This workflow template caters to the Threat Intelligence Enrichment use case by automating the process of querying AlienVault's OTX for details on a specified File Hash. It first checks a cache for existing data before proceeding to query and parse results from AlienVault's General and Analysis sections for malware identification and association with known threat tactics and techniques. The findings are then returned to the parent workflow, streamlining the threat intelligence process for faster, data-driven decision-making.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide File Hash and integration information to the nested workflow
Check if the File Hash has been enriched and is found in the cache, if found return results.
Query AlienVault for the File Hash in the General and Analysis sections
Parse the analysis for malicious findings, malware families and Mitre Attack TTPs
Return the information to the parent workflow
Vendors
Utils, AlienVault OTX, Torq
Workflow Output
Analysis information from AlienVault for the File Hash