This article describes the Intelligence Card Extension for Dragos.
About Dragos
Dragos applies expert human intelligence, threat behavior analytics, and investigation playbooks to redefine industrial threat detection and response. Dragos’ solutions include: the Dragos Platform, providing ICS-specific threat detection and response technology; Dragos Threat Operations Center, providing ICS threat hunting, incident response and assessment services, and hands-on ICS training; and Dragos WorldView, providing global, ICS-specific threat intelligence reports.
To use this extension you need a Dragos API Token and Secret. These can be found in the WorldView portal under the "User Profile" menu. Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
The extension is available on 3 intelligence cards: IP address, domain and hash (MD5, SHA-1, SHA-256). A report will be returned in the response if an entity belongs to one of these three entity types.
Extending IP Address, Domain and Hash Intelligence Cards
You can search Dragos for a matching report that includes the specified IP Address, Domain, and Hash. For each entity, the response will include:
- Title
- Summary
- TLP level
- Release date
- Last updated date
- Link to the report in WorldView
- Tags
Examples (pulled from the domain intelligence card for adur0.com):
Example for an IP (104.27.180.244) intelligence card :
Example for a MD5 Hash (290d57b525bb20f720e0167c5b2c87ce) intelligence card: