Anomali ThreatStream v2 Deprecated

Deprecated. Use Anomali ThreatStream v3 integration instead.

Data Enrichment & Threat Intelligence · Anomali ThreatStream

Configuration parameters

  • url — Server URL (e.g., https://www.test.com) (required)
  • credentials — Username
  • username — Username
  • apikey — API Key
  • default_threshold — Threshold of the indicator. (required)
  • integrationReliability — Source Reliability (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (19)

  • domain

    Checks the reputation of the given domain name.

  • file

    Checks the reputation of the given hash of the file.

  • ip

    Checks the reputation of the given IP address.

  • threatstream-add-tag-to-model

    Adds tags to intelligence for purposes of filtering for related entities.

  • threatstream-analysis-report

    Returns the report of a file or URL that was submitted to the sandbox.

  • threatstream-create-model

    Creates a threat model with the specified parameters.

  • threatstream-email-reputation

    Checks the reputation of the given email address.

  • threatstream-get-analysis-status

    Returns the current status of the report that was submitted to the sandbox. The report ID is returned from the threatstream-submit-to-sandbox command.

  • threatstream-get-indicators

    Return filtered indicators from ThreatStream. If a query is defined, it overrides all other arguments that were passed to the command.

  • threatstream-get-indicators-by-model

    Returns a list of indicators associated with the specified model and ID of the model.

  • threatstream-get-model-description

    Returns an HTML file with a description of the threat model.

  • threatstream-get-model-list

    Returns a list of threat models.

  • threatstream-get-passive-dns

    Returns enrichment data for Domain or IP for available observables.

  • threatstream-import-indicator-with-approval

    Imports indicators (observables) into ThreatStream. Approval of the imported data is required, using the ThreatStream UI. The data can be imported using one of three methods: plain-text, file, or URL. Only one argument can be used.

  • threatstream-import-indicator-without-approval

    Imports indicators (observables) into ThreatStream. Approval is not required for the imported data. You must have the Approve Intel user permission to import without approval using the API.

  • threatstream-submit-to-sandbox

    Submits a file or URL to the ThreatStream-hosted Sandbox for detonation.

  • threatstream-supported-platforms

    Returns a list of supported platforms for default or premium sandbox.

  • threatstream-update-model

    Updates a threat model with specific parameters. If one or more optional parameters are defined, the command overrides previous data stored in ThreatStream.

  • url

    Checks the reputation of the given URL.