The PolySwarm CDF for ThreatQ enables the automatic ingestion of results from the live hunt and historical hunt feeds.

The integration provides the following feeds:

• PolySwarm Live Hunt - periodically pulls all live results for live PolySwarm hunt, into ThreatQ.
• PolySwarm Historical Hunt - lists the historical hunt in the account.
• PolySwarm Historical Details (Supplemental) - retrieves historical hunt details for a PolySwarm hunt and ingests associated YARA rules into ThreatQ.
• PolySwarm Historical Results List (Supplemental) - retrieves all historical results for a PolySwarm hunt and ingests the data into ThreatQ.

The integration ingests the following system objects:

• Indicators
  • Indicator Attributes
  • Indicator Tags
• Signatures