You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 20, 2023. It is now read-only.
Copy file name to clipboardExpand all lines: analyzer_requirements.md
+12-13Lines changed: 12 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -362,19 +362,6 @@ You need to have or create a free Hunter.io [account](https://hunter.io/).
362
362
363
363
Provide the [API key](https://hunter.io/api_keys) as a value for the `key` parameter.
364
364
365
-
### KnowBe4
366
-
This responder will allow the integration between TheHive/Cortex and KnowBe4's User Events API.
367
-
If a "Mail" dataType is tagged with a specified tag, such as "phished" (or left blank), then the associated user will have a custom event added to their profile in KnowBe4.
368
-
369
-
#### Requirements
370
-
You must provide an API key as a value for the `api_key` parameter to access the User Events API. API documentation to retreive your key is located at [User Event API ](https://developer.knowbe4.com/events/#tag/Introduction).
371
-
372
-
You must provide the appropriate `base_url` parameter dependent on your geographic location. More information available at [User Events API](https://developer.knowbe4.com/events/#tag/Base-URL).
373
-
374
-
You must provide the appropriate `hive_url` parameter so that TheHive case can be referenced in the KnowBe4 Users' Timeline.
375
-
376
-
You must provide the appropriate `event_type` parameter so that Cortex can create the correct type of event in the Users' timeline. [User Events API](https://developer.knowbe4.com/events/#tag/Event-Types).
377
-
378
365
### MaxMind
379
366
Geolocate an IP Address via [MaxMind](https://www.maxmind.com/en/home)
380
367
GeoLite2 **free** City and Country databases.
@@ -1094,6 +1081,18 @@ Submit observables from alerts and cases to the Crowdstrike Falcon Custom IOC AP
1094
1081
1095
1082
To configure the responder, provide the URL of the platform as a value for the `falconapi_url` parameter, the api user as the `falconapi_user`parameter and the api key as the `falconapi_key` parameter.
1096
1083
1084
+
### KnowBe4
1085
+
This responder will allow the integration between TheHive/Cortex and KnowBe4's User Events API.
1086
+
If a mail observable is tagged with a specified tag, corresponding to the responder's configuration, (e.g. phished), then the associated user will have a custom event added to their profile in KnowBe4.
1087
+
1088
+
#### Requirements
1089
+
You must provide:
1090
+
1091
+
- an API key as a value for the `api_key` parameter to access the User Events API. API documentation to retreive your key is located at [User Event API ](https://developer.knowbe4.com/events/#tag/Introduction)
1092
+
- the appropriate `base_url` parameter dependent on your geographic location. More information available at [User Events API](https://developer.knowbe4.com/events/#tag/Base-URL)
1093
+
- the appropriate `hive_url` parameter so that TheHive case can be referenced in the KnowBe4 Users' Timeline
1094
+
- the appropriate `event_type` parameter so that Cortex can create the correct type of event in the Users' timeline. [User Events API](https://developer.knowbe4.com/events/#tag/Event-Types).
1095
+
1097
1096
### Umbrella Blacklister
1098
1097
1099
1098
Add domain from observables in cases to Umbrella blacklist.
0 commit comments