Analyzers and configuration

Analyzers act as middleware to a variety of intelligence source that can be used to enrich observables associated with incident response cases. By default the MiSP analyzer is enabled, there are however a variety of analyzers that can be activate/enabled. Some free and open source, others subscription based.

To access the analyzers that are available, please select the “Threat Analysis” menu item on the left of the screen.

On the landing page for threat analysis, it will display the historical lookups

To add additional analyzers, click the “Organization” shortcut at the top of the screen.

Then click “Analyzers” on the top left of the screen

This will present you with a list of all potential analyzers. These can be searched at the top or scrolled through depending on needs. when you have found the analyzer you wish to enable, click the “Enable” shortcut on the right hand side.

If required, specify credentials such as API key etc, set the defaults for TLP and PAP, set extract observable to true, specify any rate limits if applicable and click Save.

The next time you go to your observables the analyzers available for the type of observable will be adjusted accordingly. Please note that not all analyzers can process all observables. The incident response platform will automatically hide the ones that are not applicable to the type of observable.