Cyberprotect contribute for the third time to The Hive project by adding his own analyzer: ThreatScore

By Rémi ALLAIN <remi.allain [at] cyberprotect [dot] fr>

For the community

We are pleased to announce the coming of our cyber threat scoring system as part of The Hive project. For security teams using The Hive and Cortex for threat intelligence, the first Cyberprotect analyzer is now available in Cortex.

This new Cyberprotect API package makes it easy for organizations to integrate a reputation or a scoring system for threat intelligence with their SIEM and other security orchestration tools such as Cortex. The API allows analysts to access Cyberprotect’s reputation and scoring intelligence on-demand totally free.

From the beginning, we have supported the exchange of information in security-related open source technology initiatives and we are excited to offer integration with TheHive, a popular and powerful open source threat intelligence sharing platform. Cortex is The Hive’s observable analysis engine, which over the past few years has increased the number of its analyzers to over 100. And we are glad to say that we have participate to this increase by contribute to the development of two analyzers ( and threatcrowd) in addition to ThreatScore.

How to use it

Cyberprotect ThreatScore API is free, you don’t need credentials to access it. After updating your analyzers in Cortex, you’ll be able to enable Cyberprotect ThreatScore.

You can find a complete step-by-step guide in the Cortex documentation repository to update and/or install analyzers.

Our analyzer take an IP or a Domain and return a list of score ordered by date.

The score have to be correlated with the freshness of last analysis.

Globally, you’ll not find a score with a freshness of more than 3 months.

On some observables, more information are given, it refer to the new version of the API that give more details about the score and the observable.

Soon, more data type will be supported, keep updated :)

Feel free to report any issues directly to <labo [at] cyberprotect [dot] fr> or on our Github repository