The RST IoC Lookup Action enriches indicators from different collections using workflows with data from RST Cloud. This data includes risk scores, related threat categories, threat names, CVEs, related industries, TTPs, and other useful information.

The integration provides the following action:

• RST IoC Lookup - enriches indicators with data from RST Cloud.

The action is compatible with the following indicator types:

• FQDN
• IP Address
• URL
• MD5
• SHA-1
• SHA-256

The action returns the following enriched system objects:

• Adversaries
• Campaigns
• Indicators
• FQDN
• IP Address
• URL
• MD5
• SHA-1
• SHA-256
• TTP
• Vulnerabilities

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.