Blueliv ThreatCompass
Blueliv ThreatCompass Pack.#
This Integration is part of theBlueliv ThreatCompass systematically looks for information about companies,products, people, brands, logos, assets, technology and other information, depending on your needs. Blueliv ThreatCompass allows you to monitor and track all this information to keep your data, your organization and its employees safe
#
Configure Blueliv ThreatCompass in CortexParameter | Description | Required |
---|---|---|
url | Server URL (e.g. https://demisto.blueliv.com/api/v2 ) | False |
credentials | Username | False |
organization | Organization ID | True |
type | Module Type | True |
module | Module ID | True |
unsecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
isFetch | Fetch incidents | False |
incidentType | Incident type | False |
fetch_limit | Fetch Limit (Max.- 200, Recommended less than 50) | False |
fetch_status | Fetch resource status (POSITIVE, NEGATIVE...) | False |
first_fetch_time | First fetch time | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
blueliv-resource-allRecovers all resources from the module.
#
Base Commandblueliv-resource-all
#
InputArgument Name | Description | Required |
---|---|---|
startDate | Minimum date to recover resources. Formats: yyyy-mm-dd or yyyy-mm-ddThh:mm:ss | Optional |
finalDate | Maximum date to recover resources. Formats: yyyy-mm-dd or yyyy-mm-ddThh:mm:ss | Optional |
page | Results page to get. For each page, there are {limit} resources. | Optional |
limit | Maximum number of resources to recover | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
BluelivThreatCompass | Unknown | List object of recovered resources |
#
Command Example!blueliv-resource-all limit=10
#
Context Example#
Human Readable Output#
Blueliv DataLeakage info
analysis_calc_result analysis_result analysis_user_result changed_at checked_at content_type countries_id created_at domain_type fav file followedUp history id issued labels language_id read retweet_info searchPhrase search_words title tlpStatus total_retweets url user_rating POSITIVE POSITIVE POSITIVE 1589634898000 1589634898000 text/html;charset=utf-8 US 1589634898000 SOCIAL_NETWORK USER_STARRED 2020/5/16/10712044.html false 10712044 false {'id': 1306, 'name': 'Confidential', 'type': 'MODULE_LABEL'},
{'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'},
{'id': 205, 'name': 'TopScribdDocsSearch', 'type': 'MODULE_LABEL'}en false falabella.com.pe falabella.com.pe TOTUS SEDE SJM FINAL.doc | Internet Protocols | Transmission Control Protocol AMBER 0 https://www.scribd.com/document/461608373 3 POSITIVE POSITIVE 1589634865000 1589634865000 text/html;charset=utf-8 US 1589634865000 SOCIAL_NETWORK NOT_STARRED 2020/5/16/10712019.html false 10712019 false {'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'},
{'id': 205, 'name': 'TopScribdDocsSearch', 'type': 'MODULE_LABEL'}en false falabella.com falabella.com CASO FALABELLA | America latina | Marketing AMBER 0 https://www.scribd.com/document/461631347 0 POSITIVE POSITIVE 1589634865000 1589634865000 text/html;charset=utf-8 US 1589634865000 SOCIAL_NETWORK NOT_STARRED 2020/5/16/10712020.html false 10712020 false {'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'},
{'id': 205, 'name': 'TopScribdDocsSearch', 'type': 'MODULE_LABEL'}en false falabella.com falabella.com tipos de Ventas ejemplos.docx AMBER 0 https://www.scribd.com/document/461606657 0 INFORMATIVE INFORMATIVE 1589633157000 1589633157000 text/html GB 1589633157000 UNKNOWN NOT_STARRED false 10711255 false {'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'},
