Requirements
Install From Marketplace
To install the Silent Push content pack in XSOAR, navigate to the Marketplace and search for Silent Push. Select the content pack and then click Install in the top-right corner.
Configuring the Silent Push Integration
After installing the content pack, click on Settings and Info in the left menu and then select Instances under Integrations. Search for Silent Push and then click Add Instance to begin configuring the integration.
Performing On-Demand Lookups
Navigate to the Playground or an incident and begin typing:
!silentpush-
This will display a list of commands that can be executed in the Playground and War Room, as well as used in playbooks.
Currently there are 20 actions supported by the Silent Push integration that can be used for querying for information about IOFA feeds, IP addresses, domains, nameservers, and running live scans.
To start, select the command !silentpush-get-enrichment-data and set resource=domain and value as the domain to query. For this example, we can use the domain 119caipiaokf[.]com
Running the command will return all the data from Silent Push in the Playground for the domain that was searched.
The domain can be further investigated by performing a live scan, taking a screenshot of the page, or gathering additional information about the IP address associated with the domain. Use the command:
!silentpush-reverse-padns-lookup set the qname as 103.148.186.162 and the qtype as A
Running this command will return all of the domains with A records pointing to that IP address:
