This Torq workflow template, "AlienVault Combined Observable Enrichment," automates the process of extracting and enriching observables from raw text using AlienVault's Threat Intelligence platform. It identifies whether the observables include file hashes, IP addresses, domains, or URLs. For each observable, the workflow performs a query against AlienVault for detailed enrichment, compiling a comprehensive analysis summary. This enrichment aids in threat identification and analysis, providing actionable insights for cybersecurity teams. The workflow integrates with nested processes to ensure efficient and cache-aware enrichment, making it a vital tool for rapid identification and response efforts in cybersecurity operations.
Optional Triggers
"This workflow is intended to be used as a nested workflow."
Use Cases
Function, Threat Intelligence Enrichment
Workflow Breakdown
Receive raw text from a parent workflow and extract observables
Check if extracted observables contain file hashes, ip addresses, domains or URLs.
For each extracted observable, query AlienVault for enrichment.
Vendors
Scripting, Utils, AlienVault OTX, Torq
Workflow Output
A list of analysis results. Each item can contain the original analysis data and a summary.
Tips
Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output