Also, set the confidence and threat ratings you would like to apply to the created indicators. Double click the “Set Variables” app and provide the URL to a Google Alerts RSS feed.Double click on the “Run on Interval” app and specify how often and when you would like the app to run.Then import the Google Alert Feed Reader.pbx file. Go to the “ Playbooks ” tab in ThreatConnect and click “New” > “Import” (on ThreatConnect versions before 5.7, you can just click the “Import” button). To do this, go to and download the “ Google Alert Feed Reader.pbx ” file. Once you have a Google alert RSS feed setup, you can install and use the Playbook. There are details and instructions for setting up a RSS feed for a Google alert here: There are two main parts to this system: a Google alert RSS feed and this Playbook. ThreatConnect developed this Playbook to read a Google Alerts RSS feed and create indicators from the links. This is extremely useful for automating the threat hunting process especially when there is an outbreak of compromised hosts that can be easily discovered using a Google search. This Playbook will then read from the RSS feed on a regular interval and create all of the urls as indicators in ThreatConnect. When this happens, it is helpful to use Google Alerts to create a RSS feed of websites matching the search. Once in a while, there is a Google search that turns up a lot of malicious or compromised domains. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention. ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. Read a Google Alerts RSS feed and create indicators from the links
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |