The HYAS Insight Action Bundle for ThreatQ submits a data collection of indicator objects to HYAS to query for geo-location, alternative hashes, or HYAS’ own verdicts. The integration returns related threat intelligence to be ingested into the ThreatQ library.

The integration provides the following actions:

• HYAS - IP Lookup - collects information about an IP address indicator, such as location, ASN, and related FQDNs.
• HYAS - Get Hashes - collects related hashes from an initial hash and add the Malware count.
• HYAS - Get Verdict - collects the HYAS verdict and verdict reason for IP and FQDN type indicators.

The actions are compatible with the following indicator types:

• FQDN (Get Verdict)
• IP Address (IP Lookup, Get Verdict)
• MD5 (Get Hashes)
• SHA-1 (Get Hashes)
• SHA-256 (Get Hashes)
• SHA-512 (Get Hashes)

The actions return the following enriched indicator object types:

• ASN
• FQDN
• IP Address
• MD5
• SHA-1
• SHA-256
• SHA-512

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.