Skip to main content
All CollectionsTemplatesBasic
Silent Push - IP Address Enrichment with Cache - Workflow Template
Silent Push - IP Address Enrichment with Cache - Workflow Template

Receives an IP Address from a parent workflow and query Silent Push for enrichment.

Updated over 7 months ago

This workflow template, "Silent Push - IP Address Enrichment with Cache," is aimed at enhancing threat intelligence for cyber security teams. It takes an IP address from a parent workflow and cross-references it against the Silent Push database for enrichment. If a cached entry for the IP is available from the past 24 hours, it returns the saved data. If not, it seeks fresh enrichment information, creates a summary, and stores both the summary and original API data for future use. This optimizes the threat intelligence process by reducing redundant queries and expediting access to IP reputation data.

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Function, Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives an IP Address as input.

  2. Lookup global variables for cached responses in the past 24 hours.

  3. If reputation is found on local cache, the saved data is returned to the parent workflow.

  4. When no reputation is found in cache, a summary of the analysis data is created and saved with the original api data.

Vendors

Utils, Torq, Silent Push

Workflow Output

Returns full analysis data and a summary of the information.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?