From ac27ecbe4b13710289bf4f10365c6511f59a6e8e Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Fri, 24 Nov 2023 06:11:12 +0000
Subject: [PATCH] Update Cyberprotect snapshots

---
 Cyberprotect/Snapshot-with-IP-observable-1.1.1.1.json        | 2 +-
 Cyberprotect/Snapshot-with-IP-observable-223.197.167.17.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cyberprotect/Snapshot-with-IP-observable-1.1.1.1.json b/Cyberprotect/Snapshot-with-IP-observable-1.1.1.1.json
index 3b79249d..1e0cdc55 100644
--- a/Cyberprotect/Snapshot-with-IP-observable-1.1.1.1.json
+++ b/Cyberprotect/Snapshot-with-IP-observable-1.1.1.1.json
@@ -1 +1 @@
-{"description": "Investigate IP 1.1.1.1", "schema_version": "1.0.16", "type": "investigation", "search-txt": "ip:\"1.1.1.1\"", "source": "Heorhii Yatsenko", "actions": "[{\"created-perf\":748354894999.9999,\"updated-perf\":748354899999.9998,\"type\":\"collect\",\"created\":\"2020-08-14T13:48:53.382Z\",\"state\":\"ok\",\"arg\":\"1.1.1.1\",\"result\":[{\"value\":\"1.1.1.1\",\"type\":\"ip\"}],\"id\":\"collect-98096c49\",\"uuid\":\"f94285f3-2ac7-481b-8368-71cb23f46d62\"},{\"created-perf\":748397645000,\"updated-perf\":748397645000,\"type\":\"investigate\",\"created\":\"2020-08-14T13:48:53.425Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"1.1.1.1\"},\"result\":{\"data\":[{\"module\":\"Threatscore | Cyberprotect\",\"module_instance_id\":\"25350f50-4d8d-4ed8-8ef7-8f77a05f33f5\",\"module_type_id\":\"a89161ba-8d70-4ea9-a190-1453a763d84f\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"}}]},\"judgements\":{\"count\":19,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 4528c02832675d34898b0511e24c0607\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-5b0dd834-9a60-4818-a969-b685179616c2\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 40680420652cc5adb33522967e537797\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-1ac3950d-cb4d-46f8-9985-53afaf42dc90\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 67162b2a5e6dc4a1b60d401686470a9a\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-e358c7f5-5e28-4ca4-89f4-136f5f897464\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 4f0cf6da88d2d2867549648af09c6072\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-eab66e0e-3d58-4418-9464-1e3d574420ed\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 0092293a2e6b3ada22c681617520e124\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-1ab23a3d-027c-4049-a03c-af17f0307533\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 13f81202415ae03c36c07737a37bbc94\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-6350486b-ff23-4de9-9f5d-0045d2c2d10e\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: aeff0e632bb64ca3f757624cd72102e4\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-acef43b4-8807-4df1-bd59-013ea92278b2\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 58da5cc730ccddf1efc749debf56fe54\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-823bdbd6-8fac-4ddf-a17e-678d3e511c71\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 96a9b3e1ee3f54d2d259759b2dee463d\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-026afcbf-cfc6-4bdd-b668-4a846c4087b9\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 558a885ad3bb9fe8c84629c39ea64431\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-87a94156-a501-4147-9358-184b0ec97c12\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: be480fd5682fa3871840fda9616ebc58\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-d973b117-0c59-4ac1-a683-75fc5a1ce422\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 2902b18b8e4a4b456cbb2002ab214b32\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-7fddc74b-ef9a-4668-b85c-bc0fa4f301b5\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 1bf06f0c0468004196b08be835a130a5\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-ee5d0b5d-27f6-4630-9987-61cb7a027909\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 365f4621d41e27ea297fabdc7b0d3cf6\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-4f6a0bbc-32d7-486c-b858-6f7685f7f34e\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 4aaecb645abde251657592eabaf49d95\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-1e03a8f9-d21b-4f04-b82e-aabd46974893\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: f2efc43e154d6ec0b0ed3e6219bb8920\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-7b445bfd-63b3-4bd7-b236-26bae44bb6fd\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: f06549a927164a3f2e336977a41794c8\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-d3cced8e-1d3a-4c85-af5c-47ec7df84e51\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 467ab0c2b181fe0453cc5c7d0141b7ac\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-a111b879-cf62-4161-96b0-e8270352fa10\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: a8451f72cbe670c3d971157a2b73be0e\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-d9be66dd-a183-4768-9ac8-b456115361c0\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]}}},{\"module\":\"Splunk CESA/NVM\",\"module_instance_id\":\"9dcb751d-0a1b-4985-be9a-16b0dfdf41a2\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{}},{\"module\":\"SpyCloud Account Takeover Prevention\",\"module_instance_id\":\"acc21712-0ee9-4d83-be09-56815609b442\",\"module_type_id\":\"54215e52-6d6e-499b-a304-59e8fa8ea349\",\"data\":{}}]},\"id\":\"investigate-18f80e95\",\"uuid\":\"7d89c2eb-c516-4e4d-bc1d-7d85ec2d0b63\"}]", "short_description": "Snapshot with IP observable 1.1.1.1", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-71926a96-8a46-4d16-bfa3-10f060225c96", "tlp": "amber", "groups": ["0f42df97-7dde-4ced-ba90-10642abb9f51"], "timestamp": "2020-08-14T13:49:43.684Z", "nodePositions": {"64617535": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "95.87.205.209", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "64617535", "investigated": true, "x": 0.03296637880146804}, "f5c9ff93": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "86.106.131.149", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "f5c9ff93", "investigated": true, "x": 0.03296637880146804}, "991c89e4": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "220.169.155.