action_result.data.*.*.data.threat.*.extended.intelligencetype | string | |
| action_result.data.*.*.data.threat.*.extended.killchain | string | |
| action_result.data.*.*.data.threat.*.extended.maliciousconfidence | string | |
| action_result.data.*.*.data.threat.*.extended.malware | string | |
| action_result.data.*.*.data.threat.*.extended.malwarefamily | string | |
| action_result.data.*.*.data.threat.*.extended.networkidentifier | string | |
| action_result.data.*.*.data.threat.*.extended.networktype | string | |
| action_result.data.*.*.data.threat.*.extended.observationtime | string | |
| action_result.data.*.*.data.threat.*.extended.ports | string | |
| action_result.data.*.*.data.threat.*.extended.reportid | string | |
| action_result.data.*.*.data.threat.*.extended.threatscape | string | |
| action_result.data.*.*.data.threat.*.extended.threattype | string | |
| action_result.data.*.*.data.threat.*.extended.title | string | |
| action_result.data.*.*.data.threat.*.extended.url_hash | string | md5 |
| action_result.data.*.*.data.threat.*.host | string | |
| action_result.data.*.*.data.threat.*.id | string | |
| action_result.data.*.*.data.threat.*.imported | string | |
| action_result.data.*.*.data.threat.*.ip | string | ip |
| action_result.data.*.*.data.threat.*.origin | string | |
| action_result.data.*.*.data.threat.*.profile | string | |
| action_result.data.*.*.data.threat.*.property | string | |
| action_result.data.*.*.data.threat.*.received | string | |
| action_result.data.*.*.data.threat.*.target | string | |
| action_result.data.*.*.data.threat.*.threat_level | numeric | |
| action_result.data.*.*.data.threat.*.tld | string | |
| action_result.data.*.*.data.threat.*.tlp | string | |
| action_result.data.*.*.data.threat.*.type | string | |
| action_result.data.*.*.data.threat.*.up | string | |
| action_result.data.*.*.data.threat.*.url | string | url |
| action_result.data.*.*.params.source | string | |
| action_result.data.*.*.params.target | string | |
| action_result.data.*.*.params.type | string | |
| action_result.data.*.*.status | string | |
| action_result.data.*.*.task_id | string | |
| action_result.data.*.*.time | numeric | |
| action_result.data.*.*.v | string | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary.threat_confidence | numeric | |
| action_result.summary.threat_level | numeric | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Check for the presence of an IP in a threat intelligence feed
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| ip | required | IP to lookup | string | ip |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.ip | string | ip |
| action_result.data.*.*.data.record_count | numeric | |
| action_result.data.*.*.data.threat.*.batch_id | string | |
| action_result.data.*.*.data.threat.*.class | string | |
| action_result.data.*.*.data.threat.*.confidence | numeric | |
| action_result.data.*.*.data.threat.*.confidence_score | numeric | |
| action_result.data.*.*.data.threat.*.confidence_score_rating | string | |
| action_result.data.*.*.data.threat.*.confidence_score_vector | string | |
| action_result.data.*.*.data.threat.*.detected | string | |
| action_result.data.*.*.data.threat.*.domain | string | domain |
| action_result.data.*.*.data.threat.*.expiration | string | |
| action_result.data.*.*.data.threat.*.extended.cyberint_guid | string | md5 |
| action_result.data.*.*.data.threat.*.extended.etcategory | string | |
| action_result.data.*.*.data.threat.*.extended.ports | string | |
| action_result.data.*.*.data.threat.*.host | string | |
| action_result.data.*.*.data.threat.*.id | string | |
| action_result.data.*.*.data.threat.*.imported | string | |
| action_result.data.*.*.data.threat.*.ip | string | ip |
| action_result.data.*.*.data.threat.*.origin | string | |
| action_result.data.*.*.data.threat.*.profile | string | |
| action_result.data.*.*.data.threat.*.property | string | |
| action_result.data.*.*.data.threat.*.received | string | |
| action_result.data.*.*.data.threat.*.target | string | |
| action_result.data.*.*.data.threat.*.threat_level | numeric | |
| action_result.data.*.*.data.threat.*.tld | string | |
| action_result.data.*.*.data.threat.*.tlp | string | |
| action_result.data.*.*.data.threat.*.type | string | |
| action_result.data.*.*.data.threat.*.up | string | |
| action_result.data.*.*.data.threat.*.url | string | url |
| action_result.data.*.*.params.source | string | |
| action_result.data.*.*.params.target | string | ip |
| action_result.data.*.*.params.type | string | |
| action_result.data.*.*.status | string | |
| action_result.data.*.*.task_id | string | |
| action_result.data.*.*.time | numeric | |
| action_result.data.*.*.v | string | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary.results | numeric | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Check for the presence of a hash in a threat intelligence feed
