Team T5 Threat Vision TI

the team t5 threat vision ti connector enables seamless access to a rich set of threat intelligence data, enhancing cybersecurity operations and threat analysis team t5 threat vision ti offers a comprehensive threat intelligence platform, providing in depth analysis and insights into cyber threats this connector enables swimlane turbine users to integrate real time threat intelligence directly into their security workflows by leveraging team t5's extensive data on domains, ips, and malware samples, security teams can automate threat detection, enhance incident response, and improve overall security posture the integration facilitates proactive defense strategies by providing actionable intelligence and automating analysis tasks prerequisites before integrating team t5 threat vision ti with swimlane turbine, ensure you have the following prerequisites oauth2 client credentials authentication with the following parameters url endpoint for the team t5 threat vision ti api client id unique identifier for oauth2 authentication client secret confidential key for oauth2 authentication capabilities this teamt5 threat vision ti connector has following capabilities domain analysis status for domain dns records of domain get domain information get whois for domain osint posts domain reports related to domain samples related to domain search domains intelligence reports intelligence list reports ioc bundles download ioc bundles list ioc bundles ip analysis status for ip dns records of ip get ip information get whois for ip osint posts ip reports related to ip samples related to ip search ips patch management report(pmr) get pmr list pmr sample (file) reports of sample sandbox search samples upload sample file configurations teamt5 threatvision ti oauth2 client credentials authenticates using oauth2 client credentials configuration parameters parameter description type required url a url to the target host string required client id the client id string required client secret the client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions analysis status for domain check the completion status of a domain analysis in team t5 threat vision ti using the provided domain name endpoint url api/v2/network/domains/{{domain name}}/analysis status method get input argument name type required description path parameters domain name string required domain name input example {"path parameters" {"domain name" "login spiritismireland com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful analysis status boolean status value message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"analysis status"\ true,"message" "analysis finished"}} analysis status for ip check the completion status of an ip analysis in team t5 threat vision ti using the specified address endpoint url api/v2/network/ips/{{address}}/analysis status method get input argument name type required description path parameters address string required the ip address input example {"path parameters" {"address" "88 214 27 53"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful analysis status boolean status value message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"analysis status"\ true,"message" "analysis finished"}} dns records of domain retrieve passive dns records associated with a specified domain name from team t5 threat vision ti endpoint url api/v2/network/domains/{{domain name}}/dns records method get input argument name type required description path parameters domain name string required domain name parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"domain name" "lomeptos com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value records array output field records records date string date value records type string type of the resource records value string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "lomeptos com","analysis status"\ true,"records" \[{}]}} dns records of ip retrieve passive dns records for a given ip from team t5 threat vision ti, requiring the 'address' path parameter endpoint url api/v2/network/ips/{{address}}/dns records method get input argument name type required description path parameters address string required the ip address parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"address" "167 179 85 233"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value records array output field records records date string date value records type string type of the resource records value string value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "88 214 27 53","analysis status"\ true,"records" \[{}]}} download ioc bundles enables the downloading of authorized indicator of compromise (ioc) bundles in specified formats using 'ioc bundle id' and 'format' endpoint url api/v2/ioc bundles/{{ioc bundle id}} {{format}} method get input argument name type required description path parameters ioc bundle id string required the identity of ioc bundle path parameters format string required format of ioc bundle input example {"path parameters" {"ioc bundle id" "q2fzzuzpbguvmte3mdu="}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachment file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","file" {}} get domain information retrieve domain metadata such as risk level, registrar, and services from team t5 threat vision ti using the 'domain name' parameter endpoint url api/v2/network/domains/{{domain name}} method get input argument name type required description path parameters domain name string required domain name input example {"path parameters" {"domain name" "lomeptos com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value risk level string output field risk level risk score number score value adversaries array output field adversaries adversaries file name string name of the resource adversaries file string output field adversaries file attributes array output field attributes attributes file name string name of the resource attributes file string output field attributes file services array output field services services file name string name of the resource services file string output field services file registrar string output field registrar last update at string output field last update at summary object output field summary summary whois boolean output field summary whois summary related adversaries number output field summary related adversaries summary related reports number output field summary related reports summary related samples number output field summary