Pulsedive

the pulsedive connector allows for the integration of pulsedive's comprehensive threat intelligence into security automation workflows pulsedive is a threat intelligence platform that provides real time data on indicators of compromise (iocs) and facilitates proactive cyber threat analysis the pulsedive connector for swimlane turbine allows users to integrate rich threat intelligence into their security workflows, enabling automated scanning, information retrieval, and comprehensive analysis of threats by leveraging pulsedive's capabilities, security teams can enhance their incident response with actionable insights, streamline investigations, and improve their overall security posture without the need for manual queries or coding limitations none to date supported versions this connector supports the latest version of the pulsedive api additional docs links to third party vendor’s api documentation https //pulsedive com/api/ https //pulsedive com/api/indicators configuration prerequisites to effectively utilize the pulsedive connector within the swimlane turbine platform, ensure you have the following prerequisites api key authentication with the necessary parameters url the endpoint url for the pulsedive api api key your unique authentication key provided by pulsedive authentication methods the following authentication methods are supported for this connector api key authentication url the endpoint url for the pulsedive api api key your unique identifier to authenticate with the pulsedive api troubleshooting tips ensure the api key has the necessary permissions verify that the api key is not expired or revoked capabilities this connector provides the following capabilities add to the queue get indicators by indicator id get indicator by value get indicators links get indicators properties retrieve the result add to the queue the first step to scanning an indicator is adding the indicator to the queue for processing we can specify whether we want to perform an active scan for the indicator by setting the probe parameter to 0 for passive or 1 for active pulsedive's documentation for this action can be found https //pulsedive com/api/scan get indicators by indicator id this query will return the latest properties if the historical parameter is omitted to return all historical properties, you can set the historical parameter to 1 schema is an optional parameter to return associated attributes with the indicator type you are querying for example, if you are querying google com, the schema parameter will return only attributes associated with domains customizable indicator types is in the pulsedive roadmap pulsedive's documentation for this action can be found https //pulsedive com/api/indicators get indicator by value this query is identical to querying by indicator id, but the information is retrieved using the indicator value querying links and properties by indicator value won't work pulsedive's documentation for this action can be found https //pulsedive com/api/indicators get indicators links retrieve links associated with specific indicators pulsedive's documentation for this action can be found https //pulsedive com/api/indicators get indicators properties you can bundle this request with the initial indicators request by setting the historical property to 1 in the initial request executing them separately or omitting historical properties on the initial request might be better for performance if you don't need all historical data pulsedive's documentation for this action can be found https //pulsedive com/api/indicators retrieve the result once we've added an indicator to the queue for analysis, we'll use the qid to check on the result the status field will let us know if the request is still processing once we get a response that contains a success message we'll know the scan is finished the pulsedive platform generally checks for results every 500 ms the api request is only recorded when you add the indicator to the queue we don't log requests when you check for analysis results so this won't be marked against your rate limit with that being said, we ask that you please do not abuse the request pulsedive's documentation for this action can be found https //pulsedive com/api/scan configurations pulsedive api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add to the queue initiates the scanning process by adding an indicator to pulsedive's queue, with options for passive or active scans endpoint url /api/analyze php method post input argument name type required description data body object optional response data data body value string optional response data data body probe string optional response data data body pretty string optional response data input example {"data body" {"value" "pulsedive com","probe" "1","pretty" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase success string whether the operation was successful qid number unique identifier output example {"status code" 200,"response headers" {"date" "tue, 19 nov 2024 08 56 07 gmt","server" "apache","cache control" "no store, no cache, must revalidate","content security policy" "default src 'self'","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","x requests remaining month" "488","x requests remaining second" "0","x requests remaining day" "43","content encoding" "gzip","vary" "accept encoding","keep alive" "t get indicators by indicator id retrieve current or historical properties of a pulsedive indicator by its unique id endpoint url /api/info php method get input argument name type required description parameters iid string optional indicator id parameters historical string optional include historical properties parameters schema string optional include attribute schema parameters pretty string optional pretty print json response input example {"parameters" {"iid" "2","historical" "0","schema" "1","pretty" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase qid object unique identifier iid number unique identifier indicator string output field indicator type string type of the resource risk string output field risk risk recommended string output field risk recommended manualrisk number output field manualrisk retired object output field retired stamp added string output field stamp added stamp updated string output field stamp updated stamp seen string output field stamp seen stamp probed string output field stamp probed stamp retired object output field stamp retired recent number output field recent submissions number output field submissions umbrella rank object output field umbrella rank umbrella domain object output field umbrella domain riskfactors array output field riskfactors riskfactors rfid number unique identifier riskfactors description string output field riskfactors description riskfactors risk string output field riskfactors risk redirects object output field redirects redirects from array output field redirects from output example {"qid" {},"iid" 123,"indicator" "string","type" "string","risk" "string","risk recommended" "string","manualrisk" 123,"retired" {},"stamp added" "string","stamp updated" "string","stamp seen" "string","stamp probed" "string","stamp retired" {},"recent" 123,"submissions" 123} get indicators by value retrieve detailed information for a specific indicator value from pulsedive, excluding associated links and properties endpoint url /api/info php method get input argument name type required description parameters indicator string optional parameters for the get indicators by value action parameters pretty string optional parameters for the get indicators by value action input example {"parameters" {"indicator" "pulsedive com","pretty" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase qid object unique identifier iid number unique identifier indicator