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| hash | required | Hash to lookup | string | sha256 sha1 md5 |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.hash | string | sha256 sha1 md5 |
| action_result.data.*.*.data.details.av_engine_count | numeric | |
| action_result.data.*.*.data.details.av_match_count | numeric | |
| action_result.data.*.*.data.details.av_scan_time | string | |
| action_result.data.*.*.data.details.av_scans.ALYac.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.ALYac.result | string | |
| action_result.data.*.*.data.details.av_scans.ALYac.update_time | string | |
| action_result.data.*.*.data.details.av_scans.ALYac.version | string | ip |
| action_result.data.*.*.data.details.av_scans.APEX.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.APEX.result | string | |
| action_result.data.*.*.data.details.av_scans.APEX.update_time | string | |
| action_result.data.*.*.data.details.av_scans.APEX.version | string | |
| action_result.data.*.*.data.details.av_scans.AVG.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.AVG.result | string | |
| action_result.data.*.*.data.details.av_scans.AVG.update_time | string | |
| action_result.data.*.*.data.details.av_scans.AVG.version | string | |
| action_result.data.*.*.data.details.av_scans.Acronis.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Acronis.result | string | |
| action_result.data.*.*.data.details.av_scans.Acronis.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Acronis.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Ad-Aware.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Ad-Aware.result | string | |
| action_result.data.*.*.data.details.av_scans.Ad-Aware.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Ad-Aware.version | string | |
| action_result.data.*.*.data.details.av_scans.AegisLab.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.AegisLab.result | string | |
| action_result.data.*.*.data.details.av_scans.AegisLab.update_time | string | |
| action_result.data.*.*.data.details.av_scans.AegisLab.version | string | |
| action_result.data.*.*.data.details.av_scans.AhnLab-V3.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.AhnLab-V3.result | string | |
| action_result.data.*.*.data.details.av_scans.AhnLab-V3.update_time | string | |
| action_result.data.*.*.data.details.av_scans.AhnLab-V3.version | string | |
| action_result.data.*.*.data.details.av_scans.Alibaba.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Alibaba.result | string | |
| action_result.data.*.*.data.details.av_scans.Alibaba.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Alibaba.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Antiy-AVL.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Antiy-AVL.result | string | |
| action_result.data.*.*.data.details.av_scans.Antiy-AVL.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Antiy-AVL.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Arcabit.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Arcabit.result | string | |
| action_result.data.*.*.data.details.av_scans.Arcabit.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Arcabit.version | string | |
| action_result.data.*.*.data.details.av_scans.Avast-Mobile.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Avast-Mobile.result | string | |
| action_result.data.*.*.data.details.av_scans.Avast-Mobile.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Avast-Mobile.version | string | |
| action_result.data.*.*.data.details.av_scans.Avast.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Avast.result | string | |
| action_result.data.*.*.data.details.av_scans.Avast.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Avast.version | string | |
| action_result.data.*.*.data.details.av_scans.Avira.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Avira.result | string | |
| action_result.data.*.*.data.details.av_scans.Avira.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Avira.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Baidu.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Baidu.result | string | |
| action_result.data.*.*.data.details.av_scans.Baidu.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Baidu.version | string | ip |
| action_result.data.*.*.data.details.av_scans.BitDefender.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.BitDefender.result | string | |
| action_result.data.*.*.data.details.av_scans.BitDefender.update_time | string | |
| action_result.data.*.*.data.details.av_scans.BitDefender.version | string | |
| action_result.data.*.*.data.details.av_scans.Bkav.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Bkav.result | string | |
| action_result.data.*.*.data.details.av_scans.Bkav.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Bkav.version | string | |
| action_result.data.*.*.data.details.av_scans.CAT-QuickHeal.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.CAT-QuickHeal.result | string | |
| action_result.data.*.*.data.details.av_scans.CAT-QuickHeal.update_time | string | |
| action_result.data.*.*.data.details.av_scans.CAT-QuickHeal.version | string | |
| action_result.data.*.*.data.details.av_scans.CMC.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.CMC.result | string | |
| action_result.data.*.*.data.details.av_scans.CMC.update_time | string | |
| action_result.data.*.*.data.details.av_scans.CMC.version | string | |
| action_result.data.*.*.data.details.av_scans.ClamAV.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.ClamAV.result | string | |
| action_result.data.*.*.data.details.av_scans.ClamAV.update_time | string | |
| action_result.data.*.*.data.details.av_scans.ClamAV.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Comodo.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Comodo.result | string | |
| action_result.data.*.*.data.details.av_scans.Comodo.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Comodo.version | string | |
| action_result.data.*.*.data.details.av_scans.CrowdStrike.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.CrowdStrike.result | string | |
| action_result.data.*.*.data.details.av_scans.CrowdStrike.update_time | string | |
| action_result.data.*.*.data.details.av_scans.CrowdStrike.version | string | |
| action_result.data.*.*.data.details.av_scans.Cybereason.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Cybereason.result | string | |
| action_result.data.*.*.data.details.av_scans.Cybereason.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Cybereason.version | string | |
| action_result.data.*.*.data.details.av_scans.Cylance.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Cylance.result | string | |
| action_result.data.*.*.data.details.av_scans.Cylance.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Cylance.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Cyren.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Cyren.result | string | |
| action_result.data.*.*.data.details.av_scans.Cyren.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Cyren.version | string | ip |
| action_result.data.*.*.data.details.av_scans.DrWeb.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.DrWeb.result | string | |
| action_result.data.*.*.data.details.av_scans.DrWeb.update_time | string | |
| action_result.data.*.*.data.details.av_scans.DrWeb.version | string | |
| action_result.data.*.*.data.details.av_scans.ESET-NOD32.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.ESET-NOD32.result | string | |
| action_result.data.*.*.data.details.av_scans.ESET-NOD32.update_time | string | |
| action_result.data.*.*.data.details.av_scans.ESET-NOD32.version | string | |
| action_result.data.*.*.data.details.av_scans.Emsisoft.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Emsisoft.result | string | |
| action_result.data.*.*.data.details.av_scans.Emsisoft.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Emsisoft.version | string | |
| action_result.data.*.*.data.details.av_scans.Endgame.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Endgame.result | string | |
| action_result.data.*.*.data.details.av_scans.Endgame.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Endgame.version | string | |
| action_result.data.*.*.data.details.av_scans.F-Prot.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.F-Prot.result | string | |
| action_result.data.*.*.data.details.av_scans.F-Prot.update_time | string | |
| action_result.data.*.*.data.details.av_scans.F-Prot.version | string | ip |
| action_result.data.*.*.data.details.av_scans.F-Secure.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.F-Secure.result | string | |
| action_result.data.*.*.data.details.av_scans.F-Secure.update_time | string | |
| action_result.data.*.*.data.details.av_scans.F-Secure.version | string | ip |
| action_result.data.*.*.data.details.av_scans.FireEye.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.FireEye.result | string | |
| action_result.data.*.*.data.details.av_scans.FireEye.update_time | string | |
| action_result.data.*.*.data.details.av_scans.FireEye.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Fortinet.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Fortinet.result | string | |
| action_result.data.*.*.data.details.av_scans.Fortinet.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Fortinet.version | string | ip |
| action_result.data.*.*.data.details.av_scans.GData.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.GData.result | string | |
| action_result.data.*.*.data.details.av_scans.GData.update_time | string | |
| action_result.data.*.*.data.details.av_scans.GData.version | string | |
| action_result.data.*.*.data.details.av_scans.Ikarus.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Ikarus.result | string | |
| action_result.data.*.*.data.details.av_scans.Ikarus.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Ikarus.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Invincea.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Invincea.result | string | |
| action_result.data.*.*.data.details.av_scans.Invincea.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Invincea.version | string | |
| action_result.data.*.*.data.details.av_scans.Jiangmin.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Jiangmin.result | string | |
| action_result.data.*.*.data.details.av_scans.Jiangmin.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Jiangmin.version | string | |
| action_result.data.*.*.data.details.av_scans.K7AntiVirus.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.K7AntiVirus.result | string | |
| action_result.data.*.*.data.details.av_scans.K7AntiVirus.update_time | string | |
| action_result.data.*.*.data.details.av_scans.K7AntiVirus.version | string | |
| action_result.data.*.*.data.details.av_scans.K7GW.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.K7GW.result | string | |
| action_result.data.*.*.data.details.av_scans.K7GW.update_time | string | |
| action_result.data.*.*.data.details.av_scans.K7GW.version | string | |
| action_result.data.*.*.data.details.av_scans.Kaspersky.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Kaspersky.result | string | |
| action_result.data.*.*.data.details.av_scans.Kaspersky.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Kaspersky.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Kingsoft.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Kingsoft.result | string | |
| action_result.data.*.*.data.details.av_scans.Kingsoft.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Kingsoft.version | string | |
| action_result.data.*.*.data.details.av_scans.MAX.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.MAX.result | string | |
| action_result.data.*.*.data.details.av_scans.MAX.update_time | string | |
| action_result.data.*.*.data.details.av_scans.MAX.version | string | |
| action_result.data.*.*.data.details.av_scans.Malwarebytes.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Malwarebytes.result | string | |
| action_result.data.*.*.data.details.av_scans.Malwarebytes.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Malwarebytes.version | string | |
| action_result.data.*.*.data.details.av_scans.MaxSecure.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.MaxSecure.result | string | |
| action_result.data.*.*.data.details.av_scans.MaxSecure.update_time | string | |
| action_result.data.*.*.data.details.av_scans.MaxSecure.version | string | ip |
| action_result.data.*.*.data.details.av_scans.McAfee-GW-Edition.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.McAfee-GW-Edition.result | string | |
| action_result.data.*.*.data.details.av_scans.McAfee-GW-Edition.update_time | string | |
| action_result.data.*.*.data.details.av_scans.McAfee-GW-Edition.version | string | |
| action_result.data.*.*.data.details.av_scans.McAfee.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.McAfee.result | string | |
| action_result.data.*.*.data.details.av_scans.McAfee.update_time | string | |
| action_result.data.*.*.data.details.av_scans.McAfee.version | string | |
| action_result.data.*.*.data.details.av_scans.MicroWorld-eScan.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.MicroWorld-eScan.result | string | |
| action_result.data.*.*.data.details.av_scans.MicroWorld-eScan.update_time | string | |
| action_result.data.*.*.data.details.av_scans.MicroWorld-eScan.version | string | |
| action_result.data.*.*.data.details.av_scans.Microsoft.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Microsoft.result | string | |
| action_result.data.*.*.data.details.av_scans.Microsoft.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Microsoft.version | string | |
| action_result.data.*.*.data.details.av_scans.NANO-Antivirus.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.NANO-Antivirus.result | string | |
| action_result.data.*.*.data.details.av_scans.NANO-Antivirus.update_time | string | |
| action_result.data.*.*.data.details.av_scans.NANO-Antivirus.version | string | |
| action_result.data.*.*.data.details.av_scans.Paloalto.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Paloalto.result | string | |
| action_result.data.*.*.data.details.av_scans.Paloalto.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Paloalto.version | string | |
| action_result.data.*.*.data.details.av_scans.Panda.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Panda.result | string | |
| action_result.data.*.*.data.details.av_scans.Panda.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Panda.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Qihoo-360.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Qihoo-360.result | string | |
| action_result.data.*.*.data.details.av_scans.Qihoo-360.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Qihoo-360.version | string | |
| action_result.data.*.*.data.details.av_scans.Rising.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Rising.result | string | |
| action_result.data.*.*.data.details.av_scans.Rising.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Rising.version | string | ip |
| action_result.data.*.*.data.details.av_scans.SUPERAntiSpyware.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.SUPERAntiSpyware.result | string | |
| action_result.data.*.*.data.details.av_scans.SUPERAntiSpyware.update_time | string | |
| action_result.data.*.*.data.details.av_scans.SUPERAntiSpyware.version | string | |
| action_result.data.*.*.data.details.av_scans.SentinelOne.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.SentinelOne.result | string | |
| action_result.data.*.*.data.details.av_scans.SentinelOne.update_time | string | |
| action_result.data.*.*.data.details.av_scans.SentinelOne.version | string | |
| action_result.data.*.*.data.details.av_scans.Sophos.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Sophos.result | string | |
| action_result.data.*.*.data.details.av_scans.Sophos.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Sophos.version | string | |
| action_result.data.*.*.data.details.av_scans.Symantec.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Symantec.result | string | |
| action_result.data.*.*.data.details.av_scans.Symantec.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Symantec.version | string | ip |
| action_result.data.*.*.data.details.av_scans.TACHYON.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.TACHYON.result | string | |
| action_result.data.*.*.data.details.av_scans.TACHYON.update_time | string | |
| action_result.data.*.*.data.details.av_scans.TACHYON.version | string | |
| action_result.data.*.*.data.details.av_scans.Tencent.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Tencent.result | string | |
| action_result.data.*.*.data.details.av_scans.Tencent.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Tencent.version | string | ip |
| action_result.data.*.*.data.details.av_scans.TotalDefense.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.TotalDefense.result | string | |
| action_result.data.*.*.data.details.av_scans.TotalDefense.update_time | string | |
| action_result.data.*.*.data.details.av_scans.TotalDefense.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Trapmine.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Trapmine.result | string | |
| action_result.data.*.*.data.details.av_scans.Trapmine.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Trapmine.version | string | |
| action_result.data.*.*.data.details.av_scans.TrendMicro-HouseCall.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.TrendMicro-HouseCall.result | string | |
| action_result.data.*.*.data.details.av_scans.TrendMicro-HouseCall.update_time | string | |
| action_result.data.*.*.data.details.av_scans.TrendMicro-HouseCall.version | string | |
| action_result.data.*.*.data.details.av_scans.TrendMicro.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.TrendMicro.result | string | |
| action_result.data.*.*.data.details.av_scans.TrendMicro.update_time | string | |
| action_result.data.*.*.data.details.av_scans.TrendMicro.version | string | |
| action_result.data.*.*.data.details.av_scans.Trustlook.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Trustlook.result | string | |
| action_result.data.*.*.data.details.av_scans.Trustlook.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Trustlook.version | string | |
| action_result.data.*.*.data.details.av_scans.VBA32.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.VBA32.result | string | |
| action_result.data.*.*.data.details.av_scans.VBA32.update_time | string | |
| action_result.data.*.*.data.details.av_scans.VBA32.version | string | |
| action_result.data.*.*.data.details.av_scans.VIPRE.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.VIPRE.result | string | |
| action_result.data.*.*.data.details.av_scans.VIPRE.update_time | string | |
| action_result.data.*.*.data.details.av_scans.VIPRE.version | string | |
| action_result.data.*.*.data.details.av_scans.ViRobot.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.ViRobot.result | string | |
| action_result.data.*.*.data.details.av_scans.ViRobot.update_time | string | |
| action_result.data.*.*.data.details.av_scans.ViRobot.version | string | |
| action_result.data.*.*.data.details.av_scans.Webroot.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Webroot.result | string | |
| action_result.data.*.*.data.details.av_scans.Webroot.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Webroot.version | string | |
| action_result.data.*.*.data.details.av_scans.Yandex.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Yandex.result | string | |
| action_result.data.*.*.data.details.av_scans.Yandex.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Yandex.version | string | ip |
| action_result.data.*.*.data.details.av_scans.Zillya.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Zillya.result | string | |
