Skip to main content
All CollectionsTemplatesBasic
AlienVault Domain Enrichment with Cache - Workflow Template
AlienVault Domain Enrichment with Cache - Workflow Template

Nested workflow that will take a Domain as input and query AlienVault's General, Malware and GEO sections and return analysis information.

Updated over 7 months ago

The "AlienVault Domain Enrichment with Cache" template provides a robust solution for threat intelligence enrichment. It enables on-demand querying of AlienVault's database for detailed information regarding domain reputations and associated threat indicators. The workflow integrates cached results to improve efficiency and minimize repetitive external queries. The output includes general domain insights, malicious associations, malware families, and Mitre Attack TTPs, all of which are paramount for comprehensive security analysis and swift incident response.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Provide a Domain and integration information to the nested workflow

  2. Check if the Domain has been enriched and is found in the cache, if found return results.

  3. Query AlienVault for the Domain in the General, Malware and GEO information

  4. Parse the analysis for malicious findings, malware families and Mitre Attack TTPs

  5. Return the information to the parent workflow

Vendors

Utils, AlienVault OTX, Torq

Workflow Output

Analysis information from AlienVault for the Domain

Did this answer your question?