Reputation scripts for indicator enrichment.
Reputation scripts are used to assess and assign reputation scores to indicators. These scripts integrate external threat intelligence or internal data sources to evaluate the reputation of indicators (such as IP addresses, URLs, or file hashes). Reputation scripts enable you to implement custom logic and algorithms for determining the reputation of indicators.
Reputation scripts return the verdict of an indicator as a number. The number overrides the verdict returned from the reputation command but does not override a manually set verdict. The reliability of the score from a reputation script is by default A++ - Reputation script
.
Note
The Reputation script overrides any default settings for the indicator that relates to the verdict.
Out-of-the-box reputation scripts
You can create a new reputation script, or you can use an out-of-the-box reputation script in the Scripts page, for example:
CertificateReputation
cveReputation
MaliciousRatioReputation
SSDeepReputation