Skip to main content

HYAS Protect

This Integration is part of the HYAS Protect Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

HYAS Protect#

HYAS Protect is a generational leap forward utilizing authoritative knowledge of attacker infrastructure including unrivaled domain-based intelligence to proactively protect enterprises from cyberattacks. HYAS Protect is deployed as a cloud-based DNS security solution or through API integration with existing solutions. HYAS Protect combines infrastructure expertise and multi-variant communication pattern analysis to deliver reputational verdicts for any domain and infrastructure, allowing enterprises to preempt attacks while proactively assessing risk in real-time. HYAS Protect can enforce security, block command and control (C2) communication used by malware, ransomware, and botnets, block phishing attacks, and deliver a high-fidelity threat signal that enhances an enterprise’s existing security and IT governance stack.

Use the HYAS Protect integration to get the verdict information for FQDN, IP Address and NameServer. This integration was integrated and tested with version 1.0.0 of HYAS Protect.

Configure HYAS Protect in Cortex#

ParameterDescriptionRequired
HYAS Protect Api KeyHYAS Protect API Key.True
Trust any certificate (not secure)Trust any certificate (not secure).False
Use system proxy settingsUse system proxy settings.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

hyas-get-domain-verdict#


Returns verdict information for the provided Domain.

Base Command#

hyas-get-domain-verdict

Input#

Argument NameDescriptionRequired
domainDomain value to query.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the indicator score.
HYAS.DomainVerdict.verdictStringVerdict for the provided Domain.
HYAS.DomainVerdict.reasonsUnknownVerdict Reasons the provided Domain.

Command Example#

!hyas-get-domain-verdict domain="google.com"

Context Example#

{
"DBotScore": {
"Indicator": "google.com",
"Score": 1,
"Type": "domain",
"Vendor": "HYAS Protect"
},
"Domain": {
"Name": "google.com"
},
"HYAS": {
"DomainVerdict": [
{
"reasons": [
"This domain is trusted",
"This registrar is trusted"
],
"verdict": "ALLOW"
}
]
}
}

Human Readable Output#

HYAS Domain verdict for google.com#

VerdictReasons
ALLOWThis domain is trusted,
This registrar is trusted

hyas-get-ip-verdict#


Returns verdict information for the provided IP Address.

Base Command#

hyas-get-ip-verdict

Input#

Argument NameDescriptionRequired
ipIP value to query.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the indicator score.
HYAS.IPVerdict.verdictStringVerdict for the provided IP Address.
HYAS.IPVerdict.reasonsUnknownVerdict Reasons for the provided IP Address.

Command Example#

!hyas-get-ip-verdict ip="8.8.8.8"

Context Example#

{
"DBotScore": {
"Indicator": "8.8.8.8",
"Score": 1,
"Type": "ip",
"Vendor": "HYAS Protect"
},
"HYAS": {
"IPVerdict": [
{
"reasons": [],
"verdict": "ALLOW"
}
]
},
"IP": {
"Address": "8.8.8.8"
}
}

Human Readable Output#

HYAS IP verdict for 8.8.8.8#

Verdict
ALLOW

hyas-get-fqdn-verdict#


Returns verdict information for the provided FQDN.

Base Command#

hyas-get-fqdn-verdict

Input#

Argument NameDescriptionRequired
fqdnFQDN value to query.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the indicator score.
HYAS.FQDNVerdict.verdictStringVerdict for for the provided FQDN.
HYAS.FQDNVerdict.reasonsUnknownVerdict Reasons for the provided FQDN.

Command Example#

!hyas-get-fqdn-verdict fqdn="www.google.com"

Context Example#

{
"DBotScore": {
"Indicator": "www.google.com",
"Score": 1,
"Type": "domain",
"Vendor": "HYAS Protect"
},
"Domain": {
"Name": "www.google.com"
},
"HYAS": {
"FQDNVerdict": [
{
"reasons": [
"This domain is trusted",
"This registrar is trusted"
],
"verdict": "ALLOW"
}
]
}
}

Human Readable Output#

HYAS FQDN verdict for www.google.com#

VerdictReasons
ALLOWThis domain is trusted,
This registrar is trusted

hyas-get-nameserver-verdict#


Returns verdict information for the provided Nameserver.

Base Command#

hyas-get-nameserver-verdict

Input#

Argument NameDescriptionRequired
nameserverNameserver value to query.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the indicator score.
HYAS.NameserverVerdict.verdictStringVerdict for the provided Nameserver.
HYAS.NameserverVerdict.reasonsUnknownVerdict Reasons for the provided Nameserver.

Command Example#

!hyas-get-nameserver-verdict nameserver="ns1.example.com"

Context Example#

{
"HYAS": {
"NameserverVerdict": [
{
"reasons": [],
"verdict": "ALLOW"
}
]
}
}

Human Readable Output#

HYAS Nameserver verdict for ns1.example.com#

Verdict
ALLOW