Skip to main content
All CollectionsTemplatesBasic
AlienVault File Hash Enrichment with Cache - Workflow Template
AlienVault File Hash Enrichment with Cache - Workflow Template

Nested workflow that will take a File Hash as input and query AlienVault's General and Analysis sections for details and return the results.

Updated over 6 months ago

This workflow template caters to the Threat Intelligence Enrichment use case by automating the process of querying AlienVault's OTX for details on a specified File Hash. It first checks a cache for existing data before proceeding to query and parse results from AlienVault's General and Analysis sections for malware identification and association with known threat tactics and techniques. The findings are then returned to the parent workflow, streamlining the threat intelligence process for faster, data-driven decision-making.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Provide File Hash and integration information to the nested workflow

  2. Check if the File Hash has been enriched and is found in the cache, if found return results.

  3. Query AlienVault for the File Hash in the General and Analysis sections

  4. Parse the analysis for malicious findings, malware families and Mitre Attack TTPs

  5. Return the information to the parent workflow

Vendors

Utils, AlienVault OTX, Torq

Workflow Output

Analysis information from AlienVault for the File Hash

Did this answer your question?