Anomali Intelligence
Overview
Anomali delivers intelligence-driven cybersecurity solutions, including ThreatStream, Match, and Lens.
ThreatStream is a Threat Intelligence Management that automates the collection and processing of raw data, filters out the noise and transforms it into relevant, actionable threat intelligence for security teams.
Hunters uses Anomali to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.
In addition Hunters uses it for it’s Threat Intel detection and investigation pipeline. The Threat Intel pipeline detects IOCs in your raw data from your different data sources, and enriches existing detections containing IOCs.
Supported Data Types
Intelligence API - an API used to retrieve threat intelligence from ThreatStream. More information can be found here.
Hunters Ingestion
In order to enable Hunters' collection & ingestion of Anomali for your account, you will need to provide Hunters API authentication details:
username- the email address associated with your ThreatStream account.API Key- associated API Key.
The username and API Key can be found inside your Anomali console, on the My Profile tab within ThreatStream settings.
Expected Format
{"source_created": "2022-01-31T00:00:00.000Z", "status": "active", "itype": "mal_file_name", "expiration_ts": "2022-01-31T00:00:00.000z", "ip": 1.1.1.1, "is_editable": false, "feed_id": 0, "update_id": 111111, "value": "abc.txt", "is_public": false, "threat_type": "malware", "workgroups": [], "rdns": null, "confidence": 100, "uuid": "111-222", "retina_confidence": -1, "trusted_circle_ids": [10], "id": 50, "source": "FirstEnergy", "owner_organization_id": 2, "import_session_id": 4, "source_modified": null, "type": "string", "sort": [2], "description": null, "tags": [{"id": "V", "name": "#malware"}, {"id": "i", "name": "#virustotal"}], "threatscore": 80, "latitude": null, "modified_ts": "2021-11-02T00:00:00.000Z", "org": "", "asn": "", "created_ts": "2021-05-02T12:10:33.111Z", "tlp": null, "is_anonymous": false, "country": null, "source_reported_confidence": -1, "can_add_public_tags": true, "longitude": null, "subtype": null, "meta": {"detail2": "imported by user 2", "severity": "high"}, "resource_uri": "/api/v2/intelligence/555/"}