IOC Result Aggregator

extract indicators of compromise (iocs) from a variety of sources capabilities this connector provides the following capabilities parse iocs asset setup no asset setup needed actions aggregate ioc results combine results from ioc lookup sources endpoint method get input argument name type required description parameters highest verdict minimum confidence threshold number optional parameters for the aggregate ioc results action parameters raw scores string optional parameters for the aggregate ioc results action parameters raw reputations string optional parameters for the aggregate ioc results action parameters malicious keywords string optional parameters for the aggregate ioc results action parameters suspicious keywords string optional parameters for the aggregate ioc results action parameters benign keywords string optional parameters for the aggregate ioc results action parameters suspicious threshold number optional parameters for the aggregate ioc results action parameters malicious threshold number optional parameters for the aggregate ioc results action input example {"parameters" {"highest verdict minimum confidence threshold" 25,"raw scores" "30","raw reputations" "benign,malicious","malicious keywords" "malicious","suspicious keywords" "suspicious","benign keywords" "allow","suspicious threshold" 10,"malicious threshold" 50}} output parameter type description last aggregated string output field last aggregated highest verdict string output field highest verdict highest verdict confidence number unique identifier highest score number score value normalized scores array output field normalized scores all verdicts array output field all verdicts most common verdict string output field most common verdict most common verdict confidence number unique identifier average score number score value highest verdict context string output field highest verdict context values by verdict string value for the parameter combined verdict string output field combined verdict combined verdict confidence number unique identifier parsed value data string response data output example {"last aggregated" "2022 11 25t15 19 10 470582+00 00","highest verdict" "benign","highest verdict confidence" 100,"highest score" 3,"normalized scores" \[3,0],"all verdicts" \["benign","benign"],"most common verdict" "benign","most common verdict confidence" 100,"average score" 1 5,"highest verdict context" "highest threat score found 3 0%","values by verdict" "{\\"malicious\\" \[], \\"suspicious\\" \[], \\"benign\\" \[\\"3 0%\\", \\"0 0%\\"]}","combined verdict" "benign","combined verdict confidence" 100, response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt