Augur Security
Augur Security Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
Leverage Augur's preemptive threat intelligence for actionable data against persistent threat actors. Augur Security return a list which could include IP addresses, domains, URLs, and hash indicators which are updated daily.
#
Configure Augur Security on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Augur Security.
Click Add instance to create and configure a new integration instance.
Parameter Description Required API Key The Augur access token is required to interact with Augur's API. Please obtain the access token by contacting support@augursecurity.com True Indicator Reputation Indicators from this integration instance will be marked with this reputation False Source Reliability Reliability of the source providing the intelligence data True Traffic Light Protocol Color The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed False Incremental Feed Incremental feeds pull only new or modified indicators that have been sent from the integration. As the determination if the indicator is new or modified happens on the 3rd-party vendor's side, and only indicators that are new or modified are sent to Cortex XSOAR, all indicators coming from these feeds are labeled new or modified. False Feed Fetch Interval The frequency of fetching the feed. Default is daily. False Bypass exclusion list When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. False Trust any certificate (not secure) Should the api request trust a any SSL cert. False Use system proxy settings Should the api request use the system's proxy settings. False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
augur-get-indicatorsGet daily indicators from Augur.
#
Base Commandaugur-get-daily-indicators
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of indicators to return. Default is 100k. Default is 100000. | Optional |
offset | The index of the first indicator to fetch. Default is 0. | Optional |
#
Context OutputThe indicators will be insert into the XSOAR's indicator table.
#
augur-get-file-hash-contextGet threat context of a file hash from the Augur API.
#
Base Commandaugur-get-file-hash-context
#
InputArgument Name | Description | Required |
---|---|---|
hash | The hash string to send. Available hash type are md5, sha1 and sha256 | Required |
#
Context OutputThe return will be a json data structure containing threat context like categories, identifiers, reporting feeds.
#
augur-get-host-contextGet threat context of a host name from the Augur API.
#
Base Commandaugur-get-host-context
#
InputArgument Name | Description | Required |
---|---|---|
host | The host string to send. | Required |
#
Context OutputThe return will be a json data structure containing threat context like categories, identifiers, reporting feeds.
#
augur-get-ip-contextGet threat context of a ipv4 address from the Augur API.
#
Base Commandaugur-get-ip-context
#
InputArgument Name | Description | Required |
---|---|---|
ip | The ipv4 address to send. | Required |
#
Context OutputThe return will be a json data structure containing threat context like categories, identifiers, reporting feeds.