Spur tracks anonymization services so that you can identify when anonymization services are touching your website, application, or network.

The Spur Enrichment Action enables the automatic enrichment of IP Addresses in ThreatQ using Spur’s Context API. The API will tell you if the selected IOCs are used by anonymization services, as well as if the tunnels are used by a specific region, or used by a specific threat.

The action can perform the following functions:

• Spur Enrichment - utilizes Spur’s API to enrich an IP Address with context pertaining to whether the IOC is used for tunnels and/or anonymization.

The action is compatible with the following indicator types:

• IP Address
• IPv6 Address

The action returns enriched IP Address and IPv6 Address type indicators.

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.