CIRCL

With this integration, you can retrieve the latest CVEs and their information and use it as a good starting point for ingesting vulnerability data.

The following actions are available:

• Search CVE ID
• Get Latest CVEs
• Advanced Request

This app can be found in the ThreatConnect App Catalog under the name: CIRCL CVE

The Polarity - CIRCL Hash lookup integration searches the CIRCL public hash lookup API which compares hash values against a database of known files. The integration supports lookups of MD5, SHA1, and SHA256 hashes.

Examples

CIRCL Hashlookup Data Overview - Known Hashes

• Summary Information: When an anlalyst first looks up information in CIRCL Hashlookup they will be able to quickly see if there is known or malicious information about the hash.
• Filename Data: When an analyst drills into the details of the data for CIRCL, they will quickly be able to see information relating to the known file assocaited with the hash. Quickly understanding information on the filename, if its trusted, the file size and more. Allowing analysts to have a better understanding of the known associated hash.
• Product Information: Not only can analysts get file context they will also be able to see any related product details. Quickly knowing what product its related to, the version associated, application type and more.
• Additional Data: Analysts will also be able to get information on the known OS associated with the file and any other references.

CIRCL Hashlookup Data Overview - Malicious Hashes

Malicious Context: If a hash is known to be malicious analysts can quickly see the trust level as well as the what source that helped determine it.