Warden Threat Detection
      Back to home
      1. Horangi Academy
      2. Platform Features
      3. Warden Threat Detection

      Integrate Custom Threat Intelligence Source to Warden Threat Detection

      Warden Threat Detection provides detection based on threat intelligence and generates alerts whenever detected any connection from Malicious or Tor IPs. 

      However, you can also integrate your External Threat Intelligence Source. Check below to see how you can integrate and update the threat intelligence source. Please contact our Customer Success team for feature access.

      How to Set up Custom Threat Intelligence Source Integration

      1. Generate an API key for your organisation in Warden:

        1. Note that only one API key can be generated for each organisation

        2. Instructions: Managing API Keys in Warden

        3. Remember to save your key in a safe location, as you cannot retrieve it again after creation

      2. Retrieve a temporary pre-signed URL (auto-expire in 10 mins):

        1. Call the following API using a tool like Postman or via a script: (https://... - We will provide it separately)

        2. Set the request method to GET

        3. Set the following key-value pair in the request header: key = x-api-key, value = <your-key>

        4. The response payload will be in the following format:

        5. {
            "message": "Success",

            "url": "<your-presigned-url>"
          }
        6. The API will return the following messages:

          1. "message": "Forbidden" if an API key is not found in the request header

          2. "message": "API key is invalid" if the API key is not found in the database

          3. "message": "Access to this feature is restricted" if this TD feature is not enabled for the organisation (please contact the team to enable it)

          4. "message": "Internal server error" if an unforeseen error occurred

      3. Upload your data file via the pre-signed URL:

        1. This feature only accepts files in CSV format (currently)

        2. Sample CSV file structure:

        3. ip_address,timestamp,metadata
          7.0.171.155,2021-09-23T01:05:16Z,"{""foo"":""bar"",""bob"":""alice""}"
          13.251.29.208,2022-05-23T01:05:16Z,"{""foo"":""bar"",""manual"":""override""}"

        4. Note that the upload request should be via the PUT method

        5. Sample Python script to facilitate an upload:

        6. import requests

          YOUR_FILE = "data.csv"
          YOUR_URL = "<your-presigned-url>"

          with open(YOUR_FILE, "r") as object_file:
              object_text = object_file.read()
          response = requests.put(YOUR_URL, data=object_text)
          print(f"Status code: {response.status_code}")

        7. Your file is successfully uploaded if the status code is 200