Skip to main content

Workflow Template: Upload New Threat Intelligence IOCs to Cybereason

Receives arrays of Domains, Hashes and IP Addresses IOC's and upload them to Cybereason.

Updated over a week ago

The "Upload New Threat Intelligence IOCs to Cybereason" workflow template is designed to streamline the process of updating threat intelligence data in Cybereason. It efficiently handles arrays of domains, hashes, and IP addresses, ensuring only valid entries are processed. The workflow validates hash formats (SHA1, SHA256, MD5), checks domain lists for empty strings, and confirms IP addresses are valid IPv4 or IPv6. By default, Indicators of Compromise (IoCs) are set to expire after 14 days, enhancing security management and response capabilities.

Take Me to the Template

Optional Triggers

["This workflow can be used as a nested function."]

Use Cases

Function

Workflow Breakdown

  1. Receives arrays with Domains, Hashes, and IP addresses.

  2. Validates the Hash list to include only SHA1, SHA256 and MD5 any other format is discarded.

  3. Validates the Domain List to not include empty strings.

  4. Validates IP addresses to be valid IPv4 or IPv6.

  5. By default IoCs are set to expire on 14 days

Vendors

Utils, HTTP, Cybereason

Workflow Output

The workflow informs when IoCs were successfully uploaded or an error happens.

Related Articles
Extraction Utilities
Workflow Template: VirusTotal IOC Lookup with Summary of Results from OpenAI
Workflow Template: Advanced Upload of the Latest Recorded Future IOCs to Cybereason
Workflow Template: Upload Latest Recorded Future IOCs to Cybereason
Workflow Template: Group IoCs From Text Input
Did this answer your question?