Add a lookup source

You can set up a new lookup source, associate it with supported lookup types, and set a lookup rate limit, as needed.

Before you begin

Role required: sn_ti.admin

About this task

Before you can add a third-party lookup source service, you must obtain a license to use that service and, often, an API Key to facilitate the integration.

Procedure

  1. Navigate to Threat Intelligence > IoC Lookup > Lookup Sources.
  2. Click New.
  3. Fill in the fields, as needed.
    Table 1. Malware Scanners
    Field Description
    Name Enter a name for the threat lookup source.
    Application The type of scoped application.
    Active Select this check box to activate this threat lookup source.
  4. Right-click in the form header, and click Save.
  5. In the Supported lookup types related list, click New.
  6. Fill in the fields, as needed.
    Table 2. Supported lookup type
    Field Description
    Lookup Source Auto-fills with the name of the lookup source you are defining.
    Include in bulk lookup Select this check box to include this lookup type in lookups by this lookup source.
    Lookup type Select an existing supported lookup type, or click the magnifying glass and click New to define a new supported lookup type.
    Integration factory script Enter a script to construct the lookup source integration implementation that is defined by a script include. The script include extends sn_sec_cmn.ScannerIntegrationBase, and provides the mechanism that makes lookup requests and report requests with a threat lookup engine. The last line of the script is the constructed integration implementation.
    Processor factory script The script to construct the lookup report processing implementation that is defined by a script include. The script include extends sn_sec_cmn.ScannerProcessorBase, and provides the mechanism that processes a lookup report from a threat lookup engine. The last line of the script is the constructed processor implementation.
  7. If you want to make this lookup type the default for this lookup source, right-click in the form header, click Save, then click Make default. Otherwise, click Submit.
  8. Repeat steps 5 through 7 for each supported lookup type you want to associate with this lookup source.
  9. If you want to define a lookup source rate limit, click the Source rate limit related list.