This document applies to Classic/Legacy Integrations. You may continue to use these integration configurations. While no active development is happening for these integrations, we continue to provide Classic/Legacy Integrations in the product. You do not have to move to MSI Integrations. If your support engineer or TSC recommends or you choose to move to MSI Integrations, you can take advantage of the latest features and functionality. For more information, see the MSI Integration documentation in the Integrations Overview.
Intel471 can be used to bring Malware Family information into the Validation Platform. In the Threat Actor Library, the Malware Families will include malware related (Malware:Hancitor for example) TTPs. Intel471 does map to MITRE ATT&CK Tactics, but the Threat Actor Library excludes these because they are not granular enough to accurately relate to Actions.
API Calls
The following API calls are used by the Validation Platform.
| Purpose | Call |
|---|---|
| Retrieve the Malware Details | /v1/malwareReports?threatType=malware |
| /v1/events?threatType=malware&malwareFamily={malware_family} |
Prerequisites
Information to gather before you start:
- Identify the host, port, and protocol.
- Identify the Email address and API key. Any account that has API access can be used.
Configuration
To add the Intel471 integration
Go to Settings > Integrations.
- In the Threat Intelligence Platform Integrations table, click Add Integration > Intel471.
Enter the Host.
- Enter the Port.
- Select the Protocol.
- Enter the Email.
- Enter the API Key.
- Enter the Sync Interval in hours (default: 24 hours).
(Optional) Assign a Name.
- Click Submit. The integration automatically starts to sync after it is added.
Set up Proxy Assignment
If all outbound connections go through a proxy, you may want to set up a proxy definition and assignment for your integration. For information on setting up your proxy rules, see Proxy Rules.