forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 13
/
ipinfo_v2.yml
176 lines (175 loc) · 5.9 KB
/
ipinfo_v2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
category: Data Enrichment & Threat Intelligence
sectionOrder:
- Connect
- Collect
commonfields:
id: ipinfo_v2
version: -1
configuration:
- name: credentials
additionalinfo: The API key to use for the connection.
hiddenusername: true
displaypassword: API Token
type: 9
section: Connect
required: false
- name: integrationReliability
additionalinfo: Reliability of the source providing the intelligence data.
defaultvalue: C - Fairly reliable
display: Source Reliability
options:
- A+ - 3rd party enrichment
- A - Completely reliable
- B - Usually reliable
- C - Fairly reliable
- D - Not usually reliable
- E - Unreliable
- F - Reliability cannot be judged
required: true
type: 15
section: Collect
- name: base_url
defaultvalue: https://ipinfo.io
display: Base URL
required: true
type: 0
section: Connect
- name: insecure
display: Trust any certificate (not secure)
type: 8
section: Connect
advanced: true
required: false
- display: Use system proxy settings
name: proxy
type: 8
section: Connect
advanced: true
required: false
description: Use the IPinfo.io API to get data about an IP address.
display: IPinfo v2
name: ipinfo_v2
script:
commands:
- arguments:
- default: true
description: IP address to query, e.g., 1.1.1.1.
isArray: true
name: ip
required: true
description: Check IP reputation (when information is available, returns a JSON with details). Uses all configured Threat Intelligence feeds.
name: ip
outputs:
- contextPath: IPinfo.IP.Address
description: The IP address.
type: String
- contextPath: IPinfo.IP.Hostname
description: The IP hostname.
type: String
- contextPath: IPinfo.IP.ASN
description: The IP ASN.
type: String
- contextPath: IPinfo.IP.ASOwner
description: The IP AS owner.
type: String
- contextPath: IPinfo.IP.Organization.Name
description: The IP organization name (Only available in some IPinfo.io plans).
type: String
- contextPath: IPinfo.IP.Organization.Type
description: The IP organization type (Only available in some IPinfo.io plans).
type: String
- contextPath: IPinfo.IP.Geo.Location
description: The IP geographic location (coordinates as lat:lon).
type: String
- contextPath: IPinfo.IP.Geo.Country
description: The IP country.
type: String
- contextPath: IPinfo.IP.Geo.Description
description: The IP location as <City, Region, Postal Code, Country>.
type: String
- contextPath: IPinfo.IP.Registrar.Abuse.Address
description: The physical address registered for receiving abuse reports for the IP. (Only available in some IPinfo.io plans).
type: String
- contextPath: IPinfo.IP.Registrar.Abuse.Country
description: The country where abuse reports are received for the IP. (Only available in some IPinfo.io plans).
type: String
- contextPath: IPinfo.IP.Registrar.Abuse.Email
description: The email address for abuse reports provided by the IP. (Only available in some IPinfo.io plans).
type: String
- contextPath: IPinfo.IP.Registrar.Abuse.Name
description: The name of the abuse report handler received for the IP. (Only available in some IPinfo.io plans).
type: String
- contextPath: IPinfo.IP.Registrar.Abuse.Network
description: The IP range relevant for abuse inquiries provided for the IP. (Only available in some IPinfo.io plans).
type: String
- contextPath: IP.Address
description: The IP address.
type: String
- contextPath: IP.Hostname
description: The IP hostname.
type: String
- contextPath: IP.ASN
description: The IP ASN.
type: String
- contextPath: IP.Tags
description: Tags related the IP use (hosting, proxy, tor, vpn).
type: String
- contextPath: IP.FeedRelatedIndicators.value
description: Names of indicators associated with the IP.
type: String
- contextPath: IP.FeedRelatedIndicators.type
description: Types of indicators associated with the IP.
type: String
- contextPath: IP.Relationships.EntityA
description: The source of the relationship.
type: string
- contextPath: IP.Relationships.EntityB
description: The destination of the relationship.
type: string
- contextPath: IP.Relationships.Relationship
description: The name of the relationship.
type: string
- contextPath: IP.Relationships.EntityAType
description: The type of the source of the relationship.
type: string
- contextPath: IP.Relationships.EntityBType
description: The type of the destination of the relationship.
type: string
- contextPath: IP.Geo.Location
description: The IP geographic location (coordinates as lat:lon)
type: String
- contextPath: IP.Geo.Country
description: The IP country.
type: String
- contextPath: IP.Geo.Description
description: The IP location as <City, Region, Postal Code, Country>.
type: String
- contextPath: IP.Organization.Name
description: The organization of the IP.
type: String
- contextPath: IP.Organization.Type
description: The organization type of the IP.
type: String
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: DBotScore.Reliability
description: How reliable the score is (for example, "C - fairly reliable").
type: String
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the score.
type: String
dockerimage: demisto/python3:3.10.12.67728
runonce: false
script: '-'
subtype: python3
type: python
tests:
- IPInfo_v2Test
fromversion: 5.5.0