Silent Push Integration Installation and Configuration Guide
  • 11 Oct 2024
  • 12 Minutes to read
  • Dark
    Light

Silent Push Integration Installation and Configuration Guide

  • Dark
    Light

Article summary

Software Version
This guide applies to the Silent Push Playbook App version 1.0.x.

Overview

The ThreatConnect® integration with Silent Push lets you query the following Silent Push API endpoints within ThreatConnect via the Playbooks feature:

Specifically, the Silent Push Playbook App supports the following actions:

  • Domain Enrichment
  • Domain Search
  • Domain Typosquatting Search
  • Forward PADNS Lookup
  • Get ASN Reputation
  • Get ASN Reputation History
  • Get ASN Takedown Reputation
  • Get ASN Takedown Reputation History
  • Get Bulk Domain Information
  • Get Bulk Domain Risk Score
  • Get Bulk IPv4 History Information
  • Get Bulk IPv4 Information
  • Get Bulk IPv4 Risk Score
  • Get Cousin Domains
  • Get Nameserver Reputation
  • Get Nameserver Reputation History
  • Get Sibling Domains
  • Get Subnet Reputation
  • Get Subnet Reputation History
  • IPv4 Enrichment
  • Multicondition PADNS Lookup
  • Reverse PADNS Lookup
  • Advanced Request

Dependencies

ThreatConnect Dependencies

  • ThreatConnect instance with version 7.4.0 or newer installed
Note
All ThreatConnect dependencies will be provided by default to subscribing ThreatConnect Cloud customers. Customers on Dedicated Cloud and On-Premises instances can enable these settings on the Account Settings screen within their ThreatConnect instance.

Silent Push Dependencies

Application Installation and Configuration

Step 1: Install the Silent Push Playbook App

Follow these steps to install the Silent Push Playbook App via TC Exchange™:

  1. Log into ThreatConnect with a System Administrator account.
  2. Hover over SettingsSettings iconon the top navigation bar and select TC Exchange Settings. Then select the Catalog tab.
  3. Locate the Silent Push Playbook App on the Catalog tab. Then click InstallPlus icon_Dark bluein the Options column.

Step 2: Configure the Silent Push Playbook App

After the Silent Push Playbook App is installed successfully, follow these steps to configure the App in a Playbook:

  1. Log into ThreatConnect with a user account that has an Organization role of Standard User, Sharing User, Organization Administrator, or App Developer.
  2. Navigate to the Playbooks screen.
  3. Create a new Playbook or open an existing one. Then add the Silent Push App to the Playbook.
  4. Edit the Silent Push Playbook App, select an action from the Action dropdown, and then configure the rest of App’s parameters. See the “Available Actions” section for further instruction on configuring the Silent Push Playbook App for each available action.
  5. Configure the rest of the Playbook as desired. Then activate the Playbook.

Available Actions

The following sections describe each action that the Silent Push Playbook App supports (i.e., the options available in the Action dropdown when configuring the App) and the corresponding configuration parameters.

Domain Enrichment

Use the Domain Enrichment action to retrieve enrichment information for a domain, including the domain’s age, nameserver (NS) reputation, active period, historical listings, and so forth.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
DomainThe domain to query.StringRequired
ExplainSpecifies whether to show the data used to calculate the scores in the response.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
Scan DataSpecifies whether to show the data collected from host scanning.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Domain Search

Use the Domain Search action to search for domains that match the specified query parameters.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
Optional query parametersThe query parameters to include in the request. To view a complete list of supported query parameters and their descriptions, see the Silent Push Domain Search documentation. By default, the Silent Push Playbook App includes the following query parameters for the Domain Search action:
  • asn
  • asn_diversity_min
  • domain
  • domain_regex
  • first_seen_min
  • ip_diversity_all_min
  • last_seen_min
  • network
  • nsname
  • registrar
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Domain Typosquatting Search

Use the Domain Typosquatting Search action to search for typosquatting variations of a domain that match the specified query parameters.

Note
By default, the domain typosquatting search looks for new records with a first_seen timestamp within the last seven days; however, you can narrow the search timeframe to the last 24 hours. Additionally, only records that have been seen within the last seven days will be considered in a domain typosquatting search.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
Optional query parametersThe query parameters to include in the request. To view a complete list of supported query parameters and their descriptions, see the Silent Push Domain Typosquatting Search documentation. By default, the Silent Push Playbook App includes the following query parameters for the Domain Typosquatting Search action:
  • autospoof
  • first_seen_after
  • first_seen_before
  • last_seen_after
  • last_seen_before
  • match
  • net
  • network
  • nsname
  • regex
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Forward PADNS Lookup

Use the Forward PADNS Lookup action to perform a forward lookup of passive DNS data that match the specified query parameters.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
Query TypeThe type of query to perform.

