Threatminer
Version: 2.0.0
An open source search engine for fast threat intelligence research & pivoting with context.
Connect Threatminer with LogicHub
- Navigate to Automations > Integrations.
- Search for Threatminer.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- After you've entered all the details, click Connect.
Actions for Threatminer
IP Scan (Deprecated)
Scans an IP address.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column Name | Column name from parent table to scan IP. | Required |
Output
A JSON object containing multiple rows of result:
- result: The suspicious activity of the IP address.
Domain Scan (Deprecated)
Scans a domain.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column Name | Column name from parent table to scan Domain. | Required |
Output
A JSON object containing multiple rows of result:
- result: The suspicious activity of the Domain.
Hash Scan (Deprecated)
Scans a hash.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column Name | Column name from parent table to scan hash. | Required |
Output
A JSON object containing multiple rows of result:
- result: The suspicious activity of the Hash.
IP Scan
Scans an IP address.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| IP Address | Jinja-templated text containing the IP address to scan. | Required |
Output
A JSON object containing multiple rows of result:
- result: The suspicious activity of the IP address.
- has_error: True/False
- error: message/null
Domain Scan
Scans a domain.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Domain name | Jinja-templated text containing the domain to scan. | Required |
Output
A JSON object containing multiple rows of result:
- result: The suspicious activity of the Domain.
- has_error: True/False
- error: message/null
Hash Scan
Scans a hash.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Hash value | Jinja-templated text containing the hash to scan. | Required |
Output
A JSON object containing multiple rows of result:
- result: The suspicious activity of the Hash.
- has_error: True/False
- error: message/null
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.1.1- Added documentation link in the automation library.v1.1.3- Added new versions of 3 actions: IP Scan, Hash Scan, Domain Scan and marked previous ones as deprecated.
Updated about 1 year ago