Import Intelligence via API - ThreatStream

Takes the currently viewed webpage or PDF, and sends to ThreatStream for IOC scraping and import.


Description

This tool takes the currently viewed webpage or PDF, and sends to Anomali ThreatStream for IOC scraping and import.

This tool is primarily useful for actioning threat intelligence Indicators of Compromise (IOCs) that you may read about on a threat intelligence blog, or other sources such as Twitter, etc.

When you import the shortcut, it will ask you for your ThreatStream username and API key. Note that you must have an analyst or paid account to do so, and the free STAXX accounts do not have rights to do this.

When you run the shortcut, it will PDF the currently viewed page, send the PDF to ThreatStream, where it will be scraped and imported. You will be provided the import job number so that you can view the IOCs and approve the import once back at the office. It will also create an iOS location-based reminder to do so, with the job number, using the standard Reminders app.

For an example URL to import, check out recent posts on security vendor research blogs, such as this one: https://tinyurl.com/yb8ehqo7


Latest Release Notes

1 - Oct. 23, 2018, 10:35 a.m.

v1


Past versions