Intel 471 Alerts

Updated 5 hours ago by Elvis Hovor

This document describes how to set up and use Intel 471 Alerts with TruSTAR Station.

Intel 471's malware intelligence leverages adversary intelligence and underground capabilities to provide timely data and context on malware and adversary infrastructure. Intel 471 is focused on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyber attacks.

  • Time to Install: 10 minutes
  • Type of Feed: Automatic updates
  • Update Frequency: 15 minutes
  • Intel Type: Premium

Data Types

The integration pulls all observables supported by TruSTAR.

Requirements

  • A subscription to Intel 471 Alerts
  • Alerts API ID
  • Alerts API Key
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Choose Closed Source.
  4. Click Subscribe on the Intel 471 Alerts box.
  5. Enter the information requested and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

Report Mapping

Field 

Explanation

Report Title

UID field of response + subject field of response if available

Example: 59413a3c441d6663bf8795bc Important message from the forum administration!

External ID

Encoded value of UID field of response. Example: 59413a3c441d6663bf8795bc

Report Body

Individual item of json response

Time Begun

foundTime field of response. Example: 1497446972076

Tags

Tags field of response when alert is of type report. Example: ["Denial of Service", "Tools"]

Deeplink

portalReportUrl field of response when alert is of type report.

Example: https://titan.intel471.com/report/6b186800c30789

Client Type

PYTHON SDK

Client Meta Tag

trustash

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?