CyrenThreatInDepthRelatedWidget
Shows feed relationship data in a table with the ability to navigate
Source
import demistomock as demisto from CommonServerPython import * from CommonServerUserPython import * def cyren_feed_relationship(args) -> CommandResults: indicator = args.get("indicator") if not indicator: raise ValueError("Please provide 'indicator' argument!") result = demisto.executeCommand("CyrenThreatInDepthRenderRelated", {"indicator": json.dumps(indicator)}) if is_error(result[0]): raise ValueError(f"Failed to render related: {get_error(result)!s}") readable = result[0]["HumanReadable"] return CommandResults(readable_output=readable) def main(args): try: return_results(cyren_feed_relationship(args)) except Exception as e: return_error(f"Failed to execute CyrenThreatInDepthRelatedWidget. Error: {e!s}") if __name__ in ("__main__", "__builtin__", "builtins"): main(demisto.args())
README
Widget script to view a full set of information about the relationship information the Cyren Threat InDepth
feeds offer. For instance, you can see and navigate to a malicious SHA256 that was hosted by
a malicious URL.
The script can be used similar to the Feed Related Indicators.
This script uses the script CyrenThreatInDepthRenderRelated using the following (default) columns:
- Indicator Type
- Value (hyperlinked if possible)
- Reputation
- Relationship Type
- Entity Category
- Timestamp UTC
Script Data
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | dynamic-indicator-section |
| XSOAR Version | 6.0.0 |
Inputs
There are no inputs for this script.
Outputs
There are no outputs for this script.
Human Readable Output
| Indicator Type | Value | Reputation | Relationship Type | Entity Category | Timestamp UTC |
|---|---|---|---|---|---|
| IP | 172.217.6.65 | None (0) | resolves to | malware | 2021-01-07, 09:02:21 |
| SHA-256 | 6ea626950a759c259a182b628f79816843af379af87dbbe13923bf72d6047770 | Bad (3) | serves | malware | 2021-01-07, 09:02:21 |