Create TI Lookup - BlinkOps Documentation

Create a new Threat Intelligence lookup.

External DocumentationTo learn more, visit the Any Run documentation.

Parameters

Parameter	Description
End Date	The end date of the search period.
Query	The search query to use for the lookup. Note: Several queries can be combined using the `AND` keyword. Example: `threatName:"lumma" AND submissionCountry:"US"`
Start Date	The start date of the search period.

Example Output

{
	"type": "object",
	"properties": {
		"destinationPort": {
			"description": "Destination ports numbers.",
			"type": "array",
			"items": {
				"type": "integer",
				"format": "int32"
			},
			"examples": [
				[
					80
				]
			]
		},
		"destinationIPgeo": {
			"description": "Destination IP Geo (countries).",
			"type": "array",
			"items": {
				"type": "string"
			},
			"examples": [
				[
					"gb"
				]
			]
		},
		"destinationIpAsn": {
			"description": "Destination IP ASN (autonomous system number).",
			"type": "array",
			"items": {
				"type": "object",
				"properties": {
					"asn": {
						"description": "Destination IP ASN.",
						"type": "string",
						"examples": [
							"sprinthost.ru llc"
						]
					},
					"date": {
						"description": "Destination IP ASN Date.",
						"type": "string",
						"format": "date-time",
						"examples": [
							"2024-07-22T13:29:40.844Z"
						]
					}
				},
				"required": [
					"asn",
					"date"
				]
			}
		},
		"relatedTasks": {
			"description": "Links to related tasks in ANY.RUN sandbox.",
			"type": "array",
			"items": {
				"type": "string"
			},
			"examples": [
				[
					"https://app.any.run/tasks/uuid"
				]
			]
		},
		"threatName": {
			"description": "Threat names.",
			"type": "array",
			"items": {
				"type": "string"
			},
			"examples": [
				[
					"agenttesla"
				]
			]
		},
		"summary": {
			"description": "Summary.",
			"type": "object",
			"properties": {
				"threatLevel": {
					"type": "integer",
					"format": "int32",
					"examples": [
						0
					]
				},
				"lastSeen": {
					"type": "string",
					"format": "date-time",
					"examples": [
						"2023-09-11T13:35:17.084Z"
					]
				},
				"detectedType": {
					"type": "string",
					"examples": [
						"custom"
					]
				},
				"isTrial": {
					"type": "boolean",
					"examples": [
						false
					]
				}
			}
		},
		"relatedIncidents": {
			"description": "Related incidents.",
			"type": "array",
			"items": {
				"type": "object",
				"properties": {
					"task": {
						"description": "Link to the task in ANY.RUN sandbox.",
						"type": "string",
						"examples": [
							"https://app.any.run/tasks/uuid"
						]
					},
					"time": {
						"description": "Creation time.",
						"type": "string",
						"format": "date-time",
						"examples": [
							"2023-09-11T13:35:17.084Z"
						]
					},
					"MITRE": {
						"description": "Array of MITRE matrix techniques IDs.",
						"type": "array",
						"items": {
							"type": "string"
						},
						"examples": [
							[
								"1012"
							]
						]
					},
					"event": {
						"type": "object",
						"properties": {
							"ruleName": {
								"type": "string",
								"examples": [
									"reads computer name"
								]
							},
							"commandLine": {
								"type": "string",
								"examples": [
									"wininit.exe"
								]
							},
							"pid": {
								"type": "integer",
								"examples": [
									123
								]
							}
						}
					}
				},
				"required": [
					"task",
					"time",
					"MITRE"
				]
			}
		},
		"destinationIP": {
			"description": "Destination IP addresses.",
			"type": "array",
			"items": {
				"type": "object",
				"properties": {
					"destinationIP": {
						"type": "string",
						"examples": [
							"77.88.8.8"
						]
					},
					"date": {
						"type": "string",
						"format": "date-time"
					},
					"threatLevel": {
						"type": "integer"
					},
					"threatName": {
						"type": "array",
						"items": {
							"type": "string"
						},
						"examples": [
							[
								"agenttesla"
							]
						]
					}
				},
				"required": [
					"destinationIP",
					"date",
					"threatName"
				]
			}
		},
		"relatedFiles": {
			"description": "Related files data.",
			"type": "array",
			"items": {
				"type": "object",
				"properties": {
					"task": {
						"type": "string"
					},
					"fileName": {
						"type": "string",
						"examples": [
							"virus.exe"
						]
					},
					"hashes": {
						"type": "object",
						"properties": {
							"md5": {
								"type": "string"
							},
							"sha256": {
								"type": "string"
							}
						},
						"required": [
							"md5",
							"sha256"
						]
					}
				},
				"required": [
					"task",
					"hashes"
				]
			}
		},
		"relatedDNS": {
			"type": "array",
			"items": {
				"type": "object",
				"properties": {
					"domainName": {
						"type": "string",
						"examples": [
							"google.com"
						]
					},
					"threatLevel": {
						"type": "integer"
					}
				},
				"required": [
					"domainName"
				]
			}
		},
		"relatedURLs": {
			"type": "array",
			"items": {
				"type": "object",
				"properties": {
					"url": {
						"type": "string",
						"examples": [
							"http://malware.site/path"
						]
					},
					"threatName": {
						"type": "array",
						"items": {
							"type": "string"
						}
					}
				},
				"required": [
					"url",
					"threatName"
				]
			}
		}
	},
	"required": [
		"destinationPort",
		"destinationIPgeo",
		"destinationIpAsn",
		"relatedTasks",
		"threatName",
		"summary",
		"relatedIncidents",
		"destinationIP",
		"relatedFiles",
		"relatedDNS",
		"relatedURLs"
	]
}

Workflow Library Example

Create Ti Lookup with Any Run and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example