Apivoid

Version: 1.0.4

Apivoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention, reducing and automating the manual work of security analysts.

Connect Triage with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Apivoid.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API Key: The API key to connect to the Apivoid Server.
  4. After you've entered all the details, click Connect.

Actions for Triage

IP Reputation Check

Detect malicious IP address commonly used for spam, to attack websites or to commit fraudulent activities.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IP addressJinja-templated text containing the IP address. Example: 110.235.237.9Required

Output

JSON containing the following items:

{
    "data": {
        "report": {
            "ip": "110.235.237.56",
            "blacklists": {
                "engines": {
                    "0": {
                        "engine": "0spam",
                        "detected": false,
                        "reference": "https://0spam.org/",
                        "elapsed": "1.19"
                    },
                    "13": {
                        "engine": "APEWS-L2",
                        "detected": false,
                        "reference": "http://www.apews.org/",
                        "elapsed": "0.00"
                    }
                },
              	"detections": 2,
                "engines_count": 83,
                "detection_rate": "2%",
                "scantime": "2.31"
            },
         		 "information": {
                "reverse_dns": "",
                "continent_code": "AS",
                "continent_name": "Asia",
                "country_code": "IN",
                "country_name": "India",
                "country_currency": "INR",
                "country_calling_code": "91",
                "region_name": "Uttar Pradesh",
                "city_name": "Kanpur",
                "latitude": 26.4666690826416,
                "longitude": 80.3499984741211,
                "isp": "VeriVoz Communication Private Limited",
                "asn": "AS133982"
            },
            "anonymity": {
                "is_proxy": false,
                "is_webproxy": false,
                "is_vpn": false,
                "is_hosting": false,
                "is_tor": false
            },
            "risk_score": {
                "result": 100
            }
        }
    }
}

URL Reputation Check

Check if a URL is potentially malicious.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
URLJinja-templated text containing the URL. Example: https://www.google.comRequired

Output

JSON containing the following items:

{
"data": {
        "report": {
            "dns_records": {
                "ns": {
                    "records": [
                        {
                            "target": "ns2.google.com",
                            "ip": "216.239.34.10",
                            "country_code": "US",
                            "country_name": "United States of America",
                            "isp": "Google LLC"
                        }],
                      "risk_score": {
              			  	"result": 0
            					},
                      "security_checks": {
                        "is_host_an_ipv4": false,
                        "is_uncommon_host_length": false,
                        "is_uncommon_dash_char_count": false,
                        "is_uncommon_dot_char_count": false,
                        "is_suspicious_url_pattern": false
                      },
                      "site_category": {
                        "is_torrent": false,
                        "is_vpn_provider": false,
                        "is_free_hosting": false
                      },
                      "url_parts": {
                        "scheme": "https",
                        "host": "www.google.com",
                        "host_nowww": "google.com",
                        "port": null,
                        "path": "/",
                        "query": null
                    	},
                      "web_page": {
                          "title": "Google",
                          "description": "",
                          "keywords": ""
                      }
                }
            }
        }
}

Release Notes

  • v1.0.4 - Initial release with URL Reputation Check and IP Reputation Check Actions.

© Devo Technology Inc. All Rights Reserved.