Threat: With the Pulsedive integration threat analysts can easily see if a domain, or IP is of potential risk to their organization and add that information to their TIP or threat platform.
Threat Hunting: Threat hunters utilize the Pulsedive integration to gain risk insights into threat information on indicators. Enabling quick triage of the indicators analysts are going through to determine if there are any threats before issues occur.
In order to use the Polarity - Pulsedive integration configuration of the integration is required.
Indicators Integration Looks up - IPs, Domains
Obtaining Access - Pulsedive is a free service to use, to obtain access sign up at https://pulsedive.com
API Key - An API key is required in order to use the Pulseive integration. To obtain an API key from Pulsedive, navigate to https://pulsedive.com and register for an account. Once your account has been created, navigate to the account page and locate the API Key under the account section.
Risk Levels - Analysts can select a minimum risk level from None to Critical. Any indicators that do not meet the minimum requirements will not be shown to analysts, enabling a tailored experience.
Unknown Risk - Analysts have the option to show indicators that do not have a known risk associated with them. By default, this is turned off as to not show information that might not be pertinent to an analyst’s workflow.
Ignore List or Ignore Regex - Pulsedive Integration enables the ability to set a regex to match domains or IPs to be ignored or add in a comma-separated list, so the integration will never look them up in Flashpoint. This is typically used for sensitive information or company domains.