I have modified “Enrich Indicators with OSINT from Slack” by Rapid7 with some blocking action with FortiGate(IP) and Crowdstrike(Hash) if it reaches a certain threshold of VirusTotal detection. Please let me know if anyone wants to try it.
1 Like