Data Sources
Last updated
Last updated
Data Sources enrich the information Dropzone uses to perform alert investigations and respond to interactive chat. Dropzone has support for many Threat Intelligence (TI) feeds, tools, and corporate systems such as identity, directory, and SIEM tools.
For example when investigating possible malicious URLs or IP addresses it may query a TI source, and when understanding systems access it may first make API calls to your cloud provider to find user activity details and then query your corporate directory services to look up user metadata or login history.
Common Data Sources include corporate systems such as Microsoft Entra ID and Google Workspace, Threat Intel tools such as CrowdStrike Falcon Intelligence and VirusTotal, and built in tooling such as WHOIS and PDF Analysis.
Enabling more data sources enhances Dropzone analysis, just like more institutional knowledge improves a SOC analyst's capabilities. The Dropzone platform dynamically determines which sources may be useful for enriching investigations, so you should consider enabling as many as you can.
Alert sources typically have a minimal number of configuration options:
API parameters and secrets
Access credentials and configuration used by Dropzone authenticate to service APIs
URL endpoints, Client IDs, Client secrets, API tokens
Search filters
Limit what data will be returned
Ticket project filters
Each integration documentation page will go into details about which values you'll need and how to find them.