Skip to main content

Accenture CTI (Deprecated)

This Integration is part of the Accenture CTI (Deprecated) Pack.#

Deprecated

Use Accenture CTI v2 instead.

Accenture CTI provides intelligence regarding security threats and vulnerabilities. This integration was integrated and tested with version v2.58.0 of ACTI

Configure Accenture CTI in Cortex#

ParameterDescriptionRequired
urlURLTrue
api_tokenAPI TokenTrue
Source ReliabilityReliability of the source providing the intelligence data.B - Usually reliable
insecureTrust any certificate (not secure)False
use_proxyUse system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ip#


Checks the reputation of the given IP address.

Base Command#

ip

Input#

Argument NameDescriptionRequired
ipIP address to check.Optional

Context Output#

PathTypeDescription
IP.AddressStringThe IP address that was checked.
IP.Malicious.VendorStringFor malicious IP addresses, the vendor that made the decision.
IP.Malicious.DescriptionStringFor malicious IP addresses, the reason the vendor made that decision.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor that was used to calculate the score.
DBotScore.ScoreStringThe actual score.

Command Example#

!ip ip=0.0.0.0

Context Example#

{
"DBotScore": {
"Indicator": "0.0.0.0",
"Reliability": "B - Usually reliable",
"Score": 2,
"Type": "ip",
"Vendor": "iDefense_v2"
},
"IP": {
"Address": "0.0.0.0"
}
}

Human Readable Output#

Results#

ConfidenceDbotReputationLastPublishedNameThreatTypesTypeOfUse
022018-04-25 14:20:300.0.0.0Cyber EspionageMALWARE_DOWNLOAD,
MALWARE_C2

domain#


Checks the reputation of the given domain.

Base Command#

domain

Input#

Argument NameDescriptionRequired
domainThe domain to check.Optional

Context Output#

PathTypeDescription
Domain.NameStringThe name of the domain that was checked.
Domain.Malicious.VendorStringFor malicious domains, the vendor that made the decision.
Domain.Malicious.DescriptionStringFor malicious domains, the reason the vendor made that decision.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!domain domain=example.org

Context Example#

{
"DBotScore": {
"Indicator": "example.org",
"Reliability": "B - Usually reliable",
"Score": 2,
"Type": "domain",
"Vendor": "iDefense_v2"
},
"Domain": {
"Name": "example.org"
}
}

Human Readable Output#

Results#

ConfidenceDbotReputationLastPublishedNameThreatTypesTypeOfUse
5022019-09-18 15:56:49example.orgCyber CrimeMALWARE_C2

url#


Checks the reputation of the given URL.

Base Command#

url

Input#

Argument NameDescriptionRequired
urlThe URL to check (must start with "http://").Optional

Context Output#

PathTypeDescription
URL.DataStringThe URL that was checked.
URL.Malicious.VendorStringFor malicious URLs, the vendor that made the decision.
URL.Malicious.DescriptionStringFor malicious URLs, the reason the vendor made that decision.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!url url=http://example.com

Context Example#

{
"DBotScore": {
"Indicator": "http://example.com",
"Reliability": "B - Usually reliable",
"Score": 2,
"Type": "url",
"Vendor": "iDefense_v2"
},
"URL": {
"Data": "http://example.com"
}
}

Human Readable Output#

Results#

ConfidenceDbotReputationLastPublishedNameThreatTypesTypeOfUse
5022020-09-16 20:29:35http://example.comCyber CrimeMALWARE_C2

idefense-get-ioc-by-uuid#


Get specific indicator reputation

Base Command#

idefense-get-ioc-by-uuid

Input#

Argument NameDescriptionRequired
uuidUnique User ID.Required

Context Output#

PathTypeDescription
IP.AddressStringThe IP address.
IP.Malicious.VendorStringFor malicious IP addresses, the vendor that made the decision.
IP.Malicious.DescriptionStringFor malicious IP addresses, the reason the vendor made that decision.
Domain.NameStringThe domain name.
Domain.Malicious.VendorStringFor malicious domains, the vendor that made the decision.
Domain.Malicious.DescriptionStringFor malicious domains, the reason the vendor made that decision.
URL.DataStringThe URL.
URL.Malicious.VendorStringFor malicious URLs, the vendor that made the decision.
URL.Malicious.DescriptionStringFor malicious URLs, the reason the vendor made that decision.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!idefense-get-ioc-by-uuid uuid=xxxx

Context Example#

{
"DBotScore": {
"Indicator": "example.org",
"Reliability": "B - Usually reliable",
"Score": 2,
"Type": "domain",
"Vendor": "iDefense_v2"
},
"Domain": {
"Name": "example.org"
}
}

Human Readable Output#

Results#

ConfidenceDbotReputationLastPublishedNameThreatTypesTypeOfUse
022017-01-11 20:56:22example.orgCyber EspionageMALWARE_C2