USTA
This Integration is part of the USTA Pack.#
Supported versions
Available on Cortex XSOAR (versions 6.0.0 and later) and Cortex XSIAM.
USTA is an Cyber Intelligence Platform that responds directly and effectively to today's complex cyber threats.
Configure USTA in Cortex#
| Parameter | Description | Required |
|---|---|---|
| Server URL (e.g. https://usta.prodaft.com) | True | |
| API Key | You can reach out your access token : https://usta.prodaft.com/\#/api-documents | True |
| Trust any certificate (not secure) | False | |
| Use system proxy settings | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
usta-get-malicious-urls#
You can get malicious URLs with this command
Base Command#
usta-get-malicious-urls
Input#
| Argument Name | Description | Required |
|---|---|---|
| format | Format type of the returned result. Possible values are: json, stix, stix2, txt. Default is json. | Optional |
| url | Filtering by URL Address. | Optional |
| is_domain | You can search only those with or without domain name registration. Possible values are: true, false. Default is true. | Optional |
| url_type | Filtering by malicious type. | Optional |
| tag | Filtering by tags. Example: tag=Keitaro. | Optional |
| start | Starting date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
| end | End Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.MaliciousUrl.country | unknown | Country |
| Usta.MaliciousUrl.created | unknown | Created Date |
| Usta.MaliciousUrl.domain | unknown | Domain |
| Usta.MaliciousUrl.ip_addresses | unknown | IP Addresses |
| Usta.MaliciousUrl.is_domain | unknown | Is Domain |
| Usta.MaliciousUrl.modified | unknown | Modified Date |
| Usta.MaliciousUrl.tags | unknown | Tags |
| Usta.MaliciousUrl.threat_type | unknown | Threat Type |
| Usta.MaliciousUrl.url | unknown | URL |
Command Example#
Human Readable Output#
usta-get-phishing-sites#
You can get phishing sites with this command
Base Command#
usta-get-phishing-sites
Input#
| Argument Name | Description | Required |
|---|---|---|
| status | Filtering by status. Possible values are: open, close, in_progress, out_of_scope, passive. | Optional |
| source | Filtering by source(URL). | Optional |
| page | Paginiation. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.PhishingSites.current_page | unknown | Current page |
| Usta.PhishingSites.last_page | unknown | Last page |
| Usta.PhishingSites.next_page_url | unknown | Next page URL |
| Usta.PhishingSites.per_page | unknown | Content count per page |
| Usta.PhishingSites.prev_page_url | unknown | Prev page URL |
| Usta.PhishingSites.results | unknown | Results |
| Usta.PhishingSites.total | unknown | Content count |
| Usta.PhishingSites.total_pages | unknown | Total Page |
Command Example#
Human Readable Output#
usta-get-stolen-client-accounts#
You can access stolen customer accounts via Stolen-Client-accounts API.
Base Command#
usta-get-stolen-client-accounts
Input#
| Argument Name | Description | Required |
|---|---|---|
| username | Filtering by username. | Optional |
| password | Filtering by password. | Optional |
| source | It allows to filter the stolen customer accounts detected according to the source.Available values : malware, phishing_site, data_leak, clients. Possible values are: malware, phishing_site, data_leak, clients. | Optional |
| start | Starting Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
| end | End Date(Example: 2021-03-18-13-59 / yy-mm-dd-hh-mm). | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.StolenClientAccounts.created | unknown | Created date |
| Usta.StolenClientAccounts.password | unknown | Password |
| Usta.StolenClientAccounts.source | unknown | Source |
| Usta.StolenClientAccounts.url | unknown | URL |
| Usta.StolenClientAccounts.username | unknown | Username |
Command Example#
Human Readable Output#
usta-get-ip-address#
If you want to get more detailed information about specific IP Address, you can use this command.
Base Command#
usta-get-ip-address
Input#
| Argument Name | Description | Required |
|---|---|---|
| ip_address | Search with IP Address. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.IPAddress.asn_records | unknown | ASN records |
| Usta.IPAddress.country | unknown | Country |
| Usta.IPAddress.ip_address | unknown | IP address |
| Usta.IPAddress.ssl_records | unknown | SSL records |
| Usta.IPAddress.whois_records | unknown | Whois records |
Command Example#
Human Readable Output#
usta-search-specific-identity-leaks#
With this command, you can search specific identity number that hashed in leaks
Base Command#
usta-search-specific-identity-leaks
Input#
| Argument Name | Description | Required |
|---|---|---|
| identity_number | Search with this identity number. You can search all identity number with "," . | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| Usta.SpecificLeaks.existing | unknown | If the identity is leaked, you can see it in existing. |
| Usta.SpecificLeaks.not_existing | unknown | If the identity is not leaked, you can see it in not_existing |