Anomali ThreatStream collects global threat data, providing you with the insights you need to determine if an event is a security threat.

• Checks the reputation of a given URL, IP address, domain name, hash of a file, or email address.
• Returns enrichment data for a domain or IP address for available indicators (observables).
• Imports indicators (observables) into ThreatStream.
• Returns an HTML file with a description of the threat model.
• Returns a list of indicators associated with the specified model.
• Submits a file or URL to the ThreatStream-hosted sandbox for detonation.
• Returns a report of a file or URL submitted to the sandbox.
• Returns filtered indicators or intelligence from ThreatStream.
• Adds tags to intelligence to filter for related entities.
• Creates or updates a threat model with the specified parameters.

This content pack includes 2 playbooks that:

• Detonates one or more files. It returns relevant reports to the War Room and file reputations to the context data.
• Detonates one or more URLs. It returns relevant reports to the War Room and URL reputations to the context data.