Enricher - Fox-IT InTELL Portal
This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.
|
Specifications |
Enricher name |
Fox-IT InTELL Portal. |
Input |
Domain, hashes (hash-md5, hash-sha1, and hash-sha256), host, IP addresses (ipv4 and ipv6), and uri. |
Output |
Enriches supported observable types with relevant contextual information from forums, chats, and IRC channels. |
API endpoint |
https://cybercrime-portal.fox-it.com |
Description |
The Fox-IT InTELL Portal enricher provides information from a range of sources, such as forums and sites that have registered potentially suspicious activity. |
The default Source reliability value for this enricher is A – Fairly reliable.
You can change it to a different reliability value, as needed.
Configure the enricher parameters
Edit the enricher.
From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Fox-IT InTELL Portal enricher.
The Fox-IT InTELL portal URL field is automatically filled in.
Default value: https://cybercrime-portal.fox-it.com/.The SSL verification checkbox is automatically selected.
In the Path to SSL certificate file field, enter the path to the locally stored .pem or .crt SSL certificate you obtain from Fox-IT after subscribing to InTELL.
In the Path to SSL key file field, enter the path to the locally stored .pem or .key SSL private key related to the SSL certificate.
To store your changes, click Save; to discard them, click Cancel.