Accenture CTI (Deprecated)
#
This Integration is part of the Accenture CTI (Deprecated) Pack.Deprecated
Use Accenture CTI v2 instead.
Accenture CTI provides intelligence regarding security threats and vulnerabilities. This integration was integrated and tested with version v2.58.0 of ACTI
#
Configure Accenture CTI in CortexParameter | Description | Required |
---|---|---|
url | URL | True |
api_token | API Token | True |
Source Reliability | Reliability of the source providing the intelligence data. | B - Usually reliable |
insecure | Trust any certificate (not secure) | False |
use_proxy | Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
ipChecks the reputation of the given IP address.
#
Base Commandip
#
InputArgument Name | Description | Required |
---|---|---|
ip | IP address to check. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
IP.Address | String | The IP address that was checked. |
IP.Malicious.Vendor | String | For malicious IP addresses, the vendor that made the decision. |
IP.Malicious.Description | String | For malicious IP addresses, the reason the vendor made that decision. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
DBotScore.Type | String | The indicator type. |
DBotScore.Vendor | String | The vendor that was used to calculate the score. |
DBotScore.Score | String | The actual score. |
#
Command Example!ip ip=0.0.0.0
#
Context Example#
Human Readable Output#
Results
Confidence DbotReputation LastPublished Name ThreatTypes TypeOfUse 0 2 2018-04-25 14:20:30 0.0.0.0 Cyber Espionage MALWARE_DOWNLOAD,
MALWARE_C2
#
domainChecks the reputation of the given domain.
#
Base Commanddomain
#
InputArgument Name | Description | Required |
---|---|---|
domain | The domain to check. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Domain.Name | String | The name of the domain that was checked. |
Domain.Malicious.Vendor | String | For malicious domains, the vendor that made the decision. |
Domain.Malicious.Description | String | For malicious domains, the reason the vendor made that decision. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
DBotScore.Type | String | The indicator type. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
DBotScore.Score | Number | The actual score. |
#
Command Example!domain domain=example.org
#
Context Example#
Human Readable Output#
Results
Confidence DbotReputation LastPublished Name ThreatTypes TypeOfUse 50 2 2019-09-18 15:56:49 example.org Cyber Crime MALWARE_C2
#
urlChecks the reputation of the given URL.
#
Base Commandurl
#
InputArgument Name | Description | Required |
---|---|---|
url | The URL to check (must start with "http://"). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
URL.Data | String | The URL that was checked. |
URL.Malicious.Vendor | String | For malicious URLs, the vendor that made the decision. |
URL.Malicious.Description | String | For malicious URLs, the reason the vendor made that decision. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
DBotScore.Type | String | The indicator type. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
DBotScore.Score | Number | The actual score. |
#
Command Example!url url=http://example.com
#
Context Example#
Human Readable Output#
Results
Confidence DbotReputation LastPublished Name ThreatTypes TypeOfUse 50 2 2020-09-16 20:29:35 http://example.com Cyber Crime MALWARE_C2
#
idefense-get-ioc-by-uuidGet specific indicator reputation
#
Base Commandidefense-get-ioc-by-uuid
#
InputArgument Name | Description | Required |
---|---|---|
uuid | Unique User ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
IP.Address | String | The IP address. |
IP.Malicious.Vendor | String | For malicious IP addresses, the vendor that made the decision. |
IP.Malicious.Description | String | For malicious IP addresses, the reason the vendor made that decision. |
Domain.Name | String | The domain name. |
Domain.Malicious.Vendor | String | For malicious domains, the vendor that made the decision. |
Domain.Malicious.Description | String | For malicious domains, the reason the vendor made that decision. |
URL.Data | String | The URL. |
URL.Malicious.Vendor | String | For malicious URLs, the vendor that made the decision. |
URL.Malicious.Description | String | For malicious URLs, the reason the vendor made that decision. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
DBotScore.Type | String | The indicator type. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
DBotScore.Score | Number | The actual score. |
#
Command Example!idefense-get-ioc-by-uuid uuid=xxxx
#
Context Example#
Human Readable Output#
Results
Confidence DbotReputation LastPublished Name ThreatTypes TypeOfUse 0 2 2017-01-11 20:56:22 example.org Cyber Espionage MALWARE_C2