Cisco Threat Response - Enrich Observable
Details
This atomic belongs to the Cisco Threat Response atomic group.
Uses the Threat Response API to collect information about a given observable from all enabled modules.
Target: SecureX APIs or HTTP Endpoint for "visibility.amp.cisco.com" with a path of "/iroh"
Account Key: None (uses a token)
Steps:
[] Generate the observable JSON
[] Generate the authorization header
[] Request enrichment information from Threat Response
[] Check if the request was successful:
[]> If it wasn't, return an error
[]> If it was, set the output variable
More information about this API: https://visibility.amp.cisco.com/iroh/iroh-enrich/index.html#/Observe/post_iroh_iroh_enrich_observe_observables
About
Authorship
Cisco Managed