Skip to main content
All CollectionsTemplatesBasic
AlienVault Combined Observable Enrichment - Workflow Template
AlienVault Combined Observable Enrichment - Workflow Template

Extract multiple observables from raw text and performs enrichment for each observable in AlienVault returns analysis information.

Updated over 6 months ago

This Torq workflow template, "AlienVault Combined Observable Enrichment," automates the process of extracting and enriching observables from raw text using AlienVault's Threat Intelligence platform. It identifies whether the observables include file hashes, IP addresses, domains, or URLs. For each observable, the workflow performs a query against AlienVault for detailed enrichment, compiling a comprehensive analysis summary. This enrichment aids in threat identification and analysis, providing actionable insights for cybersecurity teams. The workflow integrates with nested processes to ensure efficient and cache-aware enrichment, making it a vital tool for rapid identification and response efforts in cybersecurity operations.

Optional Triggers

"This workflow is intended to be used as a nested workflow."

Use Cases

Function, Threat Intelligence Enrichment

Workflow Breakdown

  1. Receive raw text from a parent workflow and extract observables

  2. Check if extracted observables contain file hashes, ip addresses, domains or URLs.

  3. For each extracted observable, query AlienVault for enrichment.

Vendors

Scripting, Utils, AlienVault OTX, Torq

Workflow Output

A list of analysis results. Each item can contain the original analysis data and a summary.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?