Official Analyzerv3.6.8+

Cortex / TheHive Analyzer

Official threat intelligence analyzer for Cortex SOAR

Included in the official Cortex-Analyzers repository. Analyze IPs, domains, and FQDNs with real-time threat intelligence from 500+ sources.

Get API Key View on GitHub

Official

Cortex Repo

v3.6.8+

Since Release

3 Types

Data Types

AGPL-v3

License

Analyzer Features

Comprehensive threat intelligence analysis for your security workflows

IP Address Analysis

Analyze IPv4 and IPv6 addresses for malicious activity and threat indicators.

Domain & FQDN Check

Check domains and fully qualified domain names against threat intelligence feeds.

Risk Scoring

Get a 0-100 risk score based on multi-source threat analysis with confidence weighting.

Threat Taxonomies

Automatic threat classification: Status, Risk Score, Category, and Source count.

TheHive Integration

Seamlessly enrich cases and alerts in TheHive incident response platform.

Official Support

Included in official Cortex-Analyzers repository with ongoing maintenance.

Configuration

Simple setup with just two parameters

api_key

Required

Your isMalicious API key. Get one for free at ismalicious.com

api_url

Optional

API endpoint URL. Defaults to https://ismalicious.com

Returned Taxonomies

Structured threat intelligence data for your workflows

Status

Malicious/Clean status based on threat analysis

Risk Score

Numeric risk score (0-100) with confidence weighting

Category

Primary threat category (phishing, malware, C2, etc.)

Sources

Number of detection sources that flagged the indicator

Frequently Asked Questions

Is the isMalicious analyzer officially supported?

Yes! The isMalicious analyzer is included in the official Cortex-Analyzers repository as of version 3.6.8. It is maintained by the isMalicious team with ongoing updates.

What data types can I analyze?

The analyzer supports ip (IPv4 and IPv6), domain, and fqdn (fully qualified domain names) data types.

How do I configure the analyzer?

You only need to provide your isMalicious API key. The API URL defaults to https://ismalicious.com but can be customized if needed.

Does it integrate with TheHive?

Yes, the analyzer integrates seamlessly with TheHive. Enrichment results appear in your cases and alerts with formatted short and long report templates.

What taxonomies are returned?

The analyzer returns four taxonomies: Status (malicious/clean), Risk Score (0-100), Category (threat type), and Sources (detection count).

Ready to Get Started?

Get your free API key and start analyzing threats with the official Cortex analyzer.

Get Your API Key View Release Notes