Symantec Deepsight

This article describes the Intelligence Card Extension for Symantec's DeepSight Intelligence.

LOGO.png

About Symantec DeepSight

Symantec Deepsight Intelligence extends your teams with actionable cyber threat intelligence. Make sharper decisions to defend against emerging global threats. The extension provides enrichment for Domain Cards, IP Address Cards, URL cards and Hash cards.

This support page describes how to enable extensions within Recorded Future. You must have commercial access to Symantec Deepsight to use this extension.  At the end of this support page are instructions on obtaining your API Token from the Symantec Deepsight portal; as a reminder, an admin user must enable the extension, and the API credentials used will make the extension available to all other users for the enterprise account.

 

Extending Hash Cards

You can enrich any Hash Card with the following threat intelligence from Symantec DeepSight:

  • Reputation
  • SchemaVersion
  • Intelligence
  • Events

You can pivot in Recorded Future on these elements of the Symantec DeepSight response:

  • MD5, SHA256 Hashes

Example of SHA-256 Hash: 1f15a3e297b9017c40276ad1c32d606c8beebbf432227b47360f3674bfb60127

image9.png

Extending Domain Cards

You can enrich any Domain Card with the following threat intelligence from Symantec DeepSight:

  • SchemaVersion
  • Whitelist
  • Whois Record Data

You can pivot in Recorded Future on these elements of the Symantec DeepSight response:

  • Domains

Example (facebook.com)

image10.png

Extending URL Cards

You can enrich any URL Card with the following threat intelligence from Symantec DeepSight:

  • SchemaVersion
  • Whitelist
  • Host Data
  • Whois Record Data

You can pivot in Recorded Future on these elements of the Symantec DeepSight response:

  • Domains
  • URLs

Example (https://imgur.com/gallery/bgplqGg):

image2.png

Extending IP Address Cards

You can enrich any IP Address Card with the following threat intelligence from Symantec DeepSight:

  • SchemaVersion
  • Whitelist
  • First Seen
  • Last Seen
  • Behaviours
  • Target Industries
  • Target Countries
  • Geolocation Info
  • Network
  • Organization

You can pivot in Recorded Future on these elements of the Symantec DeepSight response:

  • IPs
  • ASNs

Example(220.243.135.194):

image12.png

Subscription Limitations

  • Restricted Access: Access denied. The API key was successfully authenticated, but the license does not permit access to the requested resource.
  • Limited Usage: The license count usage for the given period has been exceeded

More Information

Detailed docs on the various information fields can be found on https://deepsight.symantec.com/PortalNextGen/Content/Help/en-US/DPS-Help/wwhelp/wwhimpl/js/html/wwhelp.htm

Getting your API Token from the Symantec DeepSight Portal

To get your api token, login to the DeepSight portal and click on ‘Settings’ which is located at the top right

image7.png

On the settings page select 'Profile' on the left side:

image11.png


Your API Token should be at the bottom of the screen; regenerate if needed. 

 

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 1 found this helpful

Articles in this section

See more