Hey all, Trying this as a hail mary, as opened a support case last week and had no response on it.
We are trying to use the SOAR ThreatConnect App to send Intel (Domains, URLS) to ThreatConnect ...
See more...
Hey all, Trying this as a hail mary, as opened a support case last week and had no response on it.
We are trying to use the SOAR ThreatConnect App to send Intel (Domains, URLS) to ThreatConnect via a playbook.
From the documentation, there is a function called POST DATA, which allows us to send the data to ThreatConnect.
Right now if I send a piece of intel, it gets added in under the API key account. But I need to be able to change the Owner. I can do this in a python script easily, but can't figure it out in this App. The documentation has "attribute_name" and "attribute_value" - which i've tried setting to "owner" and the required owner respectively. But this doesn't work - the app tells me it cannot find the attribute "owner". The documentation is very lacking here. I can't seem to figure it out. Any ideas on how I achieve this? Edit: error message: Indicator created/updated, but failed to update the attribute specified. Please ensure the attribute_name is valid, is applicable to the indicator type and attribute_value is valid I've tried several: "Owner, owner, owner_name, ownerName, etc. etc."