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "991c89e4", "investigated": true, "x": 0.03296637880146804}, "af62138a": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.236.4.234", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "af62138a", "investigated": true, "x": 0.03296637880146804}, "9955584c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "69.183.32.121", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9955584c", "investigated": true, "x": 0.03296637880146804}, "ad08141a": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "1.1.1.1", "type": "ip", "state": "ok", "disposition": 3, "disposition_name": "Suspicious", "vx": 0.03296637880146804, "vy": 0.03296637880146804, "id": "ad08141a", "investigated": true, "x": 0.03296637880146804}, "d2c425f2": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "121.12.105.83", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "d2c425f2", "investigated": true, "x": 0.03296637880146804}, "d1d6676f": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "190.123.45.168", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "d1d6676f", "investigated": true, "x": 0.03296637880146804}, "790c4a11": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "119.59.124.163", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "790c4a11", "investigated": true, "x": 0.03296637880146804}, "358f2531": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "132.148.91.227", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "358f2531", "investigated": true, "x": 0.03296637880146804}, "e8e3274": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.241.104.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "e8e3274", "investigated": true, "x": 0.03296637880146804}, "165c91f8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "176.104.76.63", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "165c91f8", "investigated": true, "x": 0.03296637880146804}, "9eef6ff1": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "164.132.92.180", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9eef6ff1", "investigated": true, "x": 0.03296637880146804}, "84a3b4c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "193.28.179.39", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "84a3b4c8", "investigated": true, "x": 0.03296637880146804}, "acd4bd2c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "14.198.77.112", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "acd4bd2c", "investigated": true, "x": 0.03296637880146804}, "5e8ca8ed": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "58.221.49.56", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "5e8ca8ed", "investigated": true, "x": 0.03296637880146804}, "a6be48c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "223.197.167.17", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "a6be48c8", "investigated": true, "x": 0.03296637880146804}, "8a2a9e6d": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "61.136.93.5", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "8a2a9e6d", "investigated": true, "x": 0.03296637880146804}}, "owner": "1a49ff0c-c319-47fe-8531-a07c29ccb618"}
\ No newline at end of file
+{"description": "Investigate IP 1.1.1.1", "schema_version": "1.0.16", "type": "investigation", "search-txt": "ip:\"1.1.1.1\"", "source": "Heorhii Yatsenko", "actions": "[{\"created-perf\":748354894999.9999,\"updated-perf\":748354899999.9998,\"type\":\"collect\",\"created\":\"2020-08-14T13:48:53.382Z\",\"state\":\"ok\",\"arg\":\"1.1.1.1\",\"result\":[{\"value\":\"1.1.1.1\",\"type\":\"ip\"}],\"id\":\"collect-98096c49\",\"uuid\":\"f94285f3-2ac7-481b-8368-71cb23f46d62\"},{\"created-perf\":748397645000,\"updated-perf\":748397645000,\"type\":\"investigate\",\"created\":\"2020-08-14T13:48:53.425Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"1.1.1.1\"},\"result\":{\"data\":[{\"module\":\"Threatscore | Cyberprotect\",\"module_instance_id\":\"25350f50-4d8d-4ed8-8ef7-8f77a05f33f5\",\"module_type_id\":\"a89161ba-8d70-4ea9-a190-1453a763d84f\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":3,\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"disposition_name\":\"Suspicious\",\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"}}]},\"judgements\":{\"count\":19,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 4528c02832675d34898b0511e24c0607\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-5b0dd834-9a60-4818-a969-b685179616c2\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 40680420652cc5adb33522967e537797\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-1ac3950d-cb4d-46f8-9985-53afaf42dc90\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 67162b2a5e6dc4a1b60d401686470a9a\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-e358c7f5-5e28-4ca4-89f4-136f5f897464\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 4f0cf6da88d2d2867549648af09c6072\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-eab66e0e-3d58-4418-9464-1e3d574420ed\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 0092293a2e6b3ada22c681617520e124\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-1ab23a3d-027c-4049-a03c-af17f0307533\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 13f81202415ae03c36c07737a37bbc94\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-6350486b-ff23-4de9-9f5d-0045d2c2d10e\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: