-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
TeamCymru.yml
163 lines (163 loc) · 5.32 KB
/
TeamCymru.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
category: Data Enrichment & Threat Intelligence
commonfields:
id: TeamCymru
version: -1
configuration:
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- display: Use system proxy settings
name: proxy
type: 8
section: Connect
advanced: true
defaultvalue: 'false'
required: false
- display: Proxy URL
additionalinfo: "Supports socks4/socks5/http connect proxies (e.g., socks5h://host:1080)."
name: proxy_url
type: 0
section: Connect
advanced: true
required: false
- additionalinfo: Reliability of the source providing the intelligence data.
defaultvalue: B - Usually reliable
display: Source Reliability
name: integration_reliability
options:
- A+ - 3rd party enrichment
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
type: 15
required: false
description: Team Cymru provides various service options dedicated to mapping IP numbers to BGP prefixes and ASNs. Each of the services is based on the same BGP feeds from 50+ BGP peers and is updated at 4-hour intervals.
display: 'Team Cymru'
name: TeamCymru
script:
commands:
- arguments:
- default: true
description: An IPv4 address to query, e.g., 1.1.1.1.
name: ip
required: true
isArray: true
description: Checks the reputation of an IP address.
name: ip
outputs:
- contextPath: IP.Address
description: IP address.
type: String
- contextPath: IP.ASN
description: 'The autonomous system name for the IP address, for example: "AS8948".'
type: String
- contextPath: IP.ASOwner
description: The autonomous system owner of the IP address.
type: String
- contextPath: IP.Geo.Country
description: The country in which the IP address is located.
type: String
- contextPath: IP.Registrar.Abuse.Network
description: The network of the contact for reporting abuse.
type: String
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the score.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: DBotScore.Reliability
description: Reliability of the source providing the intelligence data.
type: String
- contextPath: TeamCymru.IP.Address
description: The IP address.
type: String
- contextPath: TeamCymru.IP.ASN
description: The IP ASN.
type: String
- contextPath: TeamCymru.IP.ASOwner
description: The IP AS owner.
type: String
- contextPath: TeamCymru.IP.Geo.Country
description: The IP country.
type: String
- contextPath: TeamCymru.IP.Registrar.Abuse.Network
description: The IP range relevant for abuse inquiries provided for the IP.
type: String
- arguments:
- description: The file's War Room entry ID.
name: entry_id
required: true
- defaultValue: ','
description: |-
Delimiter by which the content of the file is separated.
Eg: " , " , " : ", " ; ".
name: delimiter
description: |-
Checks the reputation of a CSV list of IPv4 addresses within a file.
Note: Results for queries exceeding 10,000 IPs may take more than a minute given a moderately sized Internet link.
name: cymru-bulk-whois
outputs:
- contextPath: IP.Address
description: IP address.
type: String
- contextPath: IP.ASN
description: 'The autonomous system name for the IP address, for example: "AS8948".'
type: String
- contextPath: IP.ASOwner
description: The autonomous system owner of the IP address.
type: String
- contextPath: IP.Geo.Country
description: The country in which the IP address is located.
type: String
- contextPath: IP.Registrar.Abuse.Network
description: The network of the contact for reporting abuse.
type: String
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the score.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: DBotScore.Reliability
description: Reliability of the source providing the intelligence data.
type: String
- contextPath: TeamCymru.IP.Address
description: The IP address.
type: String
- contextPath: TeamCymru.IP.ASN
description: The IP ASN.
type: String
- contextPath: TeamCymru.IP.ASOwner
description: The IP AS owner.
type: String
- contextPath: TeamCymru.IP.Geo.Country
description: The IP country.
type: String
- contextPath: TeamCymru.IP.Registrar.Abuse.Network
description: The IP range relevant for abuse inquiries provided for the IP.
type: String
runonce: false
script: '-'
type: python
subtype: python3
dockerimage: demisto/vendors-sdk:1.0.0.74116
fromversion: 6.5.0
tests:
- TeamCymruTest