Team T5 Threat Vision TI

the team t5 threat vision ti connector enables seamless access to a rich set of threat intelligence data, enhancing cybersecurity operations and threat analysis team t5 threat vision ti offers a comprehensive threat intelligence platform, providing in depth analysis and insights into cyber threats this connector enables swimlane turbine users to integrate real time threat intelligence directly into their security workflows by leveraging team t5's extensive data on domains, ips, and malware samples, security teams can automate threat detection, enhance incident response, and improve overall security posture the integration facilitates proactive defense strategies by providing actionable intelligence and automating analysis tasks prerequisites before integrating team t5 threat vision ti with swimlane turbine, ensure you have the following prerequisites oauth2 client credentials authentication with the following parameters url endpoint for the team t5 threat vision ti api client id unique identifier for oauth2 authentication client secret confidential key for oauth2 authentication capabilities this teamt5 threat vision ti connector has following capabilities domain analysis status for domain dns records of domain get domain information get whois for domain osint posts domain reports related to domain samples related to domain search domains intelligence reports intelligence list reports ioc bundles download ioc bundles list ioc bundles ip analysis status for ip dns records of ip get ip information get whois for ip osint posts ip reports related to ip samples related to ip search ips patch management report(pmr) get pmr list pmr sample (file) reports of sample sandbox search samples upload sample file configurations teamt5 threatvision ti oauth2 client credentials authenticates using oauth2 client credentials configuration parameters parameter description type required url a url to the target host string required client id the client id string required client secret the client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions analysis status for domain check the completion status of a domain analysis in team t5 threat vision ti using the provided domain name endpoint url api/v2/network/domains/{{domain name}}/analysis status method get input argument name type required description domain name string required domain name output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful analysis status boolean status value message string response message example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "analysis status" true, "message" "analysis finished" } } ] analysis status for ip check the completion status of an ip analysis in team t5 threat vision ti using the specified address endpoint url api/v2/network/ips/{{address}}/analysis status method get input argument name type required description address string required the ip address output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful analysis status boolean status value message string response message example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "analysis status" true, "message" "analysis finished" } } ] dns records of domain retrieve passive dns records associated with a specified domain name from team t5 threat vision ti endpoint url api/v2/network/domains/{{domain name}}/dns records method get input argument name type required description domain name string required domain name offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value records array output field records date string date value type string type of the resource value string value for the parameter example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "lomeptos com", "analysis status" true, "records" \[] } } ] dns records of ip retrieve passive dns records for a given ip from team t5 threat vision ti, requiring the 'address' path parameter endpoint url api/v2/network/ips/{{address}}/dns records method get input argument name type required description address string required the ip address offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value records array output field records date string date value type string type of the resource value string value for the parameter example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "88 214 27 53", "analysis status" true, "records" \[] } } ] download ioc bundles enables the downloading of authorized indicator of compromise (ioc) bundles in specified formats using 'ioc bundle id' and 'format' endpoint url api/v2/ioc bundles/{{ioc bundle id}} {{format}} method get input argument name type required description ioc bundle id string required the identity of ioc bundle format string required format of ioc bundle output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" {}, "reason" "ok", "file" {} } ] get domain information retrieve domain metadata such as risk level, registrar, and services from team t5 threat vision ti using the 'domain name' parameter endpoint url api/v2/network/domains/{{domain name}} method get input argument name type required description domain name string required domain name output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value risk level string output field risk level risk score number score value adversaries array output field adversaries file name string name of the resource file string output field file attributes array output field attributes file name string name of the resource file string output field file services array output field services file name string name of the resource file string output field file registrar string output field registrar last update at string output field last update at summary object output field summary whois boolean output field whois related adversaries number output field related adversaries related reports number output field related reports related samples number output field related samples dns records number output field dns records osint number output field osint example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "lomeptos com", "analysis status" true, "risk level" "high", "risk score" 75, "adversaries" \[], "attributes" \[], "services" \[], "registrar" "ownregistrar, inc ", "last update at" "2023 12 27t11 19 27 727z", "summary" {} } } ] get ip information retrieve ip address metadata, such as risk level, region, and city, from team t5 threat vision ti endpoint url api/v2/network/ips/{{address}} method get input argument name type required description address string required the ip address output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value risk level string output field risk level risk score number score value risk types array type of the resource adversaries array output field adversaries file name string name of the resource file string output field file attributes array output field attributes name string name of the resource first seen string output field first seen last seen string output field last seen ip sharing array output field ip sharing name string name of the resource first seen string output field first seen last seen string output field last