The integration uses Shadowservers reports API to query the available Shadowserver reports and transform them into Stix objects making them available within OpenCTI. All available reports are downloaded and an Artifact object is created with the original file. Stix Note objects are added to both the Report and the CustomObjectCaseIncident with a mark-down rendition of each finding from the report.
API and report references from The Shadowserver Foundation
Shadowserver Connector
The integration uses Shadowservers reports API to query the available Shadowserver reports and transform them into Stix objects making them available within OpenCTI. All available reports are downloaded and an
Artifact
object is created with the original file. StixNote
objects are added to both theReport
and theCustomObjectCaseIncident
with a mark-down rendition of each finding from the report.API and report references from The Shadowserver Foundation
https://interchange.shadowserver.org/schema/reports.json
The integration creates the following types of Stix objects and relationships between them.
On the initial run, the integration defaults to the last 30-days of reports. Every run after that, it provides an update for the last 3-days.
Related issues
Checklist