Intel 471

Version: 1.1
Updated: Jul 06, 2023

Intel 471provides comprehensive coverage of the criminal underground, SaaS platform which exposes locally sourced human-driven, automation-enabled insights to gain broad coverage and monitor the threats.

Actions

• List Alerts (Enrichment) - Returns list of Alerts matching filter criteria excluding the following types: Malware reports, YARA.
• Search IOC (Enrichment) - Returns list of Indicators of compromise matching filter criteria.
• Stream Malware Intelligence Indicators (Enrichment) - Returns list of Indicators matching filter criteria.

Intel 471 configuration

1. Sign in Intel 471 using your username and password.
2. Use the token you received in your email to complete log in.
3. On the left menu, search for your profile and in API, under API KEY click to display your API Key.
4. Make sure you copy the API Key.

Intel 471 in Automation Service and Cloud SOAR

1. Access integrations in the Automation Service or Cloud SOAR.
2. After the list of the integrations appears, search/look for the integration and click on the row.
3. The integration details will appear. Click on the "+" button to add new Resource.
   
4. Populate all the required fields (*)
   • URL. 'https://api.intel471.com/'.
   • Email Address. your email address.
   • API Key. Insert the previously copied key.
5. Click Save.
   
6. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
   
7. Click TEST SAVED SETTINGS.
   
8. You should receive a successful notification in the bottom right corner.
   

Category

Threat Intelligence-Reputation

Change log

• May 23, 2022 - First Upload
• July 6, 2023 (v1.1) - Updated the integration with Environmental Variables