ProofPoint Emerging Threat Intelligence

the proofpoint emerging threat intelligence connector enables automated access to threat intelligence data, allowing users to assess domain and ip reputations and investigate malware samples proofpoint emerging threat intelligence offers a comprehensive suite of threat intelligence data, enabling users to assess domain, ip, and malware sample reputations this connector allows swimlane turbine users to automate the retrieval of reputation scores and metadata, enhancing their security operations with timely and accurate threat intelligence by integrating with proofpoint, users can proactively identify and respond to emerging threats, streamline investigations, and bolster their overall security posture without the need for manual queries or coding limitations none to date supported versions this connector supports the latest version of the proofpoint emerging threat intelligence rest api additional docs proofpoint et intelligence authentication link https //apidocs emergingthreats net/#authenticationproofpoint et intelligence api docs https //apidocs emergingthreats net/#introduction configuration prerequisites to effectively utilize the proofpoint emerging threat intelligence connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for accessing proofpoint services api token a unique identifier used to authenticate requests to the proofpoint api authentication methods to effectively utilize the proofpoint emerging threat intelligence connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the proofpoint et api api key your unique authentication key provided by proofpoint to access the et intelligence services capabilities this connector provides the following capabilities get current domain reputation get current ip reputation get sample details get current domain reputation this action retrieves the current reputation scores in categories that are currently associated with the specified domain proofpoint et intelligence's documentation for this action can be found here https //apidocs emergingthreats net/#get current domain reputation get current ip reputation this action retrieves the current reputation scores in categories that are currently associated with the specified ip proofpoint et intelligence's documentation for this action can be found here https //apidocs emergingthreats net/#get current ip reputation get sample details this action retrieves metadata information for a single malware sample proofpoint et intelligence's documentation for this action can be found here https //apidocs emergingthreats net/#get sample details configurations proofpoint et intelligence api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required authorization api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get current domain reputation retrieve current reputation scores for a specified domain from proofpoint emerging threat intelligence, including various category assessments endpoint url /v1/domains/{{domain}}/reputation method get input argument name type required description domain string required the domain name to check output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful response array output field response category string output field category score number score value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "response" \[] } } ] get current ip reputation retrieve the latest reputation scores and categories for a specific ip from proofpoint emerging threat intelligence endpoint url /v1/ips/{{ip}}/reputation method get input argument name type required description ip string required the ip address to check output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful response array output field response category string output field category score number score value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "response" \[] } } ] get sample details retrieve metadata for a specific malware sample using its md5 hash from proofpoint emerging threat intelligence endpoint url /v1/samples/{{md5}} method get input argument name type required description md5 string required the md5 hash of the binary sample output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful response object output field response md5sum string output field md5sum submit date string date value file type string type of the resource file size number output field file size sha256 string output field sha256 example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "response" {} } } ]