| action_result.data.*.*.data.details.av_scans.Zillya.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Zillya.version | string | |
| action_result.data.*.*.data.details.av_scans.ZoneAlarm.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.ZoneAlarm.result | string | |
| action_result.data.*.*.data.details.av_scans.ZoneAlarm.update_time | string | |
| action_result.data.*.*.data.details.av_scans.ZoneAlarm.version | string | |
| action_result.data.*.*.data.details.av_scans.Zoner.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.Zoner.result | string | |
| action_result.data.*.*.data.details.av_scans.Zoner.update_time | string | |
| action_result.data.*.*.data.details.av_scans.Zoner.version | string | |
| action_result.data.*.*.data.details.av_scans.eGambit.detected | boolean | |
| action_result.data.*.*.data.details.av_scans.eGambit.result | string | |
| action_result.data.*.*.data.details.av_scans.eGambit.update_time | string | |
| action_result.data.*.*.data.details.av_scans.eGambit.version | string | |
| action_result.data.*.*.data.details.md5 | string | md5 |
| action_result.data.*.*.data.details.sha1 | string | sha1 |
| action_result.data.*.*.data.details.sha256 | string | sha256 |
| action_result.data.*.*.data.match | boolean | |
| action_result.data.*.*.data.summary.av_engine_count | numeric | |
| action_result.data.*.*.data.summary.av_match_count | numeric | |
| action_result.data.*.*.data.summary.av_match_percent | numeric | |
| action_result.data.*.*.data.summary.first_seen | string | |
| action_result.data.*.*.data.summary.last_seen | string | |
| action_result.data.*.*.data.summary.status | string | |
| action_result.data.*.*.data.summary.threat_level | numeric | |
| action_result.data.*.*.data.summary.trust_factor | numeric | |
| action_result.data.*.*.params.source | string | |
| action_result.data.*.*.params.target | string | md5 |
| action_result.data.*.*.params.type | string | |
| action_result.data.*.*.status | string | |
| action_result.data.*.*.task_id | string | |
| action_result.data.*.*.time | numeric | |
| action_result.data.*.*.v | string | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Check for the presence of a url in a threat intelligence feed
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| url | required | URL to lookup | string | url |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.url | string | url |
| action_result.data.*.*.data.record_count | numeric | |
| action_result.data.*.*.data.threat.*.batch_id | string | |
| action_result.data.*.*.data.threat.*.class | string | |
| action_result.data.*.*.data.threat.*.confidence_score | numeric | |
| action_result.data.*.*.data.threat.*.confidence_score_rating | string | |
| action_result.data.*.*.data.threat.*.confidence_score_vector | string | |
| action_result.data.*.*.data.threat.*.detected | string | |
| action_result.data.*.*.data.threat.*.domain | string | domain |
| action_result.data.*.*.data.threat.*.expiration | string | |
| action_result.data.*.*.data.threat.*.extended.cyberint_guid | string | md5 |
| action_result.data.*.*.data.threat.*.extended.protocol | string | url |
| action_result.data.*.*.data.threat.*.extended.url_hash | string | md5 |
| action_result.data.*.*.data.threat.*.host | string | |
| action_result.data.*.*.data.threat.*.id | string | |
| action_result.data.*.*.data.threat.*.imported | string | |
| action_result.data.*.*.data.threat.*.ip | string | ip |
| action_result.data.*.*.data.threat.*.origin | string | |
| action_result.data.*.*.data.threat.*.profile | string | |
| action_result.data.*.*.data.threat.*.property | string | |
| action_result.data.*.*.data.threat.*.received | string | |
| action_result.data.*.*.data.threat.*.risk_score | numeric | |
| action_result.data.*.*.data.threat.*.risk_score_rating | string | |
| action_result.data.*.*.data.threat.*.risk_score_vector | string | |
| action_result.data.*.*.data.threat.*.target | string | |
| action_result.data.*.*.data.threat.*.threat_level | numeric | |
| action_result.data.*.*.data.threat.*.threat_score | numeric | |
| action_result.data.*.*.data.threat.*.threat_score_rating | string | |
| action_result.data.*.*.data.threat.*.threat_score_vector | string | |
| action_result.data.*.*.data.threat.*.tld | string | |
| action_result.data.*.*.data.threat.*.tlp | string | |
| action_result.data.*.*.data.threat.*.type | string | |
| action_result.data.*.*.data.threat.*.up | string | |
| action_result.data.*.*.data.threat.*.url | string | url |
| action_result.data.*.*.params.source | string | |
| action_result.data.*.*.params.target | string | url |
| action_result.data.*.*.params.type | string | |
| action_result.data.*.*.status | string | |
| action_result.data.*.*.task_id | string | |
| action_result.data.*.*.time | numeric | |
| action_result.data.*.*.v | string | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |