This Torq workflow template is designed for automating threat intelligence enrichment by assessing the reputation of an IP address. The workflow initially checks for cached reputation data to avoid redundant lookups. If no data is cached, it reaches out to Recorded Future to retrieve the IP address's reputation information, summarizes it, and updates the cache. This ensures efficient use of resources and timely access to threat intelligence for ongoing security analysis and incident response.
Optional Triggers
"This workflows is intended to be used as a function."
Use Cases
Function, Threat Intelligence Enrichment
Workflow Breakdown
Trigger the workflow and provide an IP Address.
Lookup global variables to see if IP addresse's reputation has been saved in the past 24 hours.
If reputation is found on local cache, the saved data is returned to the parent workflow.
When no reputation is found cached, a summary of the analysis data is created and saved with the original api data.
Vendors
Utils, Recorded Future, Torq
Workflow Output
Returns full analysis data and a summary of the information.
Tips
Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output