Intel 471 Alerts
This document describes how to set up and use the Intel 471 Alerts premium intelligence source with the TruSTAR Web App.
Intel 471's Alert service leverages adversary intelligence and underground capabilities to provide timely data and context on malware and adversary infrastructure. Intel 471 is focused on infiltrating and maintaining access to premium intel where threat actors collaborate, communicate and plan cyber attacks.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Time to Install: 10 minutes
Data Types
The integration pulls all Observables supported by TruSTAR.
Requirements
- A subscription to Intel 471 Alerts
- Alerts API ID (Intel 471 portal login email)
- Alerts API Key TruSTAR Admin rights are required to activate this Premium Intelligence feed.
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side icon list.
- Choose Premium intel.
- Click Subscribe on the Intel 471 Alerts box.
- Enter the information requested and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
Report Mapping
Field | Explanation | Example |
Report Title | UID field of response + subject field of response if available | 59413a3c441d6663bf8795bc Important message from the forum administration! |
External ID | Encoded value of UID field of response. Example: | 99999a3c441d6663bfXXXXX |
Report Body | Individual item of json response | |
Time Begun | foundTime field of response. | 9999946972099 |
Tags | Tags field of response when alert is of type report. | ["Denial of Service", "Tools"] |
Deeplink | portalReportUrl field of response when alert is of type report. | https://titan.intel471.com/report/XXXXXX |
Client Type | PYTHON SDK | |
Client Meta Tag | trustash |
Known Issues
No reported issues.
Please reach out to support@trustar.co if you have issues with this integration.