Integrations
This section explains the functions of Incident Responder > Integrations. The Incident Responder module can be used to perform simple tasks like adding a new integration, modifying, deactivating, and deleting the existing integration.
To access every section of this document, go to the Incident Responder > Integrations menu.

Integrations

The components of the Integrations page are:
Integration Name
Name of the Integration.
Integration Type
Type of the Integration.
Integration Description
Description of the integration.
Status
The status information of the integration. (Active, Inactive)
Date Created
The date of the integration creation.
Action
You can edit the selected integration. You can change the status or delete the integration by clicking the "︙" button.

Creating New Integration

If you want to add an integration for the first time, click the New button (on the middle of the page), if there is an integration that has been added before, click the New button (in the upper right corner of the page).
You can create a new integration by following the steps in the table below.
Integration Name
Name of the Integration.
Integration Description
Description of the integration.
Integration Type
Select an integration type.
API URL
The API URL address of the integration type. The VirusTotal, Google Safe Browsing, Zen Spamhaus, IBM X-Force, Cyber X-Ray analysis engines have API URLs by default on the platform and changing the domain may cause disfunction.
Tags
Labeling function. Integrations defined in the system can be filtered more easily by labeling them.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is enabled by default, you can disable it if needed.
Sender IP
Sender IP analysis capability is active by default, you can disable it if needed.
Attachments
File analysis capability is active by default, you can disable it if needed.
Status
Integration is active by default, you can disable the integration if needed.

Advanced Settings

If there are emails that you do not want to be analyzed in the Incident Responder module, you can exclude them from analysis by adding their IP addresses, URL addresses, and File Extensions to this menu. Using this feature, you can ensure that secure IP addresses, domains, and file extensions are not analyzed. Thus, API limits used in integrations are utilized more efficiently.
You can access this feature from the Advanced Settings page on the Incident Responder > Integration menu.
URLs
Exclude URL addresses in a reported email from the analysis.
IP Addresses
Exclude the IP address of a reported email server and the IP addresses included as URLs in the email from the analysis.
Attachments
Exclude file extensions in a reported email from the analysis.

How to Add Integration

IBM X-Force

IBM X-Force is a commercial threat analysis engine from IBM, also available in a free version. The IBM X-Force threat analysis engine analyzes whether a reported email is malicious or not using the following capabilities.
Sender IP
The sender email server IP address of a reported email is analyzed.
URLs
URL addresses in a reported email are analyzed.
Attachments
The hash information of the file in a reported email is analyzed.
NOTE: The file itself is not analyzed, its hash data is analyzed.

IBM X-Force API Key and Password Generating Steps

  1. 1.
    First, go to the IBM X-Force API Key generation process. Sign up on the appropriate page, then confirm your account by clicking the verification link in the email that was delivered to your inbox.
  2. 2.
    To view the Profile Summary, click the user icon at the top right corner of the X-Force Exchange page.
  3. 3.
    To visit the Settings page, click the Settings link in the lower left corner. From there, click the API Access link to view the API information page.
  4. 4.
    To generate a brand-new API key and password, click the Generate button.
  5. 5.
    Before refreshing the page after creating an API key and password, save your API key and password information.

How to Integrate IBM X-Force into the Platform?

You can integrate the API key and password (which you obtained by following the steps in the 'IBM X-Force API Key and Password Creation Steps' section) to the Incident Responder by the following steps below and benefit from its capabilities.
Click the New button on the relevant page, then fill in the fields:
Name
Name of the Integration.
Description
Description of the integration.
Integration Type
Select IBM X-force integration.
API URL
The URL address of the IBM X-force integration is defined automatically. Please do not change.
API Key
Define the API key.
API Password
Define the password for the API key.
Test Connection
Make sure the API key and password are working correctly with the Test Connection button.
Tags
Tags are used to filter the integrations defined in the system.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is enabled by default, you can disable it if needed.
Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field.
NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.
Sender IP
Sender IP analysis capability is enabled by default, you can disable it if needed.
Attachments
File Hash analysis capability is enabled by default, you can disable it if needed.
Status
Integration is active by default, you can disable the integration if needed.

VirusTotal

VirusTotal is a commercial threat analysis engine, also available in a free version. The VirusTotal analysis engine analyzes whether a reported email is malicious or not.
URLs
URL addresses in a reported email are analyzed.
Attachments
Only the hash data of the file in a reported email is analyzed.
NOTE: The file itself is not analyzed, the Hash of the file is analyzed.

VirusTotal API Key Creation Steps

You must have a VirusTotal ID to use the VirusTotal API. After registering via the link here, you must verify your account via the verification link you received.
Once verified, log into your VirusTotal account and view the API key from the API menu on your profile.

How to Integrate VirusTotal?

