Enricher - ReversingLabs Spectra Intelligence Lookup#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

ReversingLabs Spectra Intelligence Lookup

Supported observable types

  • ipv4

  • hash-sha256

  • domain

  • hash-sha512

  • uri

  • hash-md5

  • hash-sha1

Output

Report entity with associated observables.

Base Url

URL to download content from

Description

This enricher looks up for Domain, IPV4, Hashes and Url, the enriched observable using the ReversingLabs Spectra Intelligence Lookup endpoint.

Requirements#

  • API URL ReversingLabs Spectra Intelligence Lookup.

  • ReversingLabs Spectra Intelligence Lookup Username & Password.

Set up the enricher#

Before using the enricher, configure it to add your ReversingLabs Spectra Intelligence Lookup credentials:

  1. Go to Data configuration Data configuration icon > Enrichers.

  2. Select the enricher from the displayed list.

  3. Edit the enricher by selecting from the top right More More > Edit.

  4. In the Edit enricher task view, fill out these fields:

    Note

    Required fields are marked with an asterisk (*).

    Field

    Description

    Username*

    Set this to your ReversingLabs Spectra Intelligence Lookup Username.

    Password*

    Set this to your ReversingLabs Spectra Intelligence Lookup Password.

    API URL*

    Set this to the API Url

  5. Click Save to store your changes.

Default configuration#

These are the default configuration parameters for the ReversingLabs Spectra Intelligence Lookup enricher:

Note

Required fields are marked with an asterisk (*).

Field

Description

Name

Leave this as “ReversingLabs Spectra Intelligence Lookup”. Set by default.

Override TLP

Forces all entities and observables produced by this extension to inherit this TLP value.

Description*

Enter a description for this enricher.

Cache validity (sec)*

Set to 2592000 seconds (30 days) by default.

Rate limit (per sec)*

Set to 1000 seconds by default.

Monthly execution cap (runs)*

Set to 1000000 runs by default.

Source reliability*

Assign a reliability level to entities and observables produced by this extension. The values here are based on the Admiralty System.

Observable types*

Observable types to enrich. By default, this is set to the observables supported by the ReversingLabs Spectra Intelligence Lookup enricher: ipv4, domain, uri, hash-sha1, md5, hash-sha256 and hash-sha256

Enabled

Select to enable this enricher.

API URL*

Set to https://data.reversinglabs.com by default.

Username*

Set this to your ReversingLabs Spectra Intelligence Lookup Username.

Password*

Set this to your ReversingLabs Spectra Intelligence Lookup Password.

SSL verification

Selected by default. Select to enable SSL verification.

Path to SSL certificate file

Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.

Enrichment result#

When the ReversingLabs Spectra Intelligence Lookup enricher is applied to an observable, it attaches a Report entity to the enriched observable.

Attached to the Report entity are associated observables.