{'id': 1864, 'name': 'VDocumentsSite', 'type': 'MODULE_LABEL'}pt false linio linio Tأ‰RMINOS Y CONDICIONES - LINIO MARKETPLACE PREMIUM amp;Cs/20190501_Tآ asociados (ejemplo: seguro, AMBER 0 https://vdocuments.site/trminos-y-condiciones-linio-marketplace-premium-ampcs20190501t-asociados.html 0 INFORMATIVE INFORMATIVE 1589633149000 1589633149000 text/html IN 1589633149000 UNKNOWN NOT_STARRED false 10711254 false {'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'},
{'id': 1863, 'name': 'VDocumentsMX', 'type': 'MODULE_LABEL'}pt false linio linio Tأ‰RMINOS Y CONDICIONES - LINIO MARKETPLACE PREMIUM amp;Cs/20190501_Tآ asociados (ejemplo: seguro, AMBER 0 https://vdocuments.mx/trminos-y-condiciones-linio-marketplace-premium-ampcs20190501t-asociados.html 0 INFORMATIVE INFORMATIVE 1589633137000 1589633137000 text/html DE 1589633137000 UNKNOWN NOT_STARRED false 10711253 false {'id': 1862, 'name': 'FDocumentsWorld', 'type': 'MODULE_LABEL'},
{'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'}pt false linio linio Tأ‰RMINOS Y CONDICIONES - LINIO MARKETPLACE PREMIUM amp;Cs/20190501_Tآ asociados (ejemplo: seguro, AMBER 0 https://fdocuments.net/document/trminos-y-condiciones-linio-marketplace-premium-ampcs20190501t-asociados.html 0 POSITIVE POSITIVE 1589633026000 1589633026000 text/html DE 1589633026000 UNKNOWN NOT_STARRED false 10711233 false {'id': 1861, 'name': 'FDocumentsSpain', 'type': 'MODULE_LABEL'},
{'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'}es false sodimac sodimac Sodimac Chile 18.151 trabajadores 617.398 horas destinadas a capacitaciأ³n en 2017. ... productividad AMBER 0 https://fdocuments.es/document/sodimac-chile-18151-trabajadores-617398-horas-destinadas-a-capacitacin-en-2017.html 0 INFORMATIVE INFORMATIVE 1589633026000 1589633026000 text/html DE 1589633026000 UNKNOWN NOT_STARRED false 10711234 false {'id': 1861, 'name': 'FDocumentsSpain', 'type': 'MODULE_LABEL'},
{'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'}es false sodimac sodimac Emisiأ³n de Bonos Ordinarios Fuente: Organizaciأ³n Corona y Sodimac Corporativo, 1Capital IQ Agosto AMBER 0 https://fdocuments.es/document/emisin-de-bonos-ordinarios-fuente-organizacin-corona-y-sodimac-corporativo.html 0 POSITIVE POSITIVE 1589633026000 1589633026000 text/html DE 1589633026000 UNKNOWN NOT_STARRED false 10711235 false {'id': 1861, 'name': 'FDocumentsSpain', 'type': 'MODULE_LABEL'},
{'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'}es false sodimac sodimac SODIMAC COLOMBIA S.A. - ?· empresas emisoras de valores, lo que nos conlleva a presentar a consideración… AMBER 0 https://fdocuments.es/document/sodimac-colombia-sa-empresas-emisoras-de-valores-lo-que-nos-conlleva-a.html 0 INFORMATIVE INFORMATIVE 1589633026000 1589633026000 text/html DE 1589633026000 UNKNOWN NOT_STARRED false 10711236 false {'id': 1861, 'name': 'FDocumentsSpain', 'type': 'MODULE_LABEL'},
{'id': 1305, 'name': 'Public', 'type': 'MODULE_LABEL'}es false sodimac sodimac Programa SCM Update ?· en Sodimac. Mauricio Muñoz Jefe de logística en Clínica Alemana. Lía Vera… AMBER 0 https://fdocuments.es/document/programa-scm-update-en-sodimac-mauricio-munoz-jefe-de-logistica-en-clinica.html 0
#
blueliv-resource-searchSearch for a specific resource.
