This Torq workflow template is designed to streamline threat intelligence operations by accepting arrays of domains, hashes, and IP addresses, then uploading them to Cybereason as Indicators of Compromise (IoCs). It meticulously validates each list: Hashes must be SHA1, SHA256, or MD5; domain lists cannot contain empty strings; IPs must be either IPv4 or IPv6. IoCs are configured to automatically expire after 14 days, enhancing cybersecurity management and ensuring continuous threat relevancy.
Optional Triggers
"This workfow can be used as a nested function."
Use Cases
Function
Workflow Breakdown
Receives arrays with Domains, Hashes, and IP addresses.
Validates the Hash list to include only SHA1, SHA256 and MD5 any other format is discarded.
Validates the Domain List to not include empty strings.
Validates IP addresses to be valid IPv4 or IPv6.
By default IoCs are set to expire on 14 days
Vendors
Utils, HTTP, Cybereason
Workflow Output
The workflow informs when IoCs were successfully uploaded or an error happens.