This workflow template, "Silent Push - IP Address Enrichment with Cache," is aimed at enhancing threat intelligence for cyber security teams. It takes an IP address from a parent workflow and cross-references it against the Silent Push database for enrichment. If a cached entry for the IP is available from the past 24 hours, it returns the saved data. If not, it seeks fresh enrichment information, creates a summary, and stores both the summary and original API data for future use. This optimizes the threat intelligence process by reducing redundant queries and expediting access to IP reputation data.
Optional Triggers
"This workflows is intended to be used as a function."
Use Cases
Function, Threat Intelligence Enrichment
Workflow Breakdown
Receives an IP Address as input.
Lookup global variables for cached responses in the past 24 hours.
If reputation is found on local cache, the saved data is returned to the parent workflow.
When no reputation is found in cache, a summary of the analysis data is created and saved with the original api data.
Vendors
Utils, Torq, Silent Push
Workflow Output
Returns full analysis data and a summary of the information.
Tips
Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output