The API key obtained by applying the 'VirusTotal API Key Creation Steps' can be integrated into the Incident Responder platform by following the steps below and its capabilities can be utilized.
Click the New button on the relevant page, then fill in the fields:
Name
Name of Integration.
Description
Description of the integration.
Integration Type
Select the Virustotal integration.
API URL
The URL address of the Virustotal integration is defined automatically. Please do not change.
API Key
Define the API key.
Test Connection
Make sure the API key is working correctly with the Test Connection button.
Tags
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is enabled by default, you can disable it if needed. Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field. NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.
Attachments
File Hash analysis capability is enabled by default, you can disable it if needed.
Status
Integration is active by default, you can disable the integration if needed.

Google Safe Browsing

Google Safe Browsing is an analytics engine offered by Google for free. The Google Safe Browsing analysis engine analyzes whether a reported email is malicious.
URLs
URL addresses in a reported email are analyzed.

Google Safe Browsing API Key Creation Steps

  1. 1.
    Sign in to the Google Developers Console.
  2. 2.
    After opening the Dashboard from the left menu, click the Select a Project button above.
  3. 3.
    Click on the New Project button in the upper right corner of the new window, give the project a name and create the project with the Create button.
  4. 4.
    Open the left menu and click on the Library module.
  5. 5.
    Type Web Risk API in the Search field. Then click on Web Risk API.
  6. 6.
    Click the Enable button in the new window.
  7. 7.
    Click APIs & Services > Credentials in the left menu.
  8. 8.
    Click the Create Credentials button at the top. Then click on API Key.
  9. 9.
    You can save your API key created here and use it in the necessary field on our platform.
Please note that you must enable billing for the project which you created in step 3.

How to Integrate Google Safe Browsing?

The API key obtained by applying the 'Google Safe Browsing API Key Creation Steps' can be integrated on the Incident Responder platform by following the steps below and its capabilities can be utilized.
Click the New button on the relevant page, then fill in the fields:
Name
Name of the Integration.
Description
Description of the integration.
Integration Type
Select the Google Safe Browsing integration.
API URL
The URL address of Google Safe Browsing integration is defined automatically. Please do not change.
API Key
Define the API key.
Test Connection
Make sure the API key is working correctly with the Test Connection button.
Tags
You can filter the integrations defined in the system more easily by labeling them.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is enabled by default, you can disable it if needed. Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field. NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.
Status
Integration is active by default, you can disable the integration if needed.

Google Web Risk

Google Web Risk is an analytics engine offered by Google for free for up to 100.000 requests per month. The Google Web Risk analysis engine analyzes whether a reported email is malicious.
URLs
URL addresses in a reported email are analyzed.

Google Web Risk API Key Creation Steps

  1. 1.
    Sign in to the Google Developers Console.
  2. 2.
    After opening the Dashboard from the left menu, click the Select a Project button above.
  3. 3.
    Click on the New Project button in the upper right corner of the new window, give the project a name and create the project with the Create button.
  4. 4.
    Open the left menu and click on the Library module.
  5. 5.
    Type Safe Browsing in the Search field. Then click on Safe Browsing API.
  6. 6.
    Click the Enable button in the new window.
  7. 7.
    Click APIs & Services > Credentials in the left menu.
  8. 8.
    Click the Create Credentials button at the top. Then click on API Key.
  9. 9.
    As the last step, you can save your API key created here and use it in the necessary field on our platform.

How to Integrate Google Web Risk?

The API key obtained by applying the 'Google Web Risk API Key Creation Steps' can be integrated on the Incident Responder platform by following the steps below and its capabilities can be utilized.
Click the New button on the relevant page, then fill in the fields:
Name
Name of the Integration.
Description
Description of the integration.
Integration Type
Select the Google Web Risk integration.
API URL
The URL address of Google Web Risk integration is defined automatically. Please do not change.
API Key
Define the API key.
Test Connection
Make sure the API key is working correctly with the Test Connection button.
Tags
You can filter the integrations defined in the system more easily by labeling them.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is enabled by default, you can disable it if needed.
Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field.
NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.
Status
Integration is active by default, you can disable the integration if needed.

Zen SpamHaus

Zen Spamhaus is a spam analysis engine made available for free by Spamhaus. SpamHaus spam analysis engine has the following capabilities and features to analyze whether a reported email is malicious or not.
SpamHaus integration does not use API keys, analysis is done over DNS.
Sender IP
The sender's email server IP address of a reported email is analyzed. If the sender's IP address has previously performed malicious or suspicious activity (e.g. Phishing or Blacklisted), you can see it on this interface.

How to Integrate Zen SpamHaus?

By following the steps below on the Incident Responder module, it can be integrated into the system and its capabilities can be utilized.
Click the New button on the relevant page, then fill in the fields below:
Name
Name of the Integration.
Description
Description of the integration.
Integration Type
Choose Zen SpamHaus integration.
API URL
The URL address of the Zen SpamHaus integration is defined automatically.
Test Connection
Make sure that the integration works correctly with the Test Connection button.
Tags
You can filter the integrations defined in the system more easily by labeling them.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
Sender IP
Sender IP analysis capability is enabled by default, you can disable it if needed.
Status
Integration is active by default, you can disable the integration if needed.

