Enricher - Intelfinder Enricher#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

	Specifications
Enricher name	Intelfinder Enricher
Supported observable types	`ipv4` `ipv6` `domain` `uri`
Output	Indicator entity with associated observables.
API endpoint	Set this to the provider API endpoint
Description	This enricher looks up for Domain, IPV4, IPV6, Url the enriched observable using the Intelfinder endpoint.

Requirements#

-Intelfinder API URL . -Intelfinder Client ID & Secret.

Set up the enricher#

Before using the enricher, configure it to add your Intelfinder credentials:

Go to Data configuration > Enrichers.
Select the enricher from the displayed list.
Edit the enricher by selecting from the top right More > Edit.
In the Edit enricher task view, fill out these fields:

Note

Required fields are marked with an asterisk (*).

Field

Description

Client ID*

Set this to your Intelfinder Client ID.

Client Secret*

Set this to your Intelfinder Client Secret.

API URL*

Set this to the API Url
Click Save to store your changes.

Field	Description
Client ID*	Set this to your Intelfinder Client ID.
Client Secret*	Set this to your Intelfinder Client Secret.
API URL*	Set this to the API Url

Default configuration#

These are the default configuration parameters for the Intelfinder enricher:

Note

Required fields are marked with an asterisk (*).

Field	Description
Name	Leave this as “Intelfinder Enricher”. Set by default.
Override TLP	Forces all entities and observables produced by this extension to inherit this TLP value.
Description*	Enter a description for this enricher.
Cache validity (sec)*	Set to `2592000` seconds (30 days) by default.
Rate limit (per sec)*	Set to `1000` seconds by default.
Monthly execution cap (runs)*	Set to `1000000` runs by default.
Source reliability*	Assign a reliability level to entities and observables produced by this extension. The values here are based on the Admiralty System.
Observable types*	Observable types to enrich. By default, this is set to the observables supported by the Intelfinder enricher: `ipv4`, `domain`, `asn` and `hash-sha256`
Enabled	Select to enable this enricher.
API URL*	Set to `https://dash.cyber-ats.com/api.php` by default.
Client ID*	Set this to your Intelfinder Client ID.
Client Secret*	Set this to your Intelfinder Client Secret.
SSL verification	Selected by default. Select to enable SSL verification.
Path to SSL certificate file	Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.

Enrichment result#

When the Intelfinder enricher is applied to an observable, it will create a takedown request and then an incoming feed can be used to fetch alerts for the same.