ONYPHE
概要
ONYPHE connector enriches observables and indicators with Internet intelligence for threat intelligence (ctiscan) and attack surface management (riskscan).
The ONYPHE enrichment connector supports two complementary use cases via separate data categories.
For threat intelligence (ctiscan), it enriches observables with detailed Internet scan data and mapping for open ports, protocols, banners and relationships — including ASNs, organizations, certificates, DNS domains, technologies, ports, countries and analytical pivots such as JA4S and HHHash.
For attack surface management (riskscan), it enriches IP addresses, hostnames and domains with exposure data: open services, risk tags (e.g. risk::opendatabase), CVE vulnerabilities and associated infrastructure.
In addition, Indicators can be enriched using the 'onyphe' pattern to run threat-hunting queries within the OpenCTI platform and import matching observables.
Multiple instances of the connector can run side by side — one per category — each with independent scope, confidence and auto-enrichment settings.