The Polarity CRITs integration allows Polarity to search your CRITs deployment for IPs, Hashes, and Domains in real-time.
CRITs is an open source malware and threat repository that leverages other open source software to create a unified tool for analysts and security experts engaged in threat defense. It has been in development since 2010 with one goal in mind: give the security community a flexible and open platform for analyzing and collaborating on threat data. For more information about CRITs please see https://crits.github.io.
 |
|---|
| CRITs Lookup of MD5 Hash |
Domains are currently searched as their own resource (not as an indicator) by querying the URL /api/v1/domains.
The Polarity CRITs integration currently searches for IPv4 and IPv6 (including RFC 1918 addresses) entities as a resource and indicator type by querying the URL /api/v1/ips and /api/v1/indicators?c-type=ip&c-lower=<ipValue>.
Hashes of type MD5, SHA1, and SHA256 are currently searched as both indicators and samples. When being searched as an indicator the URL queried is /v1/api/indicators?c-type=<hashType>&c-lower=<hashValue>. When hashes are searched as samples the URL queried is /api/v1/samples/?c-<hashType>=<hashValue>.
The hostname for your CRITs server including "http://" or "https://" as required.
Your API key for authenticating to CRITs
Your CRITs username.
If checked, the integration will lookup IP addresses on your screen against your CRITs instance.
If checked, the integration will lookup MD5, SHA1 and SHA256 indicators on your screen against your CRITs instance.
If checked, the integration will lookup domains on your screen against your CRITs instance.
Installation instructions for integrations are provided on the PolarityIO GitHub Page.
Polarity is a memory-augmentation platform that improves and accelerates analyst decision making. For more information about the Polarity platform please see:
