Spectra Intelligence Enrichment App Activation
Overview
The Spectra Intelligence Premium Enrichment for Anomali ThreatStream allows users of Spectra Intelligence to enrich observables with information such as classification, malware family names and AV scanner results.
Getting Started
Before you begin you will need the username and password of your Spectra Intelligence account.
Activating the Enrichment
- When logged into ThreatStream navigate to the App Store and search for ReversingLabs.
- Select "ReversingLabs Spectra Intelligence" and in the dialog box select "I Have Credentials"
- The "Credentials" link will appear. Select "Credentials":
- The following fields are available under Credentials:
| Field | Required? | Description |
|---|---|---|
| Spectra Intelligence Username | Required | Username of the Spectra Intelligence account you will use to access the ReversingLabs API |
| Spectra Intelligence Password | Required | Password associated with the account |
| Spectra Intelligence Address | Required | https://data.reversinglabs.com |
| Spectra Analyze Address | Optional | If your organization also has a Spectra Analyze appliance the address can be added here to allow for a pivot from an Observable into the appropriate Spectra Analyze page. |
- Once the required fields are populated, select Activate
- The enrichment is now active.
Verifying the Enrichment
To verify the enrichment is active, select an observable and scroll down to the Enrichments section of the page. A new tab should be present labeled "REVERSINGLABS SPECTRA INTELLIGENCE" and the enrichment data should automatically load. The enrichment data provided will vary depending on the observable type and may look different from the screenshot below.