#
Base Commandblueliv-resource-search
#
InputArgument Name | Description | Required |
---|---|---|
search | Keywords to search in resources text | Optional |
status | Comma-separated list of any combination of status: NOT_AVAILABLE, NOT_IMPORTANT, NOT_PROCESSABLE, POSITIVE, NEGATIVE, INFORMATIVE, IMPORTANT | Optional |
startDate | Minimum date to recover resources. Formats: yyyy-mm-dd or yyyy-mm-ddThh:mm:ss | Optional |
finalDate | Maximum date to recover resources. Formats: yyyy-mm-dd or yyyy-mm-ddThh:mm:ss | Optional |
read | What results read status to get. | Optional |
limit | Maximum number of resources to recover | Optional |
page | Results page to get. For each page, there are {limit} resources. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
BluelivThreatCompass | Unknown | List object of recovered resources |
#
Command Example
#
Human Readable Output#
blueliv-resource-search-by-idRecovers all the information of a given resource
#
Base Commandblueliv-resource-search-by-id
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID | Required |
#
Context OutputPath | Type | Description |
---|---|---|
BluelivThreatCompass | Unknown | Object with the information of the recovered resource |
#
Command Example!blueliv-resource-search-by-id id=10712044
#
Context Example#
Human Readable Output#
Blueliv DataLeakageinfo
analysis_calc_result analysis_result analysis_user_result changed_at checked_at content_type countries_id created_at domain_type fav file followedUp history id issued labels language_id read retweet_info searchPhrase search_words title tlpStatus total_retweets transform url user_rating POSITIVE POSITIVE POSITIVE 1589634898000 1589634898000 text/html;charset=utf-8 US 1589634898000 SOCIAL_NETWORK USER_STARRED 2020/5/16/10712044.html false 10712044 false {'id': 1306, 'name': 'Confidential', 'type': 'GLOBAL'},
{'id': 1305, 'name': 'Public', 'type': 'GLOBAL'},
{'id': 205, 'name': 'TopScribdDocsSearch', 'type': 'GLOBAL'}en false falabella.com.pe falabella.com.pe TOTUS SEDE SJM FINAL.doc | Internet Protocols | Transmission Control Protocol AMBER 0 TopScribdDocsSearch https://www.scribd.com/document/461608373 3
#
blueliv-resource-set-statusChanges a resource status.
#
Base Commandblueliv-resource-set-status
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID | Required |
status | New status to assign to the resource | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!blueliv-resource-set-status id=10712044 status=positive
#
Context Example#
Human Readable OutputStatus changed to positive
#
blueliv-resource-set-labelAdds a label to the given resource
#
Base Commandblueliv-resource-set-label
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID | Required |
labelId | Label ID | Required |
#
Context OutputThere is no context output for this command.
#
Command Example
#
Human Readable Output#
blueliv-resource-set-read-statusMark the result as read or not.
#
Base Commandblueliv-resource-set-read-status
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID | Required |
read | The read status to set. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!blueliv-resource-set-read-status id=10712044 read=false
#
Context Example#
Human Readable OutputRead status changed to false.
#
blueliv-resource-assign-ratingAssign tating to a given result.
#
Base Commandblueliv-resource-assign-rating
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID | Required |
rating | Rating to assign to the result. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!blueliv-resource-assign-rating id=10712044 rating=3
#
Context Example#
Human Readable OutputRating changed to 3.
#
blueliv-resource-favChanges the favourite status of a resource.
#
Base Commandblueliv-resource-fav
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID | Required |
fav | The new fav status of the resource. Can be applied to the user, group or general. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!blueliv-resource-fav id=10712044 fav=User
#
Context Example#
Human Readable OutputResource fav masked as User correctly.
#
blueliv-resource-set-tlpSets a new TLP status to a given resource.
#
Base Commandblueliv-resource-set-tlp
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID | Required |
tlp | The new TLP to assign. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example
#
Human Readable Output#
blueliv-resource-favouriteChanges the favorite status of a resource.
#
Base Commandblueliv-resource-favourite
#
InputArgument Name | Description | Required |
---|---|---|
id | Resource ID. | Required |
favourite | The new favorite status of the resource. Can be "Not", "User", "Group", or "All". Possible values are: Not, User, Group, All. Default is group. | Optional |
#
Context OutputThere is no context output for this command.
#
blueliv-module-get-labelsGets the label list of the module.
#
Base Commandblueliv-module-get-labels
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
BluelivThreatCompass.Label.BackgroundColor | String | Hexadecimal color of the label background in the GUI. |
BluelivThreatCompass.Label.Id | String | Label ID. |
BluelivThreatCompass.Label.Name | String | Label name. |
BluelivThreatCompass.Label.Protected | Boolean | Whether the label is protected. |
BluelivThreatCompass.Label.TypeId | Number | Label type ID. |
BluelivThreatCompass.Label.TypeName | String | Label type name |
BluelivThreatCompass.Label.Prioritized | Boolean | Whether the label is prioritized. |
BluelivThreatCompass.Label.TextColor | String | Hexadecimal color of the label text in the GUI. |