related samples summary dns records number output field summary dns records summary osint number output field summary osint output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "lomeptos com","analysis status"\ true,"risk level" "high","risk score" 75,"adversaries" \[],"attributes" \[],"services" \[],"registrar" "ownregistrar, inc ","last update at" "2023 12 27t11 19 27 727z","summary" {"whois"\ true,"related adversaries" 0,"related reports" 0,"related samples" 0,"dns records" 41,"osint" 1}}} get ip information retrieve ip address metadata, such as risk level, region, and city, from team t5 threat vision ti endpoint url api/v2/network/ips/{{address}} method get input argument name type required description path parameters address string required the ip address input example {"path parameters" {"address" "167 179 85 233"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value risk level string output field risk level risk score number score value risk types array type of the resource adversaries array output field adversaries adversaries file name string name of the resource adversaries file string output field adversaries file attributes array output field attributes attributes name string name of the resource attributes first seen string output field attributes first seen attributes last seen string output field attributes last seen ip sharing array output field ip sharing ip sharing name string name of the resource ip sharing first seen string output field ip sharing first seen ip sharing last seen string output field ip sharing last seen services array output field services services file name string name of the resource services file string output field services file country string output field country city string output field city region string output field region output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "167 179 85 233","analysis status"\ true,"risk level" "medium","risk score" 70,"risk types" \["ce"],"adversaries" \[],"attributes" \[{}],"ip sharing" \[{}],"services" \[],"country" "japan","city" "\u014ci","region" "saitama","last update at" "2023 12 27t11 13 54 578z","summary" {"whois"\ true,"related adversaries" 0,"related reports" 6,"related samples" 1,"dns records" 7,"osint" 0}}} get pmr retrieves detailed vulnerability information from a specified report in team t5 threat vision ti using the report name endpoint url api/v2/vulnerability/advisory lists/{{name}} method get input argument name type required description path parameters name string required title of the report input example {"path parameters" {"name" "2023 sep 2"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful advisories array output field advisories advisories identification string unique identifier advisories report urls object url endpoint for the request advisories vendor string output field advisories vendor advisories product string output field advisories product advisories product list array output field advisories product list advisories product list file name string name of the resource advisories product list file string output field advisories product list file advisories cvss number output field advisories cvss advisories cvss vector string output field advisories cvss vector advisories description object output field advisories description advisories description title string output field advisories description title advisories description detail string output field advisories description detail advisories threat level string output field advisories threat level advisories poc object output field advisories poc advisories publicly disclosed boolean output field advisories publicly disclosed advisories updated at number output field advisories updated at advisories patch string output field advisories patch advisories references array output field advisories references advisories references file name string name of the resource advisories references file string output field advisories references file advisories malicious files object output field advisories malicious files output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"advisories" \[{}]}} get whois for domain retrieve whois information for a specified domain name from team t5 threat vision ti, requiring the domain name parameter endpoint url api/v2/network/domains/{{domain name}}/whois method get input argument name type required description path parameters domain name string required domain name input example {"path parameters" {"domain name" "lomeptos com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value whois string output field whois output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "lomeptos com","analysis status"\ true,"whois" " domain name lomeptos com\r\n registry domain id 2840749178 domain com vrsn\r "}} get whois for ip retrieve whois registry information for a specified ip address from team t5 threat vision ti endpoint url api/v2/network/ips/{{address}}/whois method get input argument name type required description path parameters address string required the ip address input example {"path parameters" {"address" "167 179 85 233"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value whois string output field whois output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "167 179 85 233","analysis status"\ true,"whois" "{\n \\"ip\\" \\"167 179 85 233\\",\n \\"asn\\" {\n \\"asn\\" \\"as20473\\",\n \\"name\\" \\"the co "}} intelligence list reports retrieve the top 10 recent reports matching criteria in team t5 threat vision ti, sorted by publish date endpoint url api/v2/reports method get input argument name type required description parameters query string optional keywords to filter reports parameters types\[] array optional available report types are campaign tracking report advanced, cyber affairs report bi weekly, monthly report monthly, flash report flash, vulnerability insights report vulnerability insights, miscellaneous on demand parameters date\[from] number optional only match reports published after this date, in unix timestamp parameters date\[to] number optional only match reports published before this date, in unix timestamp parameters tags\[] array optional only match reports with these tags parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"query" "flash report 20230929","types\[]" \["advanced","bi weekly"],"date\[from]" 1622505600,"date\[to]" 1625097600,"tags\[]" \["tag1","tag2"],"offset" 10}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful reports array output field