seen services array output field services file name string name of the resource file string output field file country string output field country city string output field city region string output field region example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "167 179 85 233", "analysis status" true, "risk level" "medium", "risk score" 70, "risk types" \[], "adversaries" \[], "attributes" \[], "ip sharing" \[], "services" \[], "country" "japan", "city" "\u014ci", "region" "saitama", "last update at" "2023 12 27t11 13 54 578z", "summary" {} } } ] get pmr retrieves detailed vulnerability information from a specified report in team t5 threat vision ti using the report name endpoint url api/v2/vulnerability/advisory lists/{{name}} method get input argument name type required description name string required title of the report output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful advisories array output field advisories identification string unique identifier report urls object url endpoint for the request vendor string output field vendor product string output field product product list array output field product list file name string name of the resource file string output field file cvss number output field cvss cvss vector string output field cvss vector description object output field description title string output field title detail string output field detail threat level string output field threat level poc object output field poc publicly disclosed boolean output field publicly disclosed updated at number output field updated at patch string output field patch references array output field references file name string name of the resource file string output field file malicious files object output field malicious files example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "advisories" \[] } } ] get whois for domain retrieve whois information for a specified domain name from team t5 threat vision ti, requiring the domain name parameter endpoint url api/v2/network/domains/{{domain name}}/whois method get input argument name type required description domain name string required domain name output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value whois string output field whois example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "lomeptos com", "analysis status" true, "whois" " domain name lomeptos com\r\n registry domain id 2840749178 domain com vrsn\r " } } ] get whois for ip retrieve whois registry information for a specified ip address from team t5 threat vision ti endpoint url api/v2/network/ips/{{address}}/whois method get input argument name type required description address string required the ip address output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value whois string output field whois example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "167 179 85 233", "analysis status" true, "whois" "{\n \\"ip\\" \\"167 179 85 233\\",\n \\"asn\\" {\n \\"asn\\" \\"as20473\\",\n \\"name\\" \\"the co " } } ] intelligence list reports retrieve the top 10 recent reports matching criteria in team t5 threat vision ti, sorted by publish date endpoint url api/v2/reports method get input argument name type required description query string optional keywords to filter reports types\[] array optional available report types are campaign tracking report advanced, cyber affairs report bi weekly, monthly report monthly, flash report flash, vulnerability insights report vulnerability insights, miscellaneous on demand date\[from] number optional only match reports published after this date, in unix timestamp date\[to] number optional only match reports published before this date, in unix timestamp tags\[] array optional only match reports with these tags offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful reports array output field reports title string output field title date number date value type string type of the resource adversaries array output field adversaries malwares array output field malwares targeted countries array output field targeted countries targeted industries array output field targeted industries digest string output field digest pdf url string url endpoint for the request stix url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "reports" \[] } } ] list ioc bundles retrieve authorized ioc bundles, including names, types, creation dates, and download urls endpoint url api/v2/ioc bundles method get input argument name type required description offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful ioc bundles array output field ioc bundles id string unique identifier name string name of the resource type string type of the resource created at number output field created at stix url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "ioc bundles" \[] } } ] list pmr retrieve the most recent pmr reports from team t5 threat vision ti, sorted by publish date endpoint url api/v2/vulnerability/advisory lists method get output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful advisory lists array output field advisory lists name string name of the resource release date number date value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "advisory lists" \[] } } ] osint posts domain retrieve osint posts, such as twitter mentions, linked to a given domain name, requiring the 'domain name' parameter endpoint url api/v2/network/domains/{{domain name}}/intel posts method get input argument name type required description domain name string required domain name offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value posts array output field posts posted date string date value content string response content url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "lomeptos com", "analysis status" true, "posts" \[] } } ] osint posts ip retrieve osint mentions, like twitter posts, linked to a specific ip address using team t5 threat vision ti endpoint url api/v2/network/ips/{{address}}/intel posts method get input argument name type required description address string required the ip address offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value posts array output field posts posted date string date value content string response content url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "88 214 27 53", "analysis status" true, "posts" \[] } } ] reports of sample retrieve related reports authored by team t5 analysts using a specified sample id as input endpoint url api/v2/samples/{{sample id}}/reports method get input argument name type required description sample id string required sample id the sha256 for sample offset number optional parameter for reports of sample output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier reports array output field reports title string output field title date number date value type string type of the resource adversaries array output field adversaries malwares array output field malwares targeted countries array output field targeted countries targeted industries array output field targeted industries capability array output field capability digest string output field digest