Script includes installed with Threat Intelligence Threat Intelligence adds the following script includes. Script include Description InactivateExpiredThreatInformation Inactivates expired threat information. Uses Threat Intelligence properties for age calculation. ScanHttpMultipartBuilder Takes a file and updates a RESTMessageV2 request body with the file contents. Also adds a request header to change the content type to multipart/form-data. SimpleBlocklistProcessor Plain text processor, chiefly used to parse and insert processor records. Because this does not use streaming APIs, the payload must be less than 5 MB for attachments. STIXParser A class for processing STIX XML data. TAXIIClient Facilitates communication with a TAXII server to retrieve collection information. TAXIICollectionDataProcessor Processor for data returned by TAXII Collection data retrieval. TAXIISourceIntegration Integration for running a REST call to retrieve data from a TAXII collection. The data returned by this integration is then passed to a data processor (typically TAXIICollectionDataProcessor). TAXIIV1_1RequestBuilder Builds TAXII requests in TAXII 1.1 format. TAXIIV1_1ResponseParser Parses the REST response body that conforms to the TAXII 1.1 specification. ThreatAdditionalInfo The API for acquiring additional information for a specific IP address or URL. This script include updates detailed information on the Observables screen using information retrieved using the following two Threat Intelligence properties: The domain name to retrieve additional information for IP addresses/URLs [sn_ti.ip_lookup.web_site] The API key to be used for the above domain, if any [sn_ti.ip_lookup.api_key] ThreatAJAX Contains AJAX functions to be used throughout the application. ThreatIntegrationBase A base class for Threat integrations to extend. ThreatProcessorBase A base class for processing response data from a Threat integration. ThreatScanner Wrapper class for Threat Scanner. Used as invocation point for real scans. ThreatScanQueueManager Queues the threat scan requests and hands them off to the processor. ThreatUtils Various functions for use throughout the Threat Intelligence plugin. VirusTotalBaseIntegration A base class for VirusTotal integrations. VirusTotalFileIntegration Contains logic for sending a file to VirusTotal to scan. VirusTotalHashIntegration Contains logic for sending a hash to VirusTotal to scan. VirusTotalIPIntegration Contains logic for sending an IP address to VirusTotal to scan. VirusTotalIPProcessor Contains logic to process an IP scan response from Virustotal. VirusTotalScanReportProcessor Contains logic for processing file ,URL, and hash scan responses from VirusTotal. VirusTotalURLIntegration Contains logic for sending a hash to VirusTotal to scan.