ThreatX
The ThreatX integration allows automated enforcement and intel gathering actions.
Network Security · ThreatX
Configuration parameters
url— ThreatX Server URL (e.g., https://provision.threatx.io) (required)customer_name— Customer Nameapi_key— API Keycredentials— Customer Namedbot_threshold— IP Threshold. Minimum risk score from ThreatX to consider the IP malicious. (required)proxy— Use system proxy settingsinsecure— Trust any certificate (not secure)
Commands (9)
-
threatx-add-entity-noteAdd a new note to the entity. For example: !threatx-add-entity-note entity_id=566056709695514809 message="test note"
-
threatx-blacklist-ipAdds an IP address or CIDR to the block list.
-
threatx-block-ipTemporarily blocks an IP address or CIDR. Default is 30 minutes.
-
threatx-get-entitiesGet high-level Entity information using the Entity ID, Entity Name, or Entity IP. For example: !threatx-get-entities timeframe=1-Day entity_name=CynicalGraaf,MJ12Bot entity_id= 566056709675514809 entity_ip=12.12.12.12,14.14.14.14. Note: long look-back timeframes for a large number of Entities can timeout.
-
threatx-get-entity-notesReturns the notes attached to an Entity, by Entity ID.
-
threatx-unblacklist-ipRemoves an IP or CIDR from the block list.
-
threatx-unblock-ipUnblocks a blocked IP address or CIDR.
-
threatx-unwhitelist-ipRemoves an IP address or CIDR from the allow list.
-
threatx-whitelist-ipAdds an IP address or CIDR to the allow list.