Giter Club home page Giter Club logo

ipqualityscore's Introduction

IPQualityScore

Publisher: IPQualityScore
Connector Version: 1.0.2
Product Vendor: IPQualityScore
Product Name: IPQualityScore
Product Version Supported (regex): ".*"
Minimum Product Version: 5.1.0

This app implements IP, URL and Email investigative capabilities utilizing IPQualityScore

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a IPQualityScore asset in SOAR.

VARIABLE REQUIRED TYPE DESCRIPTION
apikey required password API key

Supported Actions

test connectivity - Validates the connectivity by querying IPQualityScore
email validation - Queries IPQualityScore's Email Validation API
url checker - Queries IPQualityScore's malicious URL scanner API
ip reputation - Queries IPQualityScore's Proxy and VPN detection API

action: 'test connectivity'

Validates the connectivity by querying IPQualityScore

Type: test
Read only: True

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'email validation'

Queries IPQualityScore's Email Validation API

Type: investigate
Read only: True

If email information is unavailable in IPQualityScore, only 'email' and 'message' property would be populated. The 'strictness' is an optional parameter to perform (higher number) or ignore (lower number) of additional intelligence checks. The possible values for 'strictness' are 0,1 and 2.

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
email required Email to query for reputation information string email
fast optional Enables or disables SMTP check with the mail service provider boolean
suggest_domain optional Force analyze if the email address's domain has a typo and should be corrected to a popular mail service boolean
timeout optional Maximum number of seconds to wait for a reply from a mail service provider numeric
strictness optional Sets how strictly spam traps and honeypots are detected by system (Possible Values: 0, 1 and 2) numeric
abuse_strictness optional Set the strictness level for machine learning pattern recognition of abusive email addresses numeric

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.email string email
action_result.parameter.fast boolean
action_result.parameter.timeout numeric
action_result.parameter.suggest_domain boolean
action_result.parameter.strictness numeric
action_result.parameter.abuse_strictness numeric
action_result.data.*.valid boolean
action_result.data.*.timeout boolean
action_result.data.*.disposable boolean
action_result.data.*.first_name string
action_result.data.*.deliverability string
action_result.data.*.smtp_score numeric
action_result.data.*.overall_score numeric
action_result.data.*.catch_all boolean
action_result.data.*.generic boolean
action_result.data.*.common boolean
action_result.data.*.dns_valid boolean
action_result.data.*.honeypot boolean
action_result.data.*.frequent_complainer boolean
action_result.data.*.suspect boolean
action_result.data.*.recent_abuse boolean
action_result.data.*.fraud_score numeric
action_result.data.*.leaked boolean
action_result.data.*.suggested_domain string
action_result.data.*.first_seen.human string
action_result.data.*.domain_age.human string
action_result.data.*.spam_trap_score string
action_result.data.*.sanitized_email string
action_result.data.*.request_id string
action_result.status string
action_result.message string
action_result.summary.Message string
action_result.summary.Status_Code numeric
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'url checker'

Queries IPQualityScore's malicious URL scanner API

Type: investigate
Read only: True

If URL information is unavailable in IPQualityScore, only 'url' and 'in_database' property would be populated. The 'strictness' is an optional parameter to perform (higher number) or ignore (lower number) of additional intelligence checks. The possible values for 'strictness' are 0,1 and 2.

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
url required URL to query for reputation information string url
strictness optional How strict should we scan this URL? (Possible Values: 0, 1 and 2) numeric

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.strictness numeric
action_result.parameter.url string url
action_result.data.*.message string
action_result.data.*.success boolean
action_result.data.*.unsafe boolean
action_result.data.*.domain string
action_result.data.*.ip_address string ip
action_result.data.*.server string
action_result.data.*.content_type string
action_result.data.*.status_code numeric
action_result.data.*.page_size numeric
action_result.data.*.domain_rank numeric
action_result.data.*.dns_valid boolean
action_result.data.*.parking boolean
action_result.data.*.spamming boolean
action_result.data.*.malware boolean
action_result.data.*.phishing boolean
action_result.data.*.suspicious boolean
action_result.data.*.risk_score numeric
action_result.data.*.request_id string
action_result.status string
action_result.summary.Message string
action_result.summary.Status_Code numeric
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'ip reputation'

Queries IPQualityScore's Proxy and VPN detection API

Type: investigate
Read only: True

If URL information is unavailable in IPQualityScore, only 'message' and 'status_code' properties would be populated. The 'strictness' is an optional parameter to perform (higher number) or ignore (lower number) of additional intelligence checks. The possible values for 'strictness' are 0,1 and 2.

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP to query for reputation information string ip
strictness optional How in depth (strict) do you want this query to be? (Possible Values: 0, 1 and 2) numeric
user_agent optional Additional checks against bots string
user_language optional Additional risk evaluation string
fast optional Certain forensic checks are skipped boolean
mobile optional Specifies if this lookup should be treated as a mobile device boolean
allow_public_access_points optional Specifies if this lookup should be treated as a mobile device boolean
lighter_penalties optional Enable this setting to lower detection rates and Fraud Scores for mixed quality IP addresses boolean
transaction_strictness optional Adjusts the weights for penalties applied due to irregularities numeric

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.strictness numeric
action_result.parameter.user_agent string
action_result.parameter.user_language string
action_result.parameter.fast boolean
action_result.parameter.mobile boolean
action_result.parameter.allow_public_access_points boolean
action_result.parameter.lighter_penalties boolean
action_result.parameter.transaction_strictness boolean
action_result.parameter.ip string ip
action_result.data.*.message string
action_result.data.*.success boolean
action_result.data.*.fraud_score numeric
action_result.data.*.country_code string
action_result.data.*.city string
action_result.data.*.region string
action_result.data.*.ISP string
action_result.data.*.organization string
action_result.data.*.ASN numeric
action_result.data.*.latitude numeric
action_result.data.*.longitude numeric
action_result.data.*.is_crawler boolean
action_result.data.*.timezone string
action_result.data.*.host string
action_result.data.*.proxy boolean
action_result.data.*.vpn boolean
action_result.data.*.tor boolean
action_result.data.*.active_vpn boolean
action_result.data.*.active_tor boolean
action_result.data.*.connection_type string
action_result.data.*.recent_abuse boolean
action_result.data.*.abuse_velocity string
action_result.data.*.bot_status boolean
action_result.data.*.mobile boolean
action_result.data.*.country_code string
action_result.data.*.fraud_score numeric
action_result.data.*.request_id string
action_result.data.*.operating_system string
action_result.status string
action_result.summary.Message string
action_result.summary.Status_Code numeric
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

ipqualityscore's People

Contributors

achandya-crest avatar arathore-crest avatar hsrivastava-crest avatar jdemelo avatar yanky076 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.