Activating the Spectra Intelligence Enrichment
Overview
The Spectra Intelligence Premium Enrichment for Anomali ThreatStream allows users of Spectra Intelligence to enrich observables with information such as classification, malware family names and AV scanner results.
Getting Started
Before you begin you will need the username and password of your Spectra Intelligence account.
Activating the Enrichment
- When logged into ThreatStream navigate to the App Store and search for ReversingLabs.
- Click on "ReversingLabs Spectra Intelligence" and in the dialog box click on "I Have Credentials"
- The "Credentials" link will appear. Click on "Credentials":
- The following fields are available under Credentials:
| Field | Required? | Description |
|---|---|---|
| Spectra Intelligence Username | Required | Username of the Spectra Intelligence account you will use to access the ReversingLabs API |
| Spectra Intelligence Password | Required | Password associated with the account |
| Spectra Intelligence Address | Required | https://data.reversinglabs.com |
| Spectra Analyze Address | Optional | If your organization also has a Spectra Analyze appliance the address can be added here to allow for a pivot from an Observable into the appropriate Spectra Analyze page. |
- Once the required fields are populated. Click on Activate
- The enrichment is now active.
Verifying the Enrichment
To verify the enrichment is active click on an observable and scroll down to the the Enrichments section of the page. A new tab should be present labeled "REVERSINGLABS SPECTRA INTELLIGENCE" and the enrichment data should automatically load. The enrichment data provided will vary depending on the observable type and may look different from the screenshot below.
