Enricher - Fox-IT InTELL Portal#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

Fox-IT InTELL Portal.

Input

Domain, hashes (hash-md5, hash-sha1, and hash-sha256), host, IP addresses (ipv4 and ipv6), and uri.

Output

Enriches supported observable types with relevant contextual information from forums, chats, and IRC channels.

API endpoint

https://cybercrime-portal.fox-it.com

Description

The Fox-IT InTELL Portal enricher provides information from a range of sources, such as forums and sites that have registered potentially suspicious activity.

Note

The default Source reliability value for this enricher is A – Fairly reliable.
You can change it to a different reliability value, as needed.

Configure the enricher parameters#

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Fox-IT InTELL Portal enricher.

  3. The Fox-IT InTELL portal URL field is automatically filled in.
    Default value: https://cybercrime-portal.fox-it.com/.

  4. The SSL verification checkbox is automatically selected.

  5. In the Path to SSL certificate file field, enter the path to the locally stored .pem or .crt SSL certificate you obtain from Fox-IT after subscribing to InTELL.

  6. In the Path to SSL key file field, enter the path to the locally stored .pem or .key SSL private key related to the SSL certificate.

  7. To store your changes, click Save; to discard them, click Cancel.