...
Apivoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention, reducing and automating the manual work of security analysts.
Connect Triage with Devo SOAR
Navigate to Automations > Integrations.
Search for Apivoid.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
API Key: The API key to connect to the Apivoid Server.
After you've entered all the details, click Connect.
Actions for Triage
IP Reputation Check
Detect malicious IP address commonly used for spam, to attack websites or to commit fraudulent activities.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
IP address | Jinja-templated text containing the IP address. Example: 110.235.237.9 | Required |
Output
JSON containing the following items:
...
Code Block |
---|
## URL Reputation Check Check if a URL is potentially malicious. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :--------- | :----------------------------------------------------------------------------------------------- | :------- | | URL | [Jinja-templated](doc:jinja-template) text containing the URL. Example: `https://www.google.com` | Required | ### Output JSON containing the following items: ``` {json}{ "data": { "report": { "dns_records": { "ns": { "records": [ { "target": "ns2.google.com", "ip": "216.239.34.10", "country_code": "US", "country_name": "United States of America", "isp": "Google LLC" }], "risk_score": { "result": 0 }, "security_checks": { "is_host_an_ipv4": false, "is_uncommon_host_length": false, "is_uncommon_dash_char_count": false, "is_uncommon_dot_char_count": false, "is_suspicious_url_pattern": false }, "site_category": { "is_torrent": false, "is_vpn_provider": false, "is_free_hosting": false }, "url_parts": { "scheme": "https", "host": "www.google.com", "host_nowww": "google.com", "port": null, "path": "/", "query": null }, "web_page": { "title": "Google", "description": "", "keywords": "" } } } } } |
Release Notes
v1.0.4
- Initial release withURL Reputation Check
andIP Reputation Check
Actions.
...