Cisco Threat Response - Inspect for Observables
Details
This atomic belongs to the Cisco Threat Response atomic group.
Uses the Threat Response API to inspect content for observables.
Target: SecureX APIs or HTTP Endpoint for "visibility.amp.cisco.com" with a path of "/iroh"
Account Key: None (uses a token)
Steps:
[] Build the payload to send to the inspect API
[] Generate the authorization header
[] Check if the request was successful:
[]> If it was, set the output variable
[]> If it wasn't, return an error
More information about this API: https://visibility.amp.cisco.com/iroh/iroh-inspect/index.html
About
Authorship
Cisco Managed