reports reports title string output field reports title reports date number date value reports type string type of the resource reports adversaries array output field reports adversaries reports malwares array output field reports malwares reports targeted countries array output field reports targeted countries reports targeted industries array output field reports targeted industries reports digest string output field reports digest reports pdf url string url endpoint for the request reports stix url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"reports" \[{}]}} list ioc bundles retrieve authorized ioc bundles, including names, types, creation dates, and download urls endpoint url api/v2/ioc bundles method get input argument name type required description parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful ioc bundles array output field ioc bundles ioc bundles id string unique identifier ioc bundles name string name of the resource ioc bundles type string type of the resource ioc bundles created at number output field ioc bundles created at ioc bundles stix url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"ioc bundles" \[{}]}} list pmr retrieve the most recent pmr reports from team t5 threat vision ti, sorted by publish date endpoint url api/v2/vulnerability/advisory lists method get output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful advisory lists array output field advisory lists advisory lists name string name of the resource advisory lists release date number date value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"advisory lists" \[{}]}} osint posts domain retrieve osint posts, such as twitter mentions, linked to a given domain name, requiring the 'domain name' parameter endpoint url api/v2/network/domains/{{domain name}}/intel posts method get input argument name type required description path parameters domain name string required domain name parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"domain name" "lomeptos com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value posts array output field posts posts posted date string date value posts content string response content posts url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "lomeptos com","analysis status"\ true,"posts" \[{}]}} osint posts ip retrieve osint mentions, like twitter posts, linked to a specific ip address using team t5 threat vision ti endpoint url api/v2/network/ips/{{address}}/intel posts method get input argument name type required description path parameters address string required the ip address parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"address" "167 179 85 233"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value posts array output field posts posts posted date string date value posts content string response content posts url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "88 214 27 53","analysis status"\ true,"posts" \[{}]}} reports of sample retrieve related reports authored by team t5 analysts using a specified sample id as input endpoint url api/v2/samples/{{sample id}}/reports method get input argument name type required description path parameters sample id string required sample id the sha256 for sample parameters offset number optional parameters for the reports of sample action input example {"parameters" {"offset" 5},"path parameters" {"sample id" "364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier reports array output field reports reports title string output field reports title reports date number date value reports type string type of the resource reports adversaries array output field reports adversaries reports malwares array output field reports malwares reports targeted countries array output field reports targeted countries reports targeted industries array output field reports targeted industries reports capability array output field reports capability reports digest string output field reports digest reports pdf url string url endpoint for the request reports stix url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321","reports" \[{}]}} reports related to domain retrieve related reports from team t5 threat vision ti for a specified domain, offering insights into associated campaigns endpoint url api/v2/network/domains/{{domain name}}/reports method get input argument name type required description path parameters domain name string required domain name parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"domain name" "login spiritismireland com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value reports array output field reports reports title string output field reports title reports date number date value reports type string type of the resource reports adversaries array output field reports adversaries reports malwares array output field reports malwares reports targeted countries array output field reports targeted countries reports targeted industries array output field reports targeted industries reports capability array output field reports capability reports capability file name string name of the resource reports capability file string output field reports capability file reports digest string output field reports digest reports pdf url string url endpoint for the request reports stix url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "login spiritismireland com","analysis status"\ true,"reports" \[{}]}} reports related to ip retrieve detailed reports from team t5 threat vision ti analysts for a specified ip address, offering insights into related threat campaigns endpoint url api/v2/network/ips/{{address}}/reports method get input argument name type required description path parameters address string required the ip address parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"address" "167 179 85 233"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value reports array output field reports reports title string output field reports title reports date number date value reports type string type of the resource reports adversaries array output field reports adversaries reports malwares array output field reports malwares reports targeted countries array output field reports targeted countries reports targeted industries array output field reports targeted industries reports capability array output field reports capability reports digest string output field reports digest reports pdf url string url endpoint for the request reports stix url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "167 