Intel 471 Adversary Intelligence

Updated 5 hours ago by Elvis Hovor

This document describes how to set up and use Intel 471 Adversary Intelligence with TruSTAR Station.

Adversary Intelligence provides proactive and groundbreaking insights into the methodology of top-tier cybercriminals: target selection, assets and tools used, associates and other enablers that support them. Intel 471’s field-driven collection and headquarters-based analysis is able to directly support the intelligence needs across an organization spanning security, executive, vulnerability, risk, investigation and fraud teams.

  • Time to Install: 10 minutes
  • Type of Feed: Automatic updates
  • Update Frequency: 15 minutes
  • Intel Type: Premium

Data Types

The integration pulls all observables supported by TruSTAR.

Requirements

  • A subscription to Intel 471 Adversary Intelligence
  • Intel 471 Adversary Intelligence API ID
  • Intel 471 Adversary Intelligence API Key
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Choose Closed Source.
  4. Click Subscribe on the Intel 471 Adversary Intelligence box.
  5. Enter the information requested and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

Report Mapping

Field 

Explanation

Report Title

UID: Subject field of response Example: xxxx: Actor partners with regular c

For subsequent reports, the Report Title increments the title using the format UID-{incremental No}: subject field of response. Example: xxxx-2: Actor plans to privatize, partner with regular client

External ID

Encoded value of (UID field of response. Example: daf8a134ce1654fe934ca384bf82e63c1cc

For subsequent reports, External ID increments the external ID.

Example: daf8a134ce1654fe934ca384bf82e63c1cc-1

Report Body

Individual item of json response (fields to be added in report body - uid, subject, created , Tags , portalReportUrl, reportIOCs - list of report indicators : ReportIOCs - List of unique values from {entities + derivedEntities} field of json response

Time Begun

Created field of response. Example: 1539060642000

Tags

Tags field of response. Example: ["Malware - Usage", "Vulnerabilities & Exploits"]

Deeplink

portalReportUrl field of response.

Example: https://titan.intel471.com/report/6b186800c307897f15e5ebc7d317309e

Client Type

PYTHON SDK

Client Meta Tag

trustash

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?