Spur

The Spur Context API integration allows a ThreatConnect user to fetch IP Address enrichments from the remote Spur Context API using an existing Spur Context API access token.

The Spur Context API provides enrichments on anonymization infrastructure and how IP Addresses are being used on the internet. These enrichments are extremely useful for determining follow on action inside the ThreatConnect environment. For example, a ThreatConnect user can determine if an IP Address is serving as a commercial VPN exit point or residential proxy and trigger (or prevent) additional automation in a playbook. Another use-case could be identifying geo-spoofing behavior (mismatches between course IP location and actual usage location) to escalate certain threats for Address indicators. Spur Context API Enrichments also provide similar IP Addresses, estimated user counts, proxied traffic activity, wifi information and more.

The Spur Context API works by providing a default set of enrichments for an IP Address. Users can configure optional enrichments for additional data. If an enrichment exists for an IP Address it will be added to the results. If an enrichment does not exist for an IP Address it will be empty.

This app is developed and maintained by Spur. This app is available for download on this Marketplace.