CyrenThreatInDepthRelatedWidget

Shows feed relationship data in a table with the ability to navigate

python · Cyren Threat InDepth Threat Intelligence

Source

import demistomock as demisto
from CommonServerPython import *

from CommonServerUserPython import *


def cyren_feed_relationship(args) -> CommandResults:
    indicator = args.get("indicator")
    if not indicator:
        raise ValueError("Please provide 'indicator' argument!")

    result = demisto.executeCommand("CyrenThreatInDepthRenderRelated", {"indicator": json.dumps(indicator)})
    if is_error(result[0]):
        raise ValueError(f"Failed to render related: {get_error(result)!s}")

    readable = result[0]["HumanReadable"]
    return CommandResults(readable_output=readable)


def main(args):
    try:
        return_results(cyren_feed_relationship(args))
    except Exception as e:
        return_error(f"Failed to execute CyrenThreatInDepthRelatedWidget. Error: {e!s}")


if __name__ in ("__main__", "__builtin__", "builtins"):
    main(demisto.args())

README

Widget script to view a full set of information about the relationship information the Cyren Threat InDepth
feeds offer. For instance, you can see and navigate to a malicious SHA256 that was hosted by
a malicious URL.

The script can be used similar to the Feed Related Indicators.

This script uses the script CyrenThreatInDepthRenderRelated using the following (default) columns:

  • Indicator Type
  • Value (hyperlinked if possible)
  • Reputation
  • Relationship Type
  • Entity Category
  • Timestamp UTC

Script Data


Name Description
Script Type python3
Tags dynamic-indicator-section
XSOAR Version 6.0.0

Inputs


There are no inputs for this script.

Outputs


There are no outputs for this script.

Human Readable Output


Indicator Type Value Reputation Relationship Type Entity Category Timestamp UTC
IP 172.217.6.65 None (0) resolves to malware 2021-01-07, 09:02:21
SHA-256 6ea626950a759c259a182b628f79816843af379af87dbbe13923bf72d6047770 Bad (3) serves malware 2021-01-07, 09:02:21