FortiSandbox

The FortiSandbox is a paid analysis engine offered by Fortinet has the following capabilities, and it automatically scans whether a reported email is malicious or not.
URLs
URL addresses in a reported email are analyzed.
Attachments
The files in a reported email are analyzed.

FortiSandbox API Key Creation Steps

  1. 1.
    Use the FortiSandbox administration page to log in.
  2. 2.
    Go to the Administrators page in the left menu under the System.
  3. 3.
    By selecting the Create option from the menu, you can create a user.
  4. 4.
    For the relevant person, you can provide either a Super Admin or Custom Role.
  5. 5.
    Please go to the Admin Profiles under the System heading if you wish to define a Custom Role.
  6. 6.
    Save the relevant user's username and password.

How to Integrate FortiSandbox?

By following the steps below on the Incident Responder module, you can integrate it to our platform and utilize its capabilities.
Click the New button on the relevant page, then fill in the fields below on the new page.
Name
Name of Integration.
Description
Description of the integration.
Integration Type
Select FortiSandbox integration.
API URL
The URL address of FortiSandbox integration is defined automatically. Please do not change.
API Key
Define the API key.
Test Connection
Make sure the API key is working correctly with the Test button.
Tags
You can filter the integrations defined in the system more easily by labeling them.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is enabled by default, you can disable it if needed.
Optionally, you can add it to the scanning process by selecting the"Hide URL Parameters" field.
NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.
Attachments
File Hash analysis capability is enabled by default, you can disable it if needed.
Optionally, you can add to the scanning process by selecting the “Upload PE files” and “Upload other file types” fields.
Status
Integration is active by default, you can disable the integration if needed.

Cyber X-Ray

Cyber X-Ray is a commercial AI-powered threat analysis engine, also available in a free version created by Roksit. Cyber X-Ray artificial intelligence threat analysis engine has the following capabilities and it automatically scans whether a reported email is malicious or not thanks to the following features.
URLs
URL addresses in a reported email are analyzed.

Cyber X-Ray API Key Creation Steps

  1. 1.
    Complete the registration process through the Roksik platform here.
  2. 2.
    Verify your account with the activation email sent to your email and log in to your account.
  3. 3.
    Click on Settings > API Key on the left menu.
  4. 4.
    Click the Create New API Key button in the upper right corner of the page that opens. Fill in the relevant fields in the API Key Information in the new window.
  5. 5.
    Click the Save button. Thus, a new API Key will be created, and save the new API key before closing this page.

How to Integrate Cyber X-Ray?

By following the steps below on the Incident Responder platform, it can be integrated and its capabilities can be used.
Click the New button on the relevant page, then fill in the following fields on the page that opens.
Name
Name of the Integration.
Description
Description of the integration.
Integration Type
Choose Cyber X-Ray integration.
API URL
The URL address of Cyber X-Ray integration is defined automatically. Please do not change.
API Key
Define the API key.
Test Connection
Make sure the API key is working correctly with the Test Connection button.
Tags
You can filter the integrations defined in the system more easily by labeling them.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is active by default, you can disable it if needed.
Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field.
NOTE: With the Hide URL Parameters feature, only the domain name is analyzed instead of analyzing the entire URL address.
Status
Integration is active by default, you can disable the integration if needed.

VMRay

VMRay is an analysis engine available to companies for a fee. VMRay analysis engine has the following capabilities and automatically scans to identify whether a reported email is malicious or not. If you have the VMRay product, you can integrate the Incident Responder platform.
URLs
URL addresses in a reported email are analyzed.
Attachments
Dynamic and static analysis of the files in a reported email is performed.

How to Integrate VMRay?

By following the steps below on the Incident Responder platform, you can integrate VMRay and its capabilities to utilize.
Click the New button on the relevant page, then fill in the fields below:
Name
Name of the integration.
Description
Description of the integration.
Integration Type
Select VMRay integration.
API URL
The URL address of VMRay integration is defined automatically. If you are not using a cloud-based solution, you can enter the URL information of the product.
API Key
Define the API key.
Test Connection
Make sure the API key is working correctly with the Test Connection button.
Tags
You can filter the integrations defined in the system more easily by labeling them.
Proxy
You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.
URLs
URL analysis capability is enabled by default, you can disable it if needed. Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field. NOTE: With the Hide URL Parameters feature, only the domain name is analyzed instead of analyzing the entire URL address.
Attachments
URL analysis capability is enabled by default, you can disable it if needed.
Optionally, you can add to the scanning process by selecting the “Upload PE files” and “Upload other file types” fields.
Status
Integration is active by default, you can disable the integration if needed.
Copy link
On this page
Integrations
Creating New Integration
Advanced Settings
How to Add Integration
IBM X-Force
VirusTotal
Google Safe Browsing
Google Web Risk
Zen SpamHaus
FortiSandbox
Cyber X-Ray
VMRay