pdf url string url endpoint for the request stix url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321", "reports" \[] } } ] reports related to domain retrieve related reports from team t5 threat vision ti for a specified domain, offering insights into associated campaigns endpoint url api/v2/network/domains/{{domain name}}/reports method get input argument name type required description domain name string required domain name offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value reports array output field reports title string output field title date number date value type string type of the resource adversaries array output field adversaries malwares array output field malwares targeted countries array output field targeted countries targeted industries array output field targeted industries capability array output field capability file name string name of the resource file string output field file digest string output field digest pdf url string url endpoint for the request stix url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "login spiritismireland com", "analysis status" true, "reports" \[] } } ] reports related to ip retrieve detailed reports from team t5 threat vision ti analysts for a specified ip address, offering insights into related threat campaigns endpoint url api/v2/network/ips/{{address}}/reports method get input argument name type required description address string required the ip address offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value reports array output field reports title string output field title date number date value type string type of the resource adversaries array output field adversaries malwares array output field malwares targeted countries array output field targeted countries targeted industries array output field targeted industries capability array output field capability digest string output field digest pdf url string url endpoint for the request stix url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "167 179 85 233", "analysis status" true, "reports" \[] } } ] samples related to domain retrieve associated malware samples for a given domain name from team t5 threat vision ti, requiring the 'domain name' parameter endpoint url api/v2/network/domains/{{domain name}}/samples method get input argument name type required description domain name string required domain name offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value samples array output field samples main value string value for the parameter sha256 string output field sha256 md5 string output field md5 size number output field size first seen number output field first seen adversaries array output field adversaries file name string name of the resource file string output field file malwares array output field malwares file name string name of the resource file string output field file filename object name of the resource risk level string output field risk level has network activity boolean output field has network activity url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "login spiritismireland com", "analysis status" true, "samples" \[] } } ] samples related to ip retrieve associated malware samples for a given ip address from team t5 threat vision ti, requiring an 'address' path parameter endpoint url api/v2/network/ips/{{address}}/samples method get input argument name type required description address string required the ip address offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value samples array output field samples main value string value for the parameter sha256 string output field sha256 md5 string output field md5 size number output field size first seen number output field first seen adversaries array output field adversaries malwares array output field malwares filename object name of the resource risk level string output field risk level has network activity boolean output field has network activity url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "167 179 85 233", "analysis status" true, "samples" \[] } } ] sandbox retrieve dynamic analysis results for a given sample by using its unique sample id in team t5 threat vision ti endpoint url api/v2/samples/{{sample id}}/sandbox method get input argument name type required description sample id string required sample id the sha256 for sample output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier data object response data registry array output field registry mutex array output field mutex value string value for the parameter example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "id" "248c8bcccf439195f7e1656dfd2542ff34b4f79015575ef79195c8b233c5f48b", "data" {} } } ] search domains enables users to search for domains using a query, delivering up to 10 results per request with an offset for refined searches endpoint url api/v2/network/domains/search method get input argument name type required description query string required keywords to filter domains offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful domains array output field domains fqdn string output field fqdn example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "domains" \[] } } ] search ips search for specific ips within team t5 threat vision ti, delivering a maximum of 10 results per query with an offset for advanced filtering endpoint url api/v2/network/ips/search method get input argument name type required description query string required keywords to filter ips offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful ips array output field ips address string output field address example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "ips" \[] } } ] search samples enables users to search for samples in team t5 threat vision ti, delivering up to 10 results per query with advanced offset filtering endpoint url api/v2/samples/search method get input argument name type required description query string required keywords to filter samples offset number optional number of results to skip allows you to paginate over the results output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful samples array output field samples sha256 string output field sha256 md5 string output field md5 size number output field size first seen number output field first seen adversaries array output field adversaries malwares array output field malwares filename string name of the resource risk level string output field risk level has network activity boolean output field has network activity url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "samples" \[] } } ] upload sample file upload files to team t5 threat vision ti for automated malware analysis; consumes 1 aap per file endpoint url api/v2/samples method post input argument name type required description files object required file to be analysed file string optional parameter for upload sample file file name string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful url string url endpoint for the request example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "url" "https //api threatvision org/api/v2/samples/uploaded sample hash" } } ]