The PolySwarm Operation for ThreatQ enables analysts to interact with PolySwarm by performing scans on files/URLs, enriching indicators, submitting YARA rules, and more.

The operation is compatible with the following object types:

• File
• Indicator (MD5, SHA-1, SHA-256, URL, FQDN, IP Address, IPv6, CVE
• Signature
  
  

The operation provides the following actions:

• Lookup - Performs a lookup on a hash or URL to find context from PolySwarm.
• Rescan - Performs a Rescan for a particular hash.
• Metadata Search - Searches for scans using the metadata search.
• Live Hunt - Starts a live hunt in PolySwarm using a YARA Signature.
• Historical Hunt - Starts a historical hunt in PolySwarm using a YARA Signature.
• Add Rule - Creates a Ruleset to PolySwarm using YARA Signature.
• Scan - Scans a file or URL using PolySwarm.