
Sep 24, 2024
1.2.4
ThreatQ versions >= 4.47
Fidelis Elevate Operation
Overview
The Fidelis Elevate operation manages Alerts on Fidelis and submits files and URLs for analysis. The operation can also fetch PDF and text reports for Fidelis alerts and attach them to the corresponding event in ThreatQ. The operation is designed to work in conjunction with the Fidelis Alerts CDF.
The operation provides the following actions:
- Submit PCAP - submits a PCAP file to Fidelis and queues it for playback.
- Submit File - submits a file to Fidelis and queues it for analysis.
- Submit URL - submits a url to Fidelis and queues it for analysis.
- Close Alert - closes an alert on Fidelis and adds the user who closed it as an attribute.
- Sync Score - sends the explicit threat score attribute value to an alert on Fidelis.
- Add Labels - adds the tags from a ThreatQ event to the alert on Fidelis.
- Get Reports - adds PDF and text reports for the Fidelis alert in a zip attachment in ThreatQ.