Script includes installed with Threat Intelligence Threat Intelligence adds the following script includes. Script include Description InactivateExpiredThreatInformation Inactivates expired threat information. Uses Threat Intelligence properties for age calculation. ScanHttpMultipartBuilder Takes a file and updates a RESTMessageV2 request body with the file contents. Also adds a request header to change the content type to multipart/form-data. SimpleBlocklistProcessor Plain text processor, chiefly used to parse and insert processor records. Because this script include does not use streaming APIs, the payload must be less than 5 MB for attachments. STIXParser A class for processing STIX XML data. TAXIIClient Facilitates communication with a TAXII server to retrieve collection information. TAXIICollectionDataProcessor Processor for data returned by TAXII Collection data retrieval. TAXIISourceIntegration Integration for running a REST call to retrieve data from a TAXII collection. The data returned by this integration is then passed to a data processor (typically TAXIICollectionDataProcessor). TAXIIV1_1RequestBuilder Builds TAXII requests in TAXII 1.1 format. TAXIIV1_1ResponseParser Parses the REST response body that conforms to the TAXII 1.1 specification. ThreatAdditionalInfo The API for acquiring additional information for a specific IP address or URL. This script include updates detailed information on the Observables screen using information retrieved using the following two Threat Intelligence properties: The domain name to retrieve additional information for IP addresses/URLs [sn_ti.ip_lookup.web_site] The API key to be used for the above domain, if any [sn_ti.ip_lookup.api_key] ThreatAJAX Contains AJAX functions to be used throughout the application. ThreatScannerIntegrationBase A base class for Threat integrations to extend. ThreatUtils Various functions for use throughout the Threat Intelligence plugin. The Security Support Common [com.snc.security_support.common] plugin, which is activated when you activate Threat Intelligence, adds the following script includes. Script include Description Scanner The lookup source and scanner implementations for Threat Intelligence and Vulnerability Response. ScannerIntegrationBase Base class for lookup source and scanner integration implementations. ScannerProcessorBase Base class for lookup source and scanner processor implementations. ScannerUtils Common lookup source and scanner helper methods. ScanQueueManager The lookup and scan queues manager implementation for Threat Intelligence and Vulnerability Response. Related ReferenceTables installed with Threat IntelligenceProperties installed with Threat IntelligenceRoles installed with Threat IntelligenceClient scripts installed with Threat IntelligenceBusiness rules installed with Threat Intelligence
Script includes installed with Threat Intelligence Threat Intelligence adds the following script includes. Script include Description InactivateExpiredThreatInformation Inactivates expired threat information. Uses Threat Intelligence properties for age calculation. ScanHttpMultipartBuilder Takes a file and updates a RESTMessageV2 request body with the file contents. Also adds a request header to change the content type to multipart/form-data. SimpleBlocklistProcessor Plain text processor, chiefly used to parse and insert processor records. Because this script include does not use streaming APIs, the payload must be less than 5 MB for attachments. STIXParser A class for processing STIX XML data. TAXIIClient Facilitates communication with a TAXII server to retrieve collection information. TAXIICollectionDataProcessor Processor for data returned by TAXII Collection data retrieval. TAXIISourceIntegration Integration for running a REST call to retrieve data from a TAXII collection. The data returned by this integration is then passed to a data processor (typically TAXIICollectionDataProcessor). TAXIIV1_1RequestBuilder Builds TAXII requests in TAXII 1.1 format. TAXIIV1_1ResponseParser Parses the REST response body that conforms to the TAXII 1.1 specification. ThreatAdditionalInfo The API for acquiring additional information for a specific IP address or URL. This script include updates detailed information on the Observables screen using information retrieved using the following two Threat Intelligence properties: The domain name to retrieve additional information for IP addresses/URLs [sn_ti.ip_lookup.web_site] The API key to be used for the above domain, if any [sn_ti.ip_lookup.api_key] ThreatAJAX Contains AJAX functions to be used throughout the application. ThreatScannerIntegrationBase A base class for Threat integrations to extend. ThreatUtils Various functions for use throughout the Threat Intelligence plugin. The Security Support Common [com.snc.security_support.common] plugin, which is activated when you activate Threat Intelligence, adds the following script includes. Script include Description Scanner The lookup source and scanner implementations for Threat Intelligence and Vulnerability Response. ScannerIntegrationBase Base class for lookup source and scanner integration implementations. ScannerProcessorBase Base class for lookup source and scanner processor implementations. ScannerUtils Common lookup source and scanner helper methods. ScanQueueManager The lookup and scan queues manager implementation for Threat Intelligence and Vulnerability Response. Related ReferenceTables installed with Threat IntelligenceProperties installed with Threat IntelligenceRoles installed with Threat IntelligenceClient scripts installed with Threat IntelligenceBusiness rules installed with Threat Intelligence