Acceptable values include the following:
  • a
  • aaaa
  • cname
  • mx
  • ns
  • ptr4
  • ptr6
  • any
  • anyipv4
  • anyipv6
  • soa
  • txt
StringRequired
Query NameThe name or IP address (IPv4 or IPv6) to query. If querying a name, you may use wildcards (*) in the name string (e.g., sil*push.com).StringRequired
Optional query parametersThe query parameters to include in the request. To view a complete list of supported query parameters and their descriptions, see the Silent Push Forward PADNS Lookup documentation. By default, the Silent Push Playbook App includes the following query parameters for the Forward PADNS Lookup action:
  • first_seen_after
  • first_seen_before
  • last_seen_after
  • last_seen_before
  • netmask
  • regex
  • subdomains
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get ASN Reputation

Use the Get ASN Reputation action to retrieve information about the reputation of an ASN.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
ASNThe ASN to query. Do not include the “AS” or “ASN” prefix.StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get ASN Reputation History

Use the Get ASN Reputation History action to retrieve the reputation history for an ASN.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
ASNThe ASN to query. Do not include the “AS” or “ASN” prefix.StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
LimitThe number of results to return. If no value is provided, all results will be returned.StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get ASN Takedown Reputation

Use the Get ASN Takedown Reputation action to retrieve the takedown reputation for an ASN.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
ASNThe ASN to query. Do not include the “AS” or “ASN” prefix.StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
LimitThe number of results to return. If no value is provided, all results will be returned.StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get ASN Takedown Reputation History

Use the Get ASN Takedown Reputation History action to retrieve the takedown reputation history for an ASN.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
ASNThe ASN to query. Do not include the “AS” or “ASN” prefix.StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
LimitThe number of results to return. If no value is provided, all results will be returned.StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Bulk Domain Information

Use the Get Bulk Domain Information action to retrieve information for one or more domains.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
DomainsA string array of domains to query (e.g., ["threatconnect.com","google.com"]). Use the Array Operations App to pass the string array to the Silent Push App.String ArrayRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Bulk Domain Risk Score

Use the Get Bulk Domain Risk Score action to retrieve the Silent Push Risk Score for one or more domains.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
DomainsA string array of domains to query (e.g., ["threatconnect.com","google.com"]). Use the Array Operations App to pass the string array to the Silent Push App.String ArrayRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Bulk IPv4 History Information

Use the Get Bulk IPv4 History Information action to retrieve historical information for one or more IPv4 addresses on one or more dates. This information is valuable for tracking the network infrastructure and changes related to IP addresses over time.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
IPv4 AddressesA string array of IPv4 addresses to query (e.g., ["1.1.1.1","9.9.9.9"]). Use the Array Operations App to pass the string array to the Silent Push App.String ArrayRequired
DatesA string array of dates to query for each IP address (e.g., ["20240509","20231118"]). Each date must be in yyyymmdd format. Use the Array Operations App to pass the string array to the Silent Push App.String ArrayRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Bulk IPv4 Information

Use the Get Bulk IPv4 Information action to retrieve information for one or more IPv4 addresses.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
IPv4 AddressesA string array of IPv4 addresses to query (e.g., ["1.1.1.1","9.9.9.9"]). Use the Array Operations App to pass the string array to the Silent Push App.String ArrayRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Bulk IPv4 Risk Score

Use the Get Bulk IPv4 Risk Score action to retrieve the Silent Push Risk Score for one or more IPv4 addresses.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
IPv4 AddressesA string array of IPv4 addresses to query (e.g., ["1.1.1.1","9.9.9.9"]). Use the Array Operations App to pass the string array to the Silent Push App.String ArrayRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Cousin Domains

Use the Get Cousin Domains action to retrieve the cousin domains of a domain. A cousin domain is a domain that looks deceptively similar to a legitimate target domain.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
DomainThe domain to query.StringRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Nameserver Reputation

Use the Get Nameserver Reputation action to retrieve the reputation for a nameserver.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
NameserverThe nameserver to query (e.g., ns-380.awsdns-47.com).StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Nameserver Reputation History

Use the Get Nameserver Reputation History action to retrieve the reputation history for a nameserver.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
NameserverThe nameserver to query (e.g., ns-380.awsdns-47.com).StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
LimitThe number of results to return. If no value is provided, all results will be returned.StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Sibling Domains

Use the Get Sibling Domains action to retrieve the sibling domains of a domain. A sibling domain is a replica of a primary domain in all respects except the name of the domain itself.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
DomainThe domain to query.StringRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Subnet Reputation

Use the Get Subnet Reputation action to retrieve the reputation for an IPv4 subnet.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
SubnetThe IPv4 subnet to query.StringRequired
MaskThe subnet mask to query.StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Get Subnet Reputation History

Use the Get Subnet Reputation History action to retrieve the reputation history for an IPv4 subnet.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
SubnetThe IPv4 subnet to query.StringRequired
MaskThe subnet mask to query.StringRequired
ExplainSpecifies whether to show the data used to calculate the reputation score.

