DEV Community

charlton-lc for LimaCharlie

Posted on • Originally published at limacharlie.io on

Domain and IP intelligence with alphaMountain and LimaCharlie

LimaCharlie gives you the ability to collate and correlate data of any type, enriching it with threat intelligence and allowing for real-time, actionable decisions. Today, we are excited to discuss our new integration with alphaMountain.

Utah-based alphaMountain provides domain and IP threat intelligence that helps security architects and analysts make better, faster decisions about the risks posed by a host on the internet. alphaMountain’s analysis uses machine learning to instantly render a threat score along with contextual enrichment including visitless site categorization, related hosts, threat factors, passive DNS, certificates, redirect chains and more. alphaMountain data is delivered in multiple formats, and is easily coupled with network-based telemetry in LimaCharlie.

We currently support three alphaMountain API-based lookups:

Domain Category (alphamountain-category)

Returns categorization for Internet URIs, generated by alphaMountain's own statistical and neural network models. For more information on alphaMountain's categories, visit their knowledge base.

Domain Popularity (alphamountain-popularity)

Returns the popularity of a domain, as measured by a combination of page-rank, daily traffic bandwidth, total number of requests, and passive DNS activity for a given hostname. For more information, visit their knowledge base.

Domain Threat (alphamountain-threat)

Returns threat ratings for Internet URIs, generated by alphaMountain's own statistical and neural network models, cross-validated by a variety of sources as appropriate. For more information, visit their knowledge base.

Telemetry Integration

With LimaCharlie’s free tier, you can easily get a test instance up and running without any charge, and begin integrating with alphaMountain’s data in minutes.

alphaMountain’s API integrations can be enabled from the API Marketplace. Please note, you’ll need an API key in order to successfully query alphaMountain data. (You can request your free trial alphaMountain API key at www.alphamountain.ai.)

Once enabled, you can make calls to the respective API(s) directly from a detection and response rule. For example, the following rule will perform a Domain Category lookup against domains found in DNS_REQUEST events.

Along with typical D&R rule data, you will also receive alphaMountain-specific metadata. These metadata results can also be referenced via LimaCharlie’s metadata_rules. For additional automated actions, LimaCharlie also adds a threatYeti URL. See below:

References to the other alphaMountain APIs will be similar in request and response, allowing you to craft custom detection rules based on API results.

Getting Started with LimaCharlie and alphaMountain

To explore the integration with LimaCharlie and alphaMountain, try our full-featured free tier or schedule a demo with our solution engineers.

Additionally, we'll be hosting a live webinar on June 13, 2023 at 10:00am PT discussing the integration in more detail. Register for the event.

Top comments (0)