Publisher: IPQualityScore
Connector Version: 1.0.2
Product Vendor: IPQualityScore
Product Name: IPQualityScore
Product Version Supported (regex): ".*"
Minimum Product Version: 5.1.0
This app implements IP, URL and Email investigative capabilities utilizing IPQualityScore
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a IPQualityScore asset in SOAR.
VARIABLE | REQUIRED | TYPE | DESCRIPTION |
---|---|---|---|
apikey | required | password | API key |
test connectivity - Validates the connectivity by querying IPQualityScore
email validation - Queries IPQualityScore's Email Validation API
url checker - Queries IPQualityScore's malicious URL scanner API
ip reputation - Queries IPQualityScore's Proxy and VPN detection API
Validates the connectivity by querying IPQualityScore
Type: test
Read only: True
No parameters are required for this action
No Output
Queries IPQualityScore's Email Validation API
Type: investigate
Read only: True
If email information is unavailable in IPQualityScore, only 'email' and 'message' property would be populated. The 'strictness' is an optional parameter to perform (higher number) or ignore (lower number) of additional intelligence checks. The possible values for 'strictness' are 0,1 and 2.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
required | Email to query for reputation information | string | email |
|
fast | optional | Enables or disables SMTP check with the mail service provider | boolean | |
suggest_domain | optional | Force analyze if the email address's domain has a typo and should be corrected to a popular mail service | boolean | |
timeout | optional | Maximum number of seconds to wait for a reply from a mail service provider | numeric | |
strictness | optional | Sets how strictly spam traps and honeypots are detected by system (Possible Values: 0, 1 and 2) | numeric | |
abuse_strictness | optional | Set the strictness level for machine learning pattern recognition of abusive email addresses | numeric |
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.parameter.email | string | email |
action_result.parameter.fast | boolean | |
action_result.parameter.timeout | numeric | |
action_result.parameter.suggest_domain | boolean | |
action_result.parameter.strictness | numeric | |
action_result.parameter.abuse_strictness | numeric | |
action_result.data.*.valid | boolean | |
action_result.data.*.timeout | boolean | |
action_result.data.*.disposable | boolean | |
action_result.data.*.first_name | string | |
action_result.data.*.deliverability | string | |
action_result.data.*.smtp_score | numeric | |
action_result.data.*.overall_score | numeric | |
action_result.data.*.catch_all | boolean | |
action_result.data.*.generic | boolean | |
action_result.data.*.common | boolean | |
action_result.data.*.dns_valid | boolean | |
action_result.data.*.honeypot | boolean | |
action_result.data.*.frequent_complainer | boolean | |
action_result.data.*.suspect | boolean | |
action_result.data.*.recent_abuse | boolean | |
action_result.data.*.fraud_score | numeric | |
action_result.data.*.leaked | boolean | |
action_result.data.*.suggested_domain | string | |
action_result.data.*.first_seen.human | string | |
action_result.data.*.domain_age.human | string | |
action_result.data.*.spam_trap_score | string | |
action_result.data.*.sanitized_email | string | |
action_result.data.*.request_id | string | |
action_result.status | string | |
action_result.message | string | |
action_result.summary.Message | string | |
action_result.summary.Status_Code | numeric | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |
Queries IPQualityScore's malicious URL scanner API
Type: investigate
Read only: True
If URL information is unavailable in IPQualityScore, only 'url' and 'in_database' property would be populated. The 'strictness' is an optional parameter to perform (higher number) or ignore (lower number) of additional intelligence checks. The possible values for 'strictness' are 0,1 and 2.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL to query for reputation information | string | url |
strictness | optional | How strict should we scan this URL? (Possible Values: 0, 1 and 2) | numeric |
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.parameter.strictness | numeric | |
action_result.parameter.url | string | url |
action_result.data.*.message | string | |
action_result.data.*.success | boolean | |
action_result.data.*.unsafe | boolean | |
action_result.data.*.domain | string | |
action_result.data.*.ip_address | string | ip |
action_result.data.*.server | string | |
action_result.data.*.content_type | string | |
action_result.data.*.status_code | numeric | |
action_result.data.*.page_size | numeric | |
action_result.data.*.domain_rank | numeric | |
action_result.data.*.dns_valid | boolean | |
action_result.data.*.parking | boolean | |
action_result.data.*.spamming | boolean | |
action_result.data.*.malware | boolean | |
action_result.data.*.phishing | boolean | |
action_result.data.*.suspicious | boolean | |
action_result.data.*.risk_score | numeric | |
action_result.data.*.request_id | string | |
action_result.status | string | |
action_result.summary.Message | string | |
action_result.summary.Status_Code | numeric | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |
Queries IPQualityScore's Proxy and VPN detection API
Type: investigate
Read only: True
If URL information is unavailable in IPQualityScore, only 'message' and 'status_code' properties would be populated. The 'strictness' is an optional parameter to perform (higher number) or ignore (lower number) of additional intelligence checks. The possible values for 'strictness' are 0,1 and 2.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ip | required | IP to query for reputation information | string | ip |
strictness | optional | How in depth (strict) do you want this query to be? (Possible Values: 0, 1 and 2) | numeric | |
user_agent | optional | Additional checks against bots | string | |
user_language | optional | Additional risk evaluation | string | |
fast | optional | Certain forensic checks are skipped | boolean | |
mobile | optional | Specifies if this lookup should be treated as a mobile device | boolean | |
allow_public_access_points | optional | Specifies if this lookup should be treated as a mobile device | boolean | |
lighter_penalties | optional | Enable this setting to lower detection rates and Fraud Scores for mixed quality IP addresses | boolean | |
transaction_strictness | optional | Adjusts the weights for penalties applied due to irregularities | numeric |
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.parameter.strictness | numeric | |
action_result.parameter.user_agent | string | |
action_result.parameter.user_language | string | |
action_result.parameter.fast | boolean | |
action_result.parameter.mobile | boolean | |
action_result.parameter.allow_public_access_points | boolean | |
action_result.parameter.lighter_penalties | boolean | |
action_result.parameter.transaction_strictness | boolean | |
action_result.parameter.ip | string | ip |
action_result.data.*.message | string | |
action_result.data.*.success | boolean | |
action_result.data.*.fraud_score | numeric | |
action_result.data.*.country_code | string | |
action_result.data.*.city | string | |
action_result.data.*.region | string | |
action_result.data.*.ISP | string | |
action_result.data.*.organization | string | |
action_result.data.*.ASN | numeric | |
action_result.data.*.latitude | numeric | |
action_result.data.*.longitude | numeric | |
action_result.data.*.is_crawler | boolean | |
action_result.data.*.timezone | string | |
action_result.data.*.host | string | |
action_result.data.*.proxy | boolean | |
action_result.data.*.vpn | boolean | |
action_result.data.*.tor | boolean | |
action_result.data.*.active_vpn | boolean | |
action_result.data.*.active_tor | boolean | |
action_result.data.*.connection_type | string | |
action_result.data.*.recent_abuse | boolean | |
action_result.data.*.abuse_velocity | string | |
action_result.data.*.bot_status | boolean | |
action_result.data.*.mobile | boolean | |
action_result.data.*.country_code | string | |
action_result.data.*.fraud_score | numeric | |
action_result.data.*.request_id | string | |
action_result.data.*.operating_system | string | |
action_result.status | string | |
action_result.summary.Message | string | |
action_result.summary.Status_Code | numeric | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |