This Torq workflow template is designed to enhance threat intelligence by extracting and enriching potential indicators of compromise (IOCs) from Slack messages. Upon receiving a Slack message with possible CVEs, SHA256 hashes, or suspicious IP addresses, the workflow confirms the provided IOCs with the message sender, then leverages Recorded Future for enrichment details. The results, including any associated risks and intelligence, are subsequently reported back in the Slack thread, providing a seamless and immediate analysis of potential security threats within the communication platform.
Trigger
Slack
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Receive Slack message and extract all IOCs
Confirm the extracted IOCs with requesting user
Enrich CVE detail if provided in the event and reply back to the Slack thread
Enrich Hash detail if provided in the event and reply back to the Slack thread
Enrich IP detail if provided in the event and reply back to the Slack thread
Updates to the thread via Slack with intelligence gathered from Recorded Future
Vendors
Slack, Utils, Recorded Future
Workflow Output
Updates to the thread via Slack with intelligence gathered from Recorded Future.