Cisco Talos
Version: 2.1.0
IP Reputation center.
Connect Cisco Talos with LogicHub
- Navigate to Automations > Integrations.
- Search for Cisco Talos.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- After you've entered all the details, click Connect.
Actions for Cisco Talos
IP Reputation Lookup
Analyze the reputation of a given IP.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Column Name | Select the name of the column in the parent table containing to lookup value for Cisco Talos. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: analyzes the IP.
{"has_error": false, "error": null}
IP Reputation Lookup V2
Analyze reputation of a given IP
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
IP | Jinja-Templated text containing the value of ip. Example: {{ip}} | Required |
Time between consecutive API requests (in millis) | Time to wait between consecutive API requests in milliseconds. (Default is 0 milliseconds) | Optional |
Output
JSON containing the following items:
{
"result": {
"reputation": {
"reputation_x10": -1,
"no_score": false,
"threat_level_id": 3,
"rep_rule_id": [
625
],
"threat_cat_id": [],
"spam_prob_x10000": 4294966296,
"geo_location": {
"locality": "Charlotte",
"state_or_province": "North Carolina",
"postal_code": "28210",
"country": "US"
},
"geo_coords": {
"longitude": 0.0,
"latitude": 0.0,
"precision": 0,
"last_update_timestamp": 1738238406,
"longitude_x10000": 0,
"latitude_x10000": 0
},
"rvs_rate": 0.0,
"no_rvs_rate": true,
"network_info": {
"cidr_range": 17,
"subdivision_mask": 24,
"magnitude": null,
"average_magnitude_x10": 0
},
"org_stats": {
"org_info": {
"org_name": "level 3 parent llc",
"org_id": 3491930
},
"magnitude": {
"daily_x10": 70,
"monthly_x10": 71
},
"first_occurence": 1738261971848,
"num_domains": 13344,
"num_ip_controlled": 32771328,
"num_ip_email_senders": 475334,
"volume_forever": 7
},
"hostname": "",
"domain_magnitude": null,
"ipd_error": "IPDERROR_NONE",
"error_is_temporary": false,
"threat_level_mnemonic": "neutral",
"rep_rule_mnemonics": [
"Smd"
],
"dnsmatch": true,
"spam_level": "Critical",
"daychange": 0
},
"volume_info": {},
"related_ips": [
{
"ip": "4.2.2.2",
"host_info": {
"hostname": "b.resolvers.level3.net"
},
"magnitude": {
"daily_x10": 0,
"monthly_x10": 11
},
"reputation_x10": -2,
"threat_level_mnemonic": "neutral",
"block_lists": [],
"dnsmatch": ""
},
{
"ip": "4.2.2.73",
"host_info": {
"hostname": ""
},
"magnitude": {
"daily_x10": 0,
"monthly_x10": 6
},
"reputation_x10": 0,
"threat_level_mnemonic": "unknown",
"block_lists": [],
"dnsmatch": ""
},
{
"ip": "4.2.2.197",
"host_info": {
"hostname": ""
},
"magnitude": {
"daily_x10": 0,
"monthly_x10": 6
},
"reputation_x10": 0,
"threat_level_mnemonic": "unknown",
"block_lists": [],
"dnsmatch": ""
}
]
},
"error": null,
"has_error":false,
}
Release Notes
v2.1.0
- Added new actionIP Reputation Lookup V2
and deprecated the earlier one.v2.0.0
- Updated architecture to support IO via filesystemv1.0.7
- Added documentation link in the automation library.
Updated 28 days ago