Acceptable values:
  • False (default): Do not show the data.
  • True: Show the data.
StringOptional
LimitThe number of results to return. If no value is provided, all results will be returned.StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

IPv4 Enrichment

Use the IPv4 Enrichment action to retrieve enrichment information for an IPv4 address, including the IPv4 address’ ASN, characteristics, Silent Push Risk Score, and so forth.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
IPv4 AddressThe IPv4 address to query.StringRequired
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Multicondition PADNS Lookup

Use the Multicondition PADNS Lookup action to perform a lookup of passive DNS data based on a query.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
Query TypeThe type of query to perform.

Acceptable values:
  • a
  • aaaa
  • cname
  • mx
  • ns
  • ptr4
  • ptr6
StringRequired
Query NameThe name or IP address (IPv4 or IPv6) to query. If querying a name, you may use wildcards (*) in the name string (e.g., sil*push.com).StringRequired
Query AnswerThe name or IP address (IPv4 or IPv6) to query. If querying a name, you may use wildcards (*) in the name string (e.g., sil*push.com).StringRequired
Optional query parametersThe query parameters to include in the request. To view a complete list of supported query parameters and their descriptions, see the Silent Push Multi-condition PADNS Lookup documentation. By default, the Silent Push Playbook App includes the following query parameters for the Multicondition PADNS Lookup action:
  • first_seen_after
  • first_seen_before
  • last_seen_after
  • last_seen_before
  • netmask
  • regex
  • subdomains
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Reverse PADNS Lookup

Use the Reverse PADNS Lookup action to perform a reverse lookup of passive DNS data based on a query.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
Query TypeThe type of query to perform.

Acceptable values:
  • a
  • aaaa
  • cname
  • mx
  • ns
  • ptr4
  • ptr6
  • soa
  • txt
  • mxhash
  • nshash
  • soahash
  • txthash
StringRequired
Query NameThe name or IP address (IPv4 or IPv6) to query. If querying a name, you may use wildcards (*) in the name string (e.g., sil*push.com).StringRequired
Optional query parametersThe query parameters to include in the request. To view a complete list of supported query parameters and their descriptions, see the Silent Push Reverse PADNS Lookup documentation. By default, the Silent Push Playbook App includes the following query parameters for the Reverse PADNS Lookup action:
  • first_seen_after
  • first_seen_before
  • last_seen_after
  • last_seen_before
  • netmask
  • regex
  • subdomains
StringOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Advanced Request

Use the Advanced Request action when you want to make a request to the Silent Push API that is not covered by the predefined actions available in the Silent Push Playbook App.

 

NameDescriptionTypeRequired?
API KeyThe Silent Push API key.StringRequired
API Endpoint/PathThe Silent Push API endpoint to use in the request.StringRequired
HTTP MethodThe HTTP method to use in the request.

Acceptable Values:
  • GET
  • POST
  • DELETE
  • PUT
  • HEAD
  • PATCH
  • OPTIONS
StringRequired
Query ParametersThe query parameters to append to the request URL. For sensitive information like API keys, use variables instead of entering the value directly in order to prevent the Playbook from exporting sensitive data.Key/ValueOptional
Exclude Empty/Null ParametersSpecifies whether to exclude query parameters that have a null or empty value (e.g., ?name=).BooleanOptional
HeadersThe headers to include in the request. When using Multi-part Form/File data, do not add a Content-Type header. For sensitive information like API keys, use variables instead of entering the value directly in order to prevent the Playbook from exporting sensitive data.StringOptional
Fail for statusSpecifies whether to have the Playbook fail if the response status code is 4XX –5XX.BooleanOptional
Fail on no resultsSpecifies whether the App will produce a Playbook failure when no results are found.BooleanOptional

Frequently Asked Questions (FAQ)

How far back do the data provided by Silent Push go?

Silent Push’s data go back to 2017.


Why do I not need to add the “AS” or “ASN” prefix to my ASN value?

The Silent Push API uses the numbers of the ASN only.


What should I do if I receive empty responses from the Silent Push API?

Check your Silent Push API key permissions if the Silent Push API returns empty responses.


ThreatConnect® is a registered trademark, and TC Exchange™ is a trademark, of ThreatConnect, Inc.

30084-01 EN Rev. B


Was this article helpful?