In order to use the Polarity - Anomali Threatstream integrations, a username, API Key, and Anomali server URLs are required.
Both Anomali Threatstream and the IOC submission integrations require the same configuration options.
Indicator Types - IPs, Emails, Hashes, Domains, Urls
API Server Url - The URL for your ThreatStream API server which should include the schema (i.e., http, https) and port if required. This is separate from the UI use to access Threatstream.
UI Server URL - The URL for your ThreatStream UI server which should include the schema (i.e., http, https) and port if required.
Username - Username of the Threatstream user you are trying to authenticate as.
API Key - API Key for the provided user. To create an API key within Anomali, please navigate to your account to generate the key.
**Minimum Severity Level **- Severity level required for indicators to be displayed. The lower the severity level the more indicators will be displayed.
Minimum Confidence Level - Confidence level required for indicators to be displayed. The lower the severity level the more indicators will be displayed.
Search My Organization - Only your organization’s data will be searched if this option is selected.
Active Threats Only - If selected, Polarity will only search for “active” indicators.
Allow IOC Deletion - If selected, analysts running the IOC Submission integration can delete indicators from Threatstream.