string output field indicator type string type of the resource risk string output field risk risk recommended string output field risk recommended manualrisk number output field manualrisk retired object output field retired stamp added string output field stamp added stamp updated string output field stamp updated stamp seen string output field stamp seen stamp probed string output field stamp probed stamp retired object output field stamp retired recent number output field recent submissions number output field submissions umbrella rank object output field umbrella rank umbrella domain object output field umbrella domain riskfactors array output field riskfactors riskfactors rfid number unique identifier riskfactors description string output field riskfactors description riskfactors risk string output field riskfactors risk redirects object output field redirects redirects from array output field redirects from output example {"qid" {},"iid" 123,"indicator" "string","type" "string","risk" "string","risk recommended" "string","manualrisk" 123,"retired" {},"stamp added" "string","stamp updated" "string","stamp seen" "string","stamp probed" "string","stamp retired" {},"recent" 123,"submissions" 123} get indicators links retrieve associated links for specific indicators from pulsedive, aiding in comprehensive threat analysis endpoint url /api/info php method get input argument name type required description parameters indicator string optional parameters for the get indicators links action parameters get string optional parameters for the get indicators links action parameters pretty string optional parameters for the get indicators links action input example {"parameters" {"indicator" "pulsedive com","get" "links","pretty" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase active dns array output field active dns active dns iid number unique identifier active dns indicator string output field active dns indicator active dns type string type of the resource active dns risk string output field active dns risk active dns stamp linked string output field active dns stamp linked active dns summary object output field active dns summary active dns summary properties object output field active dns summary properties active dns summary properties whois object output field active dns summary properties whois active dns summary properties whois ++privacy string output field active dns summary properties whois ++privacy active dns summary properties whois ++gdpr string output field active dns summary properties whois ++gdpr active dns summary properties geo object output field active dns summary properties geo active dns summary properties geo country string output field active dns summary properties geo country active dns summary properties geo countrycode string output field active dns summary properties geo countrycode active dns summary properties geo region string output field active dns summary properties geo region active dns summary properties geo city string output field active dns summary properties geo city active dns summary properties http object output field active dns summary properties http active dns summary properties http ++content type string type of the resource active dns summary properties http ++code string output field active dns summary properties http ++code active dns summary attributes array output field active dns summary attributes active dns summary domainiid number unique identifier active dns summary domain string output field active dns summary domain output example {"status code" 200,"response headers" {"date" "thu, 07 nov 2024 06 53 39 gmt","server" "apache","cache control" "no store, no cache, must revalidate","content security policy" "default src 'self'","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","x requests remaining second" "0","x requests remaining day" "7","content encoding" "gzip","vary" "accept encoding","keep alive" "timeout=5, max=100","connection" "kee get indicators properties retrieve properties of pulsedive indicators, with an option to include historical data for optimized performance endpoint url /api/info php method get input argument name type required description parameters iid string optional parameters for the get indicators properties action parameters get string optional parameters for the get indicators properties action parameters pretty string optional parameters for the get indicators properties action input example {"parameters" {"iid" "2","get" "properties","pretty" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase whois array output field whois whois pid number unique identifier whois stamp seen string output field whois stamp seen whois name string name of the resource whois value string value for the parameter whois latest number output field whois latest geo array output field geo geo pid number unique identifier geo stamp seen string output field geo stamp seen geo name string name of the resource geo value string value for the parameter geo latest number output field geo latest http array output field http http pid number unique identifier http stamp seen string output field http stamp seen http name string name of the resource http value string value for the parameter http latest number output field http latest http clean number output field http clean http risky number output field http risky http unique number output field http unique ssl array output field ssl ssl pid number unique identifier output example {"whois" \[{"pid" 123,"stamp seen" "string","name" "example name","value" "string","latest" 123}],"geo" \[{"pid" 123,"stamp seen" "string","name" "example name","value" "string","latest" 123}],"http" \[{"pid" 123,"stamp seen" "string","name" "example name","value" "string","latest" 123,"clean" 123,"risky" 123,"unique" 123}],"ssl" \[{"pid" 123,"stamp seen" "string","name" "example name","value" "string","latest" 123,"clean" 123}],"dns" \[{"pid" 123,"stamp seen" "string","name" "example name","value" " retrieve the result retrieve analysis results for an indicator in pulsedive using the provided queue id (qid) endpoint url /api/analyze php method get input argument name type required description parameters qid number optional parameters for the retrieve the result action parameters pretty string optional parameters for the retrieve the result action input example {"parameters" {"qid" 1520723759,"pretty" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any status string status value qid string unique identifier output example {"status code" 200,"response headers" {"date" "tue, 19 nov 2024 05 48 33 gmt","server" "apache","cache control" "no store, no cache, must revalidate","content security policy" "default src 'self'","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","x requests remaining month" "492","x requests remaining second" "0","x requests remaining day" "47","content encoding" "gzip","vary" "accept encoding","keep alive" "t response headers header description example cache control directives for caching mechanisms no store, no cache, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self' content type the media type of the resource application/json date the date and time at which the message was originated thu, 07 nov 2024 06 53 39 gmt keep alive http response header keep alive timeout=5, max=100 server information about the software used by the origin server apache strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x content type options http response header x content type options nosniff x requests remaining day http response header x requests remaining day 47 x requests remaining month http response header x requests remaining month 492 x requests remaining second http response header x requests remaining second 0 x xss protection http response header x xss protection 1; mode=block