Cisco Umbrella Blacklister Responder #382
Comments
nadouani
added
status:in progress
scope:responder
|
I am attempting to have the responder available for domain observables. I assume the configuration is the same as an analyzer. Is there something I am missing? The responder is not available when using TheHive.
|
|
Hello, Responders are not like analyzers and can run against cases, tasks, observables, logs and alerts. You can find the list at: https://github.com/TheHive-Project/CortexDocs/blob/master/api/how-to-create-a-responder.md#datatypelist |
|
@nadouani Thank you for clarifying. I missed that page of the docs... I have it working now. Ideally, I would like to have the option to add a tag to the artifact showing that it has been blacklisted in Umbrella. Is there any ETA on adding the operation "AddTagToArtifact"? Should I go ahead and create a PR without it or wait until this is available? |
|
Please disregard last comment. Found that "AddTagToArtifact" is available; it just was not listed in the documentation. I created a PR for that change in CortexDocs. Created PR for this: #383 |
|
PR accepted |
Request Type
Responder
Description
Responder will allow the blacklisting of a domain in Cisco Umbrella utilizing the Enforcement API.
Possible Solutions
I'm working on the creation of the responder.
The text was updated successfully, but these errors were encountered: