Enricher - Team Cymru IP Details#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Requirements#

Before using the enricher, configure it to add your Team Cymru credentials:

Field	Description
API key*	Set this to your Team Cymru API key.
API URL*	Set this to the API Url

These are the default configuration parameters for the Team Cymru enricher:

Note

Required fields are marked with an asterisk (*).

Field	Description
Name	Leave this as “Team Cymru IP Details”. Set by default.
Override TLP	Forces all entities and observables produced by this extension to inherit this TLP value.
Description*	Enter a description for this enricher.
Cache validity (sec)*	Set to `2592000` seconds (30 days) by default.
Rate limit (per sec)*	Set to `1000` seconds by default.
Monthly execution cap (runs)*	Set to `1000000` runs by default.
Source reliability*	Assign a reliability level to entities and observables produced by this extension. The values here are based on the Admiralty System.
Observable types*	Observable types to enrich. By default, this is set to the observables supported by the Team Cymru enricher: `ipv4`, `ipv6`
Enabled	Select to enable this enricher.
API URL*	Set to `https://scout.cymru.com/api/scout/ip/` by default.
API key*	Set this to your Team Cymru API key.
SSL verification	Selected by default. Select to enable SSL verification.
Path to SSL certificate file	Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.

When the Team Cymru enricher is applied to an observable, it attaches a Report entity to the enriched observable.

Attached to the Report entity are associated observables.