Dragos WorldView

Updated 2 months ago by Sachit Soni

This document explains how to setup and use the Dragos WorldView premium intelligence source with the TruSTAR Web App.

The Dragos threat intelligence source, WorldView, provides actionable insights, analyses, alerts, and reports illuminating malicious activity and relevant recommendations.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 6 Hours
  • Time to install: 10 minutes

Data Types

The integration pulls the following observables:

  • SHA1
  • SHA256
  • Software
  • MD5
  • IP Address
  • URL

Requirements

  • A subscription to Dragos WorldView
  • Dragos WorldView API Key and API Secret

Getting Started

  1. Login into the TruSTAR Web App.
  2. Click the Marketplace icon on the Navigation Bar.
  3. Choose Premium Intel.
  4. Click Subscribe to Dragos.
  5. Enter your Dragos API Key and API Secret and then click Save Credentials & Request Subscription.

TruSTAR will validate and enable the iSight integration within 48 hours. You will receive an email from us informing you as soon as it is enabled.

TruSTAR Report Mapping

Field

Explanation

Report Title

Dragos: IOC-Type + IOC -Value

External ID

Dragos UUID taken from indicator

Report Body

Indicator JSON response with Product JSON response embedded on the ‘products’ field.

These responses are taken from:

Dragos Indicator Endpoint + Dragos Product Endpoint

Tags

 

Deeplink

None

Client Type

Python SDK

Client MetaTag

TruSTASH

Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.


How Did We Do?