USTA
This Integration is part of the USTA Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
USTA is an Cyber Intelligence Platform that responds directly and effectively to today's complex cyber threats.
Configure USTA in Cortex#
| Parameter | Description | Required |
|---|---|---|
| Server URL (e.g. https://usta.prodaft.com) | True | |
| API Key | You can reach out your access token : https://usta.prodaft.com/\#/api-documents | True |
| Trust any certificate (not secure) | False | |
| Use system proxy settings | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
usta-get-malicious-urls#
You can get malicious URLs with this command
Base Command#
usta-get-malicious-urls
Input#
| Argument Name | Description | Required |
|---|---|---|
| format | Format type of the returned result. Possible values are: json, stix, stix2, txt. Default is json. | Optional |
| url | Filtering by URL Address. | Optional |
| is_domain | You can search only those with or without domain name registration. Possible values are: true, false. Default is true. | Optional |
| url_type | Filtering by malicious type. | Optional |
| tag | Filtering by tags. Example: tag=Keitaro. | Optional |
| start | Starting date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
| end | End Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.MaliciousUrl.country | unknown | Country |
| Usta.MaliciousUrl.created | unknown | Created Date |
| Usta.MaliciousUrl.domain | unknown | Domain |
| Usta.MaliciousUrl.ip_addresses | unknown | IP Addresses |
| Usta.MaliciousUrl.is_domain | unknown | Is Domain |
| Usta.MaliciousUrl.modified | unknown | Modified Date |
| Usta.MaliciousUrl.tags | unknown | Tags |
| Usta.MaliciousUrl.threat_type | unknown | Threat Type |
| Usta.MaliciousUrl.url | unknown | URL |
Command Example#
Human Readable Output#
usta-get-phishing-sites#
You can get phishing sites with this command
Base Command#
usta-get-phishing-sites
Input#
| Argument Name | Description | Required |
|---|---|---|
| status | Filtering by status. Possible values are: open, close, in_progress, out_of_scope, passive. | Optional |
| source | Filtering by source(URL). | Optional |
| page | Paginiation. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.PhishingSites.current_page | unknown | Current page |
| Usta.PhishingSites.last_page | unknown | Last page |
| Usta.PhishingSites.next_page_url | unknown | Next page URL |
| Usta.PhishingSites.per_page | unknown | Content count per page |
| Usta.PhishingSites.prev_page_url | unknown | Prev page URL |
| Usta.PhishingSites.results | unknown | Results |
| Usta.PhishingSites.total | unknown | Content count |
| Usta.PhishingSites.total_pages | unknown | Total Page |
Command Example#
Human Readable Output#
usta-get-stolen-client-accounts#
You can access stolen customer accounts via Stolen-Client-accounts API.
Base Command#
usta-get-stolen-client-accounts
Input#
| Argument Name | Description | Required |
|---|---|---|
| username | Filtering by username. | Optional |
| password | Filtering by password. | Optional |
| source | It allows to filter the stolen customer accounts detected according to the source.Available values : malware, phishing_site, data_leak, clients. Possible values are: malware, phishing_site, data_leak, clients. | Optional |
| start | Starting Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
| end | End Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.StolenClientAccounts.created | unknown | Created date |
| Usta.StolenClientAccounts.password | unknown | Password |
| Usta.StolenClientAccounts.source | unknown | Source |
| Usta.StolenClientAccounts.url | unknown | URL |
| Usta.StolenClientAccounts.username | unknown | Username |
Command Example#
Human Readable Output#
usta-get-ip-address#
If you want to get more detailed information about specific IP Address, you can use this command.
Base Command#
usta-get-ip-address
Input#
| Argument Name | Description | Required |
|---|---|---|
| ip_address | Search with IP Address. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.IPAddress.asn_records | unknown | ASN records |
| Usta.IPAddress.country | unknown | Country |
| Usta.IPAddress.ip_address | unknown | IP address |
| Usta.IPAddress.ssl_records | unknown | SSL records |
| Usta.IPAddress.whois_records | unknown | Whois records |
Command Example#
Human Readable Output#
usta-search-specific-identity-leaks#
With this command, you can search specific identity number that hashed in leaks
Base Command#
usta-search-specific-identity-leaks
Input#
| Argument Name | Description | Required |
|---|---|---|
| identity_number | Search with this identity number. You can search all identity number with "," . | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.SpecificLeaks.existing | unknown | If the identity is leaked, you can see it in existing. |
| Usta.SpecificLeaks.not_existing | unknown | If the identity is not leaked, you can see it in not_existing |