Data Sources

Data Sources enrich the information Dropzone uses to perform alert investigations and respond to interactive chat. Dropzone has support for many Threat Intelligence (TI) feeds, tools, and corporate systems such as identity, directory, and SIEM tools.

For example when investigating possible malicious URLs or IP addresses it may query a TI source, and when understanding systems access it may first make API calls to your cloud provider to find user activity details and then query your corporate directory services to look up user metadata or login history.

Common Data Sources include corporate systems such as Microsoft Entra ID and Google Workspace, Threat Intel tools such as CrowdStrike Falcon Intelligence and VirusTotal, and built in tooling such as WHOIS and PDF Analysis.

Enabling more data sources enhances Dropzone analysis, just like more institutional knowledge improves a SOC analyst's capabilities. The Dropzone platform dynamically determines which sources may be useful for enriching investigations, so you should consider enabling as many as you can.

Configuration Options

Alert sources typically have a minimal number of configuration options:

Type	Purpose	Examples
API parameters and secrets	Access credentials and configuration used by Dropzone authenticate to service APIs	URL endpoints, Client IDs, Client secrets, API tokens
Search filters	Limit what data will be returned	Ticket project filters

Type

Purpose

Examples

API parameters and secrets

Access credentials and configuration used by Dropzone authenticate to service APIs

URL endpoints, Client IDs, Client secrets, API tokens

Search filters

Limit what data will be returned

Ticket project filters

Each integration documentation page will go into details about which values you'll need and how to find them.

PreviousAlert Sources NextOn-prem Support - Dropzone Connector

Last updated 6 days ago