Details
| Author | ANSSI |
| Version | 2.0 |
| License | AGPL-V3 |
| Website | https://github.com/TheHive-Project/Cortex-Analyzers/ |
| Requires Registration | Yes |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | domain, ip, url, fqdn, uri_path, user-agent, hash, mail, mail_subject, registry, regexp, other, filename |
| Service Homepage | OpenCTI_SearchExactObservable |
Description
Query multiple OpenCTI instances for a specific observable.
Configuration
| Name | Description |
| name | Name of OpenCTI servers |
| url | URL of OpenCTI servers |
| key | API key for each server |
| cert_check | Verify server certificate |
Details
| Author | ANSSI |
| Version | 2.0 |
| License | AGPL-V3 |
| Website | https://github.com/TheHive-Project/Cortex-Analyzers/ |
| Requires Registration | Yes |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | domain, ip, url, fqdn, uri_path, user-agent, hash, mail, mail_subject, registry, regexp, other, filename |
| Service Homepage | OpenCTI_SearchObservables |
Description
Query multiple OpenCTI instances for a list of observables matching a pattern.
Configuration
| Name | Description |
| name | Name of OpenCTI servers |
| url | URL of OpenCTI servers |
| key | API key for each server |
| cert_check | Verify server certificate |
Additional details from the README file:
OpenCTI is an open cyber threat intelligence platform which aims at providing a powerful knowledge management database with an enforced schema especially tailored for cyber threat intelligence and cyber operations and based on STIX 2.
The analyzer comes in only one flavor to look for an observable in the platform. The analyzer comes in two flavors to search for an observable in the platform:
- OpenCTI*SearchExactObservable: returns an exact match only
- OpenCTI*SearchObservables: returns all observables containing the input data
- The OpenCTI analyzer requires you to have access to one or several OpenCTI
instances. You can also deploy your own instance. instances in version 4. You can also deploy your own instance.
Three parameters are required for each instance to make the analyzer work:
url: URL of the instance, e.g. "https://demo.opencti.io"