Enricher - DShield#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

DShield Enricher

Input

Ipv4.

Output

Users are able to enrich IPv4 observables on the platform, returning a summary of the IP (asn and attack count information).

API endpoint

http://isc.sans.edu/api/ip/<Ipv4 Extract>

Description

This extension allows users to enrich IPv4 observables on the platform to see related infrastructure and metadata. DShield API provides a REST API to retrieve threat indicators.

Configure the enricher parameters#

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the DShield enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: http://isc.sans.edu/.

  4. To store your changes, click Save; to discard them, click Cancel.