Page tree

Contents

Provides threat reports on an indicator from iSight.

Data Structure:

{
 “match”: bool,
 “response”: [
  {
   “summary”: { 
    “ThreatScape”: [string], 
    “publishDate”: integer, 
    “reportId”: string,
    “title”: string
  },
  “details”: { 
    “abstract”: string, 
    “analysis”: string, 
    “copyright”: string,
    “execSummary”: string, 
    “publishDate”: string, 
    “reportId”: string, 
    “riskRating”: string, 
    “title”: string,
    “version”: string, 
     “tagSection”: {
       “networks”: {
        “network”: [
         {
          “domain”: string, 
          “identifier”: string, 
          “ip”: string, 
          “networkType”: string,
         },
         …
        ],
        “main”: {
         “affectedIndustry”: [string], 
         “affectedSystems”: {
          “affectedSystem”: [string]
         },
         “impacts”: { 
“impact”: [string] }, “intendedAudiences”: { “intendedAudience”: [string] }, “ttps”: { “ttp”: [string] } } } }
}
}, … ] }

Example:

With an indicator of “http://moiparks.in/bubu/file.exe” iSight will return

{
 "match": true,
 "response": [
  {
   "details": { 
    "ThreatScape": {
      "product": [
       "ThreatScape Cyber Crime"
      ]
    },
     "abstract": "\u003cp\u003eThe Pony (aka Fareit) tool is a generic platfor…", 
     "copyright": "© Copyright 2017 FireEye, Inc. All rights reserved.", 
     "execSummary": "\u003cp\u003eThe Pony (aka Fareit) tool is a generic …", 
     "publishDate": "June 15, 2016 08:36:00 AM",
     "reportId": "16-00009344",
     "riskRating": "LOW", 
     "tagSection": {
      "files": {
       "file": [
         {
          "fileName": "UNAVAILABLE",
          "identifier": "Attacker",
          "md5": "f53631c1641461cbffbd3ca598f3aee7",
          "sha1": "3e207d750f0761631db2027dba778e411069c1f2",
          "sha256": "c89da29e589f8680486e10ef8ed81b7d3150b0dfacbc8de4ac90fcf43f06d00a"
         }],
     "title": "Indicator Report: Pony Activity Report (June 8 to 15, 2016)", 
     "version": "1"
    },
    "summary": { 
"ThreatScape": [ "Cyber Crime" ], "publishDate": 1465997760, "reportId": "16-00009344", "title": "Indicator Report: Pony Activity Report (June 8 to 15, 2016)" }


Click here to return to the Infoblox Dossier User Guide main page.

  • No labels

This page has no comments.