Twinwave

TwinWave’s threat analysis platform analyzes both URLs and files to detect credential phishing and malware threats. Our platform automatically navigates complex attack chains that attackers put in front of threats in order to evade analysis. In addition to detecting threats, the TwinWave platform generates actionable intelligence for threat hunting and other activities.

Data Enrichment & Threat Intelligence · Twinwave

Configuration parameters

  • isFetch — Fetch incidents
  • incidentType — Incident type
  • api-token — Twinwave API token (required)
  • first_fetch — Number of jobs to first fetch
  • max_fetch — Max Fetch
  • source — Filter incidents by submission source.
  • username — Filter UI incidents by username. Exact match only. (Cannot use if source is all or api)
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)

Commands (11)

  • twinwave-download-submitted-resource

    Download the Submitted Resource. Download a password-protected Zip archive of the Resource. Use the password 'infected' to decrypt the archive. All Resources discovered during the analysis are available for download via this endpoint. To get the list of SHA256s for the Job's Resources, see The Resources array from Get a Job Summary.

  • twinwave-get-engines

    List Available Engines.

  • twinwave-get-job-normalized-forensics

    Get a Job's Normalized Forensics.

  • twinwave-get-job-summary

    Get Job Summary.

  • twinwave-get-task-normalized-forensics

    Get a Task's Normalized Forensics.

  • twinwave-get-task-raw-forensics

    Get a Task's Raw Forensics.

  • twinwave-get-temp-artifact-url

    Get a Temporary Artifact URL.

  • twinwave-resubmit-job

    Resubmit a Job.

  • twinwave-search-across-jobs-and-resources

    Search Across Jobs and Resources.

  • twinwave-submit-file

    Submit File for Scanning.

  • twinwave-submit-url

    Submit New URL for Scanning.