Enricher - DShield
This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.
|
|
Specifications |
|
Enricher name |
DShield Enricher |
|
Input |
Ipv4. |
|
Output |
Users are able to enrich IPv4 observables on the platform, returning a summary of the IP (asn and attack count information). |
|
API endpoint |
http://isc.sans.edu/api/ip/<Ipv4 Extract> |
|
Description |
This extension allows users to enrich IPv4 observables on the platform to see related infrastructure and metadata. |
Configure the enricher parameters
Edit the enricher.
From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the DShield enricher.
The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default value: http://isc.sans.edu/.To store your changes, click Save; to discard them, click Cancel.