Skip to main content

USTA

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

USTA is an Cyber Intelligence Platform that responds directly and effectively to today's complex cyber threats.

Configure USTA on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for USTA.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URL (e.g. https://usta.prodaft.com)True
    API KeyYou can reach out your access token : https://usta.prodaft.com/\#/api-documentsTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

usta-get-malicious-urls#


You can get malicious URLs with this command

Base Command#

usta-get-malicious-urls

Input#

Argument NameDescriptionRequired
formatFormat type of the returned result. Possible values are: json, stix, stix2, txt. Default is json.Optional
urlFiltering by URL Address.Optional
is_domainYou can search only those with or without domain name registration. Possible values are: true, false. Default is true.Optional
url_typeFiltering by malicious type.Optional
tagFiltering by tags. Example: tag=Keitaro.Optional
startStarting date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional
endEnd Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional

Context Output#

PathTypeDescription
Usta.MaliciousUrl.countryunknownCountry
Usta.MaliciousUrl.createdunknownCreated Date
Usta.MaliciousUrl.domainunknownDomain
Usta.MaliciousUrl.ip_addressesunknownIP Addresses
Usta.MaliciousUrl.is_domainunknownIs Domain
Usta.MaliciousUrl.modifiedunknownModified Date
Usta.MaliciousUrl.tagsunknownTags
Usta.MaliciousUrl.threat_typeunknownThreat Type
Usta.MaliciousUrl.urlunknownURL

Command Example#

Human Readable Output#

usta-get-malware-hashs#


You can get malware hashs with this command

Base Command#

usta-get-malware-hashs

Input#

Argument NameDescriptionRequired
formatFormat type of the returned result. Possible values are: json, stix, stix2. Default is json.Optional
md5Filtering by md5.Optional
sha1Filtering by sha1.Optional
tagFiltering by tags. Example: tag=Keitaro.Optional
startStarting Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional
endEnd Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional

Context Output#

PathTypeDescription
Usta.MalwareHash.createdunknownCreated Date
Usta.MalwareHash.md5unknownMD5
Usta.MalwareHash.sha1unknownSHA1
Usta.MalwareHash.tagsunknownTags
Usta.MalwareHash.yara_ruleunknownYara Rule

Command Example#

Human Readable Output#

usta-get-phishing-sites#


You can get phishing sites with this command

Base Command#

usta-get-phishing-sites

Input#

Argument NameDescriptionRequired
statusFiltering by status. Possible values are: open, close, in_progress, out_of_scope, passive.Optional
sourceFiltering by source(URL).Optional
pagePaginiation.Optional

Context Output#

PathTypeDescription
Usta.PhishingSites.current_pageunknownCurrent page
Usta.PhishingSites.last_pageunknownLast page
Usta.PhishingSites.next_page_urlunknownNext page URL
Usta.PhishingSites.per_pageunknownContent count per page
Usta.PhishingSites.prev_page_urlunknownPrev page URL
Usta.PhishingSites.resultsunknownResults
Usta.PhishingSites.totalunknownContent count
Usta.PhishingSites.total_pagesunknownTotal Page

Command Example#

Human Readable Output#

usta-get-identity-leaks#


With the Identity Leak API, you can access the hashed version of the credentials added to the platform.SHA256(MD5(Identity_Number))

Base Command#

usta-get-identity-leaks

Input#

Argument NameDescriptionRequired
startStaring Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional
endEnd Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional

Context Output#

PathTypeDescription
Usta.IdentityLeaks.createdunknownCreated date
Usta.IdentityLeaks. signatureunknownSignature

Command Example#

Human Readable Output#

usta-get-stolen-client-accounts#


You can access stolen customer accounts via Stolen-Client-accounts API.

Base Command#

usta-get-stolen-client-accounts

Input#

Argument NameDescriptionRequired
usernameFiltering by username.Optional
passwordFiltering by password.Optional
sourceIt allows to filter the stolen customer accounts detected according to the source.Available values : malware, phishing_site, data_leak, clients. Possible values are: malware, phishing_site, data_leak, clients.Optional
startStarting Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional
endEnd Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm).Optional

Context Output#

PathTypeDescription
Usta.StolenClientAccounts.createdunknownCreated date
Usta.StolenClientAccounts.passwordunknownPassword
Usta.StolenClientAccounts.sourceunknownSource
Usta.StolenClientAccounts.urlunknownURL
Usta.StolenClientAccounts.usernameunknownUsername

Command Example#

Human Readable Output#

usta-get-domain#


If you want to get more detailed information about malicious domain names, you can use this command.

Base Command#

usta-get-domain

Input#

Argument NameDescriptionRequired
domainSearch with domain name.Required

Context Output#

PathTypeDescription
Usta.Domain.asn_recordsunknownASN records
Usta.Domain.countryunknownCountry
Usta.Domain.dns_recordsunknownDNS records
Usta.Domain.domainunknownDomain
Usta.Domain.ip_addressesunknownIP addresses
Usta.Domain.ssl_recordsunknownSSL records
Usta.Domain.whois_recordsunknownWhois records

Command Example#

Human Readable Output#

usta-get-ip-address#


If you want to get more detailed information about specific IP Address, you can use this command.

Base Command#

usta-get-ip-address

Input#

Argument NameDescriptionRequired
ip_addressSearch with IP Address.Optional

Context Output#

PathTypeDescription
Usta.IPAddress.asn_recordsunknownASN records
Usta.IPAddress.countryunknownCountry
Usta.IPAddress.ip_addressunknownIP address
Usta.IPAddress.ssl_recordsunknownSSL records
Usta.IPAddress.whois_recordsunknownWhois records

Command Example#

Human Readable Output#

usta-send-referrer-url#


You can search about the accuracy of the urls referring to your company's websites.

Base Command#

usta-send-referrer-url

Input#

Argument NameDescriptionRequired
addressURL Value. Example: http://www.google3.com.Required

Context Output#

PathTypeDescription
Usta.Referrer.errorunknownIf any errors are received, it gives the details of the error

Command Example#

Human Readable Output#

usta-search-specific-identity-leaks#


With this command, you can search specific identity number that hashed in leaks

Base Command#

usta-search-specific-identity-leaks

Input#

Argument NameDescriptionRequired
identity_numberSearch with this identity number. You can search all identity number with "," .Required

Context Output#

PathTypeDescription
Usta.SpecificLeaks.existingunknownIf the identity is leaked, you can see it in existing.
Usta.SpecificLeaks.not_existingunknownIf the identity is not leaked, you can see it in not_existing

Command Example#

Human Readable Output#

usta-close-incident#


You can close the notifications in the status of "In Progress" or "Open", which are currently opened to your institution, via API.

Base Command#

usta-close-incident

Input#

Argument NameDescriptionRequired
idIncident ID.Required

Context Output#

PathTypeDescription
Usta.CloseIncident.idunknownIf the incident is closed, returns the id value that was closed.

Command Example#

Human Readable Output#