Skip to main content

LastInfoSec

This Integration is part of the LastInfoSec Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This integration allow to interact with the Gatewatcher LastInfoSec product via API. This integration was integrated and tested with version 2 of LastInfoSec

Configure LastInfoSec on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for LastInfoSec.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    LastInfoSec API tokenThe API Key to use for connectionTrue
    Check the TLS certificateFalse
    Http proxyFalse
    Https proxyFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

gw-lis-get-by-minute#


Retrieve the data from Gatewatcher CTI feed by minute. Max 1440 minutes.

Base Command#

gw-lis-get-by-minute

Input#

Argument NameDescriptionRequired
MinuteNumber of minutes to get.
Max 1440 minutes.
Required
CategoriesFilter IoC by categories. Possible values are: phishing, malware, trojan, exploit, ransom, ransomware, tool, keylogger.Optional
TypeFilter IoC by type. Possible values are: SHA1, SHA256, MD5, URL, Host.Optional
ModeFilter IoC by mode. Possible values are: detection, hunting.Optional
RiskFiltre IoC by risk. Possible values are: Informational, Malicious, Suspicious, High suspicious.Optional
TLPFiltre IoC by TLP. Possible values are: green, white.Optional

Context Output#

PathTypeDescription
LIS.GetByMinute.ValueStringValue
Command Example#

!gw-lis-get-by-minute Minute="5"

Context Example#

{
"Value": [
"8445e9539c776b7538e2a9a665f5a1506df9ec5bbd1bf3a8a88cc6e572afda64",
"19663abcbb5a271e0893a5f9a009a1dd.exe",
"19663abcbb5a271e0893a5f9a009a1dd",
"17159ee4eecfd627b3e9ce3ddabd09be32d7b79f"
]
}

Get IoC by value#

Value
8445e9539c776b7538e2a9a665f5a1506df9ec5bbd1bf3a8a88cc6e572afda64
19663abcbb5a271e0893a5f9a009a1dd.exe
19663abcbb5a271e0893a5f9a009a1dd
17159ee4eecfd627b3e9ce3ddabd09be32d7b79f

gw-lis-get-by-value#


Allows you to search for an IOC (url, hash, host) or a vulnerability in the Gatewatcher CTI database. If the data is known, only the IOC corresponding to the value will be returned.

Base Command#

gw-lis-get-by-value

Input#

Argument NameDescriptionRequired
ValueValue to be search.Optional

Context Output#

PathTypeDescription
LIS.GetByValue.CategoriesStringCategories
LIS.GetByValue.RiskStringRisk
LIS.GetByValue.TLPStringTLP
LIS.GetByValue.TypeStringType
LIS.GetByValue.UsageModeStringUsageMode
LIS.GetByValue.ValueStringValue
LIS.GetByValue.VulnerabilitiesStringVulnerabilities
Command Example#

!gw-lis-get-by-value Value="b71c7db7c4b20c354f63820df1f5cd94dbec97849afa690675d221964b8176b5"

Context Example#

{
"Categories": "malware",
"Risk": "Suspicious",
"TLP": "white",
"Type": "SHA256",
"UsageMode": "detection",
"Value": "b71c7db7c4b20c354f63820df1f5cd94dbec97849afa690675d221964b8176b5",
"Vulnerabilities": ""
}

Get IoC by value#

CategoriesRiskTLPTypeUsageModeValueVulnerabilities
malwareSuspiciouswhiteSHA256detectionb71c7db7c4b20c354f63820df1f5cd94dbec97849afa690675d221964b8176b5