Skip to main content
All CollectionsTemplatesBasic
Upload New Threat Intelligence IOCs to Cybereason - Workflow Template
Upload New Threat Intelligence IOCs to Cybereason - Workflow Template

Receives arrays of Domains, Hashes and IP Addresses IOC's and upload them to Cybereason.

Updated over 6 months ago

This Torq workflow template is designed to streamline threat intelligence operations by accepting arrays of domains, hashes, and IP addresses, then uploading them to Cybereason as Indicators of Compromise (IoCs). It meticulously validates each list: Hashes must be SHA1, SHA256, or MD5; domain lists cannot contain empty strings; IPs must be either IPv4 or IPv6. IoCs are configured to automatically expire after 14 days, enhancing cybersecurity management and ensuring continuous threat relevancy.

Optional Triggers

"This workfow can be used as a nested function."

Use Cases

Function

Workflow Breakdown

  1. Receives arrays with Domains, Hashes, and IP addresses.

  2. Validates the Hash list to include only SHA1, SHA256 and MD5 any other format is discarded.

  3. Validates the Domain List to not include empty strings.

  4. Validates IP addresses to be valid IPv4 or IPv6.

  5. By default IoCs are set to expire on 14 days

Vendors

Utils, HTTP, Cybereason

Workflow Output

The workflow informs when IoCs were successfully uploaded or an error happens.

Did this answer your question?