About BlueLiv
Blueliv leverages its remarkably targeted and automated cyber threat platform to deliver live, rapid, and actionable intelligence. Blueliv’s Threat Context improves the SOC’s overall performance by augmenting the data for SOC analysts.
SIRP integrates with Blueliv’s Threat Context to enrich\artifacts and accelerates threat response. Strategic intelligence aids SOC analysts to not only evade but also anticipate threats.
Analysts can use this integration to search for specific artifacts seen or reported by Blueliv.
Supported Actions
SIRP’s Blueliv Threat Context integration app allows you to execute the following actions:
S.no | Action | Description |
1 | Search CVE | Get CVE details from Blueliv |
2 | Search Fully Qualified Domain Name | Search for any records against the given FQDN in the Blueliv Threat Context database |
3 | Search IP | Get IP reputational information from Blueliv Threat Context |
4 | Search SHA-256 | Get Hash reputational information from Blueliv Threat Context |
5 | Search Threat Actors | Get data from the Blueliv database related to the given Threat actor |
Enable and Configure the Blueliv App in SIRP
Login to SIRP, then go to Apps from the left navigation bar.
Locate the app named Blueliv (threat context)
Enable the Blueliv app by clicking on the toggle button.
A new window will pop up asking for information such as:
Host: <The Blueliv platform’s URL>
Email: <Your email address used to log in to Blueliv>
Password: <Your password used to log in to Blueliv>
Organization ID: <Organization ID from Blueliv>
Click Save.
After the integration is complete, you should be able to execute BlueLiv App actions from any Container (Incidents, Vulnerabilities, Threat Intel), Playbook, or from the Automation playground.
Simply select the Application “Threat Context” and then select the desired action. For example, if you click on a hash, you can search that hash in Blueliv’s Threat Context database.
