RST Cloud - Threat Feed API

This is the RST Threat Feed integration for interacting with API.

Data Enrichment & Threat Intelligence · RST Threat Feed

Configuration parameters

  • url — Server URL (e.g. https://api.rstcloud.net/v1) (required)
  • apikey — API Key (required)
  • threshold_ip — Score threshold for IP reputation command (required)
  • threshold_domain — Score threshold for domain reputation command (required)
  • threshold_url — Score threshold for url reputation command (required)
  • threshold_hash — Score threshold for hash reputation command
  • indicator_expiration_ip — IP Indicator Expiration (days) (required)
  • indicator_expiration_domain — Domain Indicator Expiration (days) (required)
  • indicator_expiration_url — URL Indicator Expiration (days) (required)
  • indicator_expiration_hash — File Hash Indicator Expiration (days)
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)
  • integrationReliability — Source Reliability
  • feedExpirationPolicy
  • feedExpirationInterval

Commands (6)

  • domain

    Returns Domain information and reputation.

  • file

    Returns File information and reputation.

  • ip

    Returns IP information and reputation.

  • rst-submit-fp

    Submits a potential False Positive to RST Threat Feed.

  • rst-submit-new

    Submits an indicator to RST Threat Feed.

  • url

    Returns URL information and reputation.