Welcome to the new Splunkbase! To return to the old Splunkbase, click here.

ThreatStream

Integrates a variety of generic, reputation, and investigative actions from the Anomali ThreatStream threat intelligence platform

Built by Splunk Inc.

Latest Version 3.0.3

September 17, 2021

Compatibility

Not Available

Platform Version: 5.5, 5.4, 5.3, 5.2, 5.1, 5.0, 4.10, 4.9

Rating

0

(0)

Support

Splunk Supported connector

Ranking

#1

in Threat Intel

Integrates a variety of generic, reputation, and investigative actions from the Anomali ThreatStream threat intelligence platform

Supported Actions

test connectivity: Test connectivity to ThreatStream by querying the intelligence endpoint
file reputation: Get information about a file
domain reputation: Get information about a given domain
ip reputation: Get information about a given IP
email reputation: Get information about a given email
url reputation: Get information about a URL
whois ip: Execute a whois lookup on the given IP
whois domain: Execute a whois lookup on the given domain
get observable: Get observable present in ThreatStream by ID number
list observables: List observables present in ThreatStream
get vulnerability: Get vulnerability present in ThreatStream by ID number
list vulnerabilities: List vulnerabilities present in ThreatStream
list incidents: List incidents present in ThreatStream
delete incident: Delete incident in ThreatStream by ID number
get incident: Get incident in ThreatStream by ID number
create incident: Create an incident in ThreatStream
update incident: Update an incident in ThreatStream by ID number
import domain observable: Import domain observable into ThreatStream
import url observable: Import URL observable into ThreatStream
import ip observable: Import IP observable into ThreatStream
import file observable: Import file observable into ThreatStream
import email observable: Import email observable into ThreatStream
import observables: Import observables into ThreatStream
tag observable: Add a tag to the observable
get pcap: Download pcap file of a sample submitted to the sandbox and add it to vault
detonate file: Detonate file in ThreatStream
detonate url: Detonate URL in ThreatStream
get status: Retrieve detonation status present in Threatstream
get report: Retrieve detonation report present in Threatstream
on poll: Callback action for the on_poll ingest functionality
run query: Run observables query in ThreatStream
list import sessions: List all the import sessions
update import session: This action updates the fields of the provided item id
list threat models: List all the threat models
create threat bulletin: Create a threat bulletin in ThreatStream
update threat bulletin: Update a threat bulletin in ThreatStream
list threat bulletins: List threat bulletins present in ThreatStream
list associations: List associations of an entity present in ThreatStream
create rule: Creates a new rule in Threatstream
update rule: Update a rule in ThreatStream by ID number
list rules: List rules present in ThreatStream
delete rule: Delete rule in ThreatStream by ID number
add association: Create associations between threat model entities on the ThreatStream platform
remove association: Remove associations between threat model entities on the ThreatStream platform
list actors: List actors present in ThreatStream
list imports: List imports present in ThreatStream
create vulnerability: Create a vulnerability in ThreatStream
update vulnerability: Update the vulnerability in ThreatStream
create actor: Create an actor in ThreatStream
update actor: Update an actor in ThreatStream
delete threat bulletin: Delete threat bulletin in ThreatStream by ID
delete vulnerability: Delete vulnerability in ThreatStream by ID
delete actor: Delete actor in ThreatStream by ID number