Blueliv leverages its remarkably targeted and automated cyber threat platform to deliver live, rapid, and actionable intelligence. Blueliv’s Threat Context improves the SOC’s overall performance by augmenting the data for SOC analysts.
SIRP integrates with Blueliv’s Threat Context to enrich\artifacts and accelerates threat response. Strategic intelligence aids SOC analysts to not only evade but also anticipate threats.
Analysts can use this integration to search for specific artifacts seen or reported by Blueliv.
SIRP’s Blueliv Threat Context integration app allows you to execute the following actions:
Get CVE details from Blueliv
Search Fully Qualified Domain Name
Search for any records against the given FQDN in the Blueliv Threat Context database
Get IP reputational information from Blueliv Threat Context
Get Hash reputational information from Blueliv Threat Context
Search Threat Actors
Get data from the Blueliv database related to the given Threat actor
Enable and Configure the Blueliv App in SIRP
Login to SIRP, then go to Apps from the left navigation bar.
Locate the app named Blueliv (threat context)
Enable the Blueliv app by clicking on the toggle button.
A new window will pop up asking for information such as:
Host: <The Blueliv platform’s URL>
Email: <Your email address used to log in to Blueliv>
Password: <Your password used to log in to Blueliv>
Organization ID: <Organization ID from Blueliv>
After the integration is complete, you should be able to execute BlueLiv App actions from any Container (Incidents, Vulnerabilities, Threat Intel), Playbook, or from the Automation playground.
Simply select the Application “Threat Context” and then select the desired action. For example, if you click on a hash, you can search that hash in Blueliv’s Threat Context database.