Group-IB Threat Intelligence v3.0.1

Group-IB Threat Intelligence is a system for analyzing and attributing cyberattacks, threat hunting, and protecting network infrastructure based on data relating to adversary tactics, tools, and activity. Use this pack to fast receive incidents related to you, attribute them to adversaries to do instant response, enrich your security with an enormous IOCs collection, and provide possibilities for manual investigation through Group-IB data via Cortex XSOAR interface.

Author:
Group-IB
Support:
partner
URL:
https://www.group-ib.com/
agentixxsiam
Data Enrichment & Threat Intelligence

Incident fields (269)

Indicator fields (21)

  • GIB Admiralty Code
  • GIB CVSS Vector
  • GIB Collection
  • GIB Credibility
  • GIB Date Compromised
  • GIB File Name
  • GIB Hash
  • GIB ID
  • GIB Malware Name
  • GIB Phishing Title
  • GIB Proxy Anonymous
  • GIB Proxy Port
  • GIB Reliability
  • GIB Severity
  • GIB Software Mixed
  • GIB Target Brand
  • GIB Target Category
  • GIB Target Domain
  • GIB Threat Actor ID
  • GIB Threat Actor Name
  • GIB Threat Actor is APT

Indicator types (3)

  • reputation-GIB_Compromised_IMEI
  • reputation-GIB_Compromised_Mule
  • reputation-GIB_Victim_IP

Pre process rules (2)

  • GIB Rule
  • GIB Rule All Types

README

Nowadays businesses in any sphere may have problems with their cybersecurity: from simple phishing to professional cybercriminals, so it is very important to respond to incidents quickly.

Group-IB Threat Intelligence Pack can help you with managing your incident and indicators from Group-IB within the SOAR system.

What does this pack do?

  • Receive incidents and attribute them to adversaries.
  • Enrich security system with IOCs.
  • Provide possibilities for manual investigation through Group-IB data via Cortex XSOAR interface.

As part of this pack, you will also get incident types, fields, and layouts; indicator types, fields, and layouts; the classifier and mapper for properly delivering data to these types and fields. Also, you will get a playbook, that enriches incidents, upcoming from Group-IB with threat reports and threat actor information.

Incident Postprocessing - Group-IB Threat Intelligence