Uses the Threat Response API to get verdicts for a given observable. Note that if an observable has multiple verdicts, the following priorities are used: clean, malicious, suspicious, unknown. As in, if an observable has one verdict that's suspicious and one that's clean, this atomic will return clean.

Target: SecureX APIs or HTTP Endpoint for "visibility.amp.cisco.com" with a path of "/iroh"

Account Key: None (uses a token)

Steps:
[] Generate the observable JSON
[] Generate the authorization header
[] Request verdict information from Threat Response
[] Check if the request was successful:
[]> If it wasn't, return an error
[]> If it was, extract the dispositions and determine which final disposition to return

More information about this API: https://visibility.amp.cisco.com/iroh/iroh-enrich/index.html#/Deliberate/post_iroh_iroh_enrich_deliberate_observables

Cisco Threat Response - Deliberate Observable