ProofPoint Emerging Threat Intelligence

the proofpoint emerging threat intelligence connector enables automated access to threat intelligence data, allowing users to assess domain and ip reputations and investigate malware samples proofpoint emerging threat intelligence offers a comprehensive suite of threat intelligence data, enabling users to assess domain, ip, and malware sample reputations this connector allows swimlane turbine users to automate the retrieval of reputation scores and metadata, enhancing their security operations with timely and accurate threat intelligence by integrating with proofpoint, users can proactively identify and respond to emerging threats, streamline investigations, and bolster their overall security posture without the need for manual queries or coding limitations none to date supported versions this connector supports the latest version of the proofpoint emerging threat intelligence rest api additional docs https //apidocs emergingthreats net/#authentication https //apidocs emergingthreats net/#introduction configuration prerequisites to effectively utilize the proofpoint emerging threat intelligence connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for accessing proofpoint services api token a unique identifier used to authenticate requests to the proofpoint api authentication methods to effectively utilize the proofpoint emerging threat intelligence connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the proofpoint et api api key your unique authentication key provided by proofpoint to access the et intelligence services capabilities this connector provides the following capabilities get current domain reputation get current ip reputation get sample details get current domain reputation this action retrieves the current reputation scores in categories that are currently associated with the specified domain proofpoint et intelligence's documentation for this action can be found https //apidocs emergingthreats net/#get current domain reputation get current ip reputation this action retrieves the current reputation scores in categories that are currently associated with the specified ip proofpoint et intelligence's documentation for this action can be found https //apidocs emergingthreats net/#get current ip reputation get sample details this action retrieves metadata information for a single malware sample proofpoint et intelligence's documentation for this action can be found https //apidocs emergingthreats net/#get sample details configurations proofpoint et intelligence api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required authorization api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get current domain reputation retrieve current reputation scores for a specified domain from proofpoint emerging threat intelligence, including various category assessments endpoint url /v1/domains/{{domain}}/reputation method get input argument name type required description path parameters domain string required the domain name to check input example {"path parameters" {"domain" "google com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful response array output field response response category string output field response category response score number score value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"response" \[{},{},{}]}} get current ip reputation retrieve the latest reputation scores and categories for a specific ip from proofpoint emerging threat intelligence endpoint url /v1/ips/{{ip}}/reputation method get input argument name type required description path parameters ip string required the ip address to check input example {"path parameters" {"ip" "192 168 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful response array output field response response category string output field response category response score number score value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"response" \[{},{},{}]}} get sample details retrieve metadata for a specific malware sample using its md5 hash from proofpoint emerging threat intelligence endpoint url /v1/samples/{{md5}} method get input argument name type required description path parameters md5 string required the md5 hash of the binary sample input example {"path parameters" {"md5" "fa86e86e9dfb7a4571b3c3091fbf4bff"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful response object output field response response md5sum string output field response md5sum response submit date string date value response file type string type of the resource response file size number output field response file size response sha256 string output field response sha256 output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"response" {"md5sum" "fa86e86e9dfb7a4571b3c3091fbf4bff","submit date" "2012 06 11 04 00 00","file type" "pe32 executable for ms windows (dll) (console) intel 80386 32 bit","file size" 69459,"sha256" "e12012672d33cbcb22cf953ff787af250f8f5e920c565f03d4496a619c13a889"}}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt