Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Apivoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention, reducing and automating the manual work of security analysts.

Connect Triage with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Apivoid.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. API Key: The API key to connect to the Apivoid Server.

  9. After you've entered all the details, click Connect.

Actions for Triage

IP Reputation Check

Detect malicious IP address commonly used for spam, to attack websites or to commit fraudulent activities.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

IP address

Jinja-templated text containing the IP address. Example: 110.235.237.9

Required

Output

JSON containing the following items:

...

Code Block
## URL Reputation Check

Check if a URL is potentially malicious.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name | Description                                                                                      | Required |
| :--------- | :----------------------------------------------------------------------------------------------- | :------- |
| URL        | [Jinja-templated](doc:jinja-template) text containing the URL. Example: `https://www.google.com` | Required |

### Output

JSON containing the following items:


``` {json}{
"data": {
        "report": {
            "dns_records": {
                "ns": {
                    "records": [
                        {
                            "target": "ns2.google.com",
                            "ip": "216.239.34.10",
                            "country_code": "US",
                            "country_name": "United States of America",
                            "isp": "Google LLC"
                        }],
                      "risk_score": {
                            "result": 0
                                },
                      "security_checks": {
                        "is_host_an_ipv4": false,
                        "is_uncommon_host_length": false,
                        "is_uncommon_dash_char_count": false,
                        "is_uncommon_dot_char_count": false,
                        "is_suspicious_url_pattern": false
                      },
                      "site_category": {
                        "is_torrent": false,
                        "is_vpn_provider": false,
                        "is_free_hosting": false
                      },
                      "url_parts": {
                        "scheme": "https",
                        "host": "www.google.com",
                        "host_nowww": "google.com",
                        "port": null,
                        "path": "/",
                        "query": null
                        },
                      "web_page": {
                          "title": "Google",
                          "description": "",
                          "keywords": ""
                      }
                }
            }
        }
}

Release Notes

  • v1.0.4 - Initial release with URL Reputation Check and IP Reputation Check Actions.

...