Skip to main content

Observables OpenCTI AnyRun

Observables-OpenCTI-AnyRun

Overview

This workflow is designed to enhance the analysis of potential security observables such as IP addresses, URLs, domains, and file hashes. It automates the enrichment process using multiple intelligence sources and provides detailed analysis results.

How It Works

  1. Input Node: Receives a JSON file containing security observables.
  2. Data Extraction: Uses script nodes to extract relevant information from the provided observables.
  3. OpenCTI Integration: Searches for additional intelligence associated with those observables.
  4. CrowdStrike Integration: Retrieves detailed indicators based on the enriched data.
  5. ANY.RUN Integration: Submits files or URLs for malware analysis and retrieves reports.
  6. Result Compilation: Merges results from various sources for comprehensive analysis.

Who is this for?

  • Security analysts seeking to automate the enrichment of security observables.
  • Organizations looking to streamline threat intelligence processes.

What problem does this workflow solve?

  • It addresses the need for efficient analysis of security observables by automating data enrichment and analysis tasks, reducing manual effort and enhancing response time to threats.