A handful of new Community Apps are live and available on the IBM Security App Exchange. These apps cover a wide range of use cases and contain various functions that can be implemented into a Resilient workflow. Please comment on this thread with any feedback or questions about the newest releases. Below is a description of the functionality of each app:
This integration package allows a Resilient user to query https://apility.io/ to get a reputation score for email addresses, domain names and IP addresses. This function can be set up in a workflow to retrieve investigative context around these artifacts.
This package contains a number of AWS functions that enables Resilient users to accomplish AWS related actions from a workflow. This app leverages AWS to perform these actions:
ClamAV is an open-source antivirus engine that detects trojans, viruses, malware, and other malicious threats. In Resilient, attachments within Incidents and Tasks can be scanned for malicious content by ClamAV from a workflow. The results of the scan are returned as a note in the Incident and can provide more context for suspected malicious attachments.
This integration performs the following operations:
Digital Shadows Search Function:
Use this function within Resilient to instantly access Digital Shadow's comprehensive collection of evolving historical threat intelligence assets, and expert security sources. Results returned from the function's query are displayed in a customizable data table within Resilient.
This updated function allows Resilient users to connect to and query an ElasticSearch Database automatically or manually within a workflow.
GRR Rapid Response Search:
GRR Rapid Response is an incident response framework focused on remote live forensics. This integration allows you to deploy Resilient workflows that search for GRR Agents using IP addresses, Host or User names, and then updates the Incident in Resilient with an attached note. From there a user can take manual or automated actions based on the results.
Easily share and analyze data from suspicious artifacts in PDF format. This simple function performs an action on artifacts within an Incident to convert HTML data or a web URL to a base64 coded PDF document that can be saved as an attachment.
MISP Threat Service:
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise. This integration with Resilient allows for an automatic query of MISP on many types of artifacts for qualification and data enrichment from a workflow.
This function connects Resilient with Phish.AI via it's API to submit URLs to Phish.AI for malicious intent analysis. The verdict of the URL is returned along with an incident note that contains a link to the report on Phish.AI.
The TOR Network is often misused by malicious actors. This integration with Resilient queries IP address and DNS name artifacts to search against TOR Network Exit Nodes and returns the data as a note within an Incident in Resilient. This information is helpful to provide more context surrounding an artifact.
This package contains one function which provides threat enrichment information about a submitted domain's WHOIS information. It performs these actions:
Happy New Year
Hi Ahmed,The Digital Shadows integration is supported by Digital Shadows. The App Exchange entry shows that support can be requested via the following email address: firstname.lastname@example.org. Hopefully, they will respond promptly to your questions.