179 85 233","analysis status"\ true,"reports" \[{}]}} samples related to domain retrieve associated malware samples for a given domain name from team t5 threat vision ti, requiring the 'domain name' parameter endpoint url api/v2/network/domains/{{domain name}}/samples method get input argument name type required description path parameters domain name string required domain name parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"domain name" "login spiritismireland com"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value samples array output field samples samples main value string value for the parameter samples sha256 string output field samples sha256 samples md5 string output field samples md5 samples size number output field samples size samples first seen number output field samples first seen samples adversaries array output field samples adversaries samples adversaries file name string name of the resource samples adversaries file string output field samples adversaries file samples malwares array output field samples malwares samples malwares file name string name of the resource samples malwares file string output field samples malwares file samples filename object name of the resource samples risk level string output field samples risk level samples has network activity boolean output field samples has network activity samples url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "login spiritismireland com","analysis status"\ true,"samples" \[{}]}} samples related to ip retrieve associated malware samples for a given ip address from team t5 threat vision ti, requiring an 'address' path parameter endpoint url api/v2/network/ips/{{address}}/samples method get input argument name type required description path parameters address string required the ip address parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"offset" 5},"path parameters" {"address" "167 179 85 233"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier analysis status boolean status value samples array output field samples samples main value string value for the parameter samples sha256 string output field samples sha256 samples md5 string output field samples md5 samples size number output field samples size samples first seen number output field samples first seen samples adversaries array output field samples adversaries samples malwares array output field samples malwares samples filename object name of the resource samples risk level string output field samples risk level samples has network activity boolean output field samples has network activity samples url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "167 179 85 233","analysis status"\ true,"samples" \[{}]}} sandbox retrieve dynamic analysis results for a given sample by using its unique sample id in team t5 threat vision ti endpoint url api/v2/samples/{{sample id}}/sandbox method get input argument name type required description path parameters sample id string required sample id the sha256 for sample input example {"path parameters" {"sample id" "248c8bcccf439195f7e1656dfd2542ff34b4f79015575ef79195c8b233c5f48b"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful id string unique identifier data object response data data registry array response data data mutex array response data data mutex value string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"id" "248c8bcccf439195f7e1656dfd2542ff34b4f79015575ef79195c8b233c5f48b","data" {"registry" \[],"mutex" \[]}}} search domains enables users to search for domains using a query, delivering up to 10 results per request with an offset for refined searches endpoint url api/v2/network/domains/search method get input argument name type required description parameters query string required keywords to filter domains parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"query" "teamt5","offset" 5}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful domains array output field domains domains fqdn string output field domains fqdn output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"domains" \[{}]}} search ips search for specific ips within team t5 threat vision ti, delivering a maximum of 10 results per query with an offset for advanced filtering endpoint url api/v2/network/ips/search method get input argument name type required description parameters query string required keywords to filter ips parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"query" "flash report 20240112023054","offset" 5}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful ips array output field ips ips address string output field ips address output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"ips" \[{}]}} search samples enables users to search for samples in team t5 threat vision ti, delivering up to 10 results per query with advanced offset filtering endpoint url api/v2/samples/search method get input argument name type required description parameters query string required keywords to filter samples parameters offset number optional number of results to skip allows you to paginate over the results input example {"parameters" {"query" "huapi","offset" 5}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful samples array output field samples samples sha256 string output field samples sha256 samples md5 string output field samples md5 samples size number output field samples size samples first seen number output field samples first seen samples adversaries array output field samples adversaries samples malwares array output field samples malwares samples filename string name of the resource samples risk level string output field samples risk level samples has network activity boolean output field samples has network activity samples url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"samples" \[{}]}} upload sample file upload files to team t5 threat vision ti for automated malware analysis; consumes 1 aap per file endpoint url api/v2/samples method post input argument name type required description files object required file to be analysed files file string optional parameter for upload sample file files file name string optional name of the resource input example {"files" {"file" "string","file name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful url string url endpoint for the request output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"url" "https //api threatvision org/api/v2/samples/uploaded sample hash"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt