ThreatX

The ThreatX integration allows automated enforcement and intel gathering actions.

Network Security · ThreatX

Configuration parameters

  • url — ThreatX Server URL (e.g., https://provision.threatx.io) (required)
  • customer_name — Customer Name
  • api_key — API Key
  • credentials — Customer Name
  • dbot_threshold — IP Threshold. Minimum risk score from ThreatX to consider the IP malicious. (required)
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)

Commands (9)

  • threatx-add-entity-note

    Add a new note to the entity. For example: !threatx-add-entity-note entity_id=566056709695514809 message="test note"

  • threatx-blacklist-ip

    Adds an IP address or CIDR to the block list.

  • threatx-block-ip

    Temporarily blocks an IP address or CIDR. Default is 30 minutes.

  • threatx-get-entities

    Get high-level Entity information using the Entity ID, Entity Name, or Entity IP. For example: !threatx-get-entities timeframe=1-Day entity_name=CynicalGraaf,MJ12Bot entity_id= 566056709675514809 entity_ip=12.12.12.12,14.14.14.14. Note: long look-back timeframes for a large number of Entities can timeout.

  • threatx-get-entity-notes

    Returns the notes attached to an Entity, by Entity ID.

  • threatx-unblacklist-ip

    Removes an IP or CIDR from the block list.

  • threatx-unblock-ip

    Unblocks a blocked IP address or CIDR.

  • threatx-unwhitelist-ip

    Removes an IP address or CIDR from the allow list.

  • threatx-whitelist-ip

    Adds an IP address or CIDR to the allow list.