aeff0e632bb64ca3f757624cd72102e4\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-acef43b4-8807-4df1-bd59-013ea92278b2\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 58da5cc730ccddf1efc749debf56fe54\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-823bdbd6-8fac-4ddf-a17e-678d3e511c71\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 96a9b3e1ee3f54d2d259759b2dee463d\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-026afcbf-cfc6-4bdd-b668-4a846c4087b9\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 558a885ad3bb9fe8c84629c39ea64431\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-87a94156-a501-4147-9358-184b0ec97c12\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: be480fd5682fa3871840fda9616ebc58\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-d973b117-0c59-4ac1-a683-75fc5a1ce422\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 2902b18b8e4a4b456cbb2002ab214b32\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-7fddc74b-ef9a-4668-b85c-bc0fa4f301b5\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 1bf06f0c0468004196b08be835a130a5\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-ee5d0b5d-27f6-4630-9987-61cb7a027909\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 365f4621d41e27ea297fabdc7b0d3cf6\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-4f6a0bbc-32d7-486c-b858-6f7685f7f34e\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":3,\"reason\":\"Engine: 4aaecb645abde251657592eabaf49d95\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Suspicious\",\"priority\":85,\"id\":\"transient:judgement-1e03a8f9-d21b-4f04-b82e-aabd46974893\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: f2efc43e154d6ec0b0ed3e6219bb8920\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-7b445bfd-63b3-4bd7-b236-26bae44bb6fd\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: f06549a927164a3f2e336977a41794c8\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-d3cced8e-1d3a-4c85-af5c-47ec7df84e51\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: 467ab0c2b181fe0453cc5c7d0141b7ac\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-a111b879-cf62-4161-96b0-e8270352fa10\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"1.1.1.1\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":1,\"reason\":\"Engine: a8451f72cbe670c3d971157a2b73be0e\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=1.1.1.1\",\"disposition_name\":\"Clean\",\"priority\":85,\"id\":\"transient:judgement-d9be66dd-a183-4768-9ac8-b456115361c0\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]}}},{\"module\":\"Splunk CESA/NVM\",\"module_instance_id\":\"9dcb751d-0a1b-4985-be9a-16b0dfdf41a2\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{}},{\"module\":\"SpyCloud Account Takeover Prevention\",\"module_instance_id\":\"acc21712-0ee9-4d83-be09-56815609b442\",\"module_type_id\":\"54215e52-6d6e-499b-a304-59e8fa8ea349\",\"data\":{}}]},\"id\":\"investigate-18f80e95\",\"uuid\":\"7d89c2eb-c516-4e4d-bc1d-7d85ec2d0b63\"}]", "short_description": "Snapshot with IP observable 1.1.1.1", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-71926a96-8a46-4d16-bfa3-10f060225c96", "tlp": "amber", "groups": ["0f42df97-7dde-4ced-ba90-10642abb9f51"], "timestamp": "2020-08-14T13:49:43.684Z", "nodePositions": {"64617535": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "95.87.205.209", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "64617535", "investigated": true, "x": 0.03296637880146804}, "f5c9ff93": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "86.106.131.149", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "f5c9ff93", "investigated": true, "x": 0.03296637880146804}, "991c89e4": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "220.169.155.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "991c89e4", "investigated": true, "x": 0.03296637880146804}, "af62138a": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.236.4.234", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "af62138a", "investigated": true, "x": 0.03296637880146804}, "9955584c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "69.183.32.121", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9955584c", "investigated": true, "x": 0.03296637880146804}, "ad08141a": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "1.1.1.1", "type": "ip", "state": "ok", "disposition": 3, "disposition_name": "Suspicious", "vx": 0.03296637880146804, "vy": 0.03296637880146804, "id": "ad08141a", "investigated": true, "x": 0.03296637880146804}, "d2c425f2": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "121.12.105.83", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "d2c425f2", "investigated": true, "x": 0.03296637880146804}, "d1d6676f": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "190.123.45.168", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "d1d6676f", "investigated": true, "x": 0.03296637880146804}, "790c4a11": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "119.59.124.163", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "790c4a11", "investigated": true, "x": 0.03296637880146804}, "358f2531": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "132.148.91.227", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "358f2531", "investigated": true, "x": 0.03296637880146804}, "e8e3274": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.241.104.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "e8e3274", "investigated": true, "x": 0.03296637880146804}, "165c91f8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "176.104.76.63", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "165c91f8", "investigated": true, "x": 0.03296637880146804}, "9eef6ff1": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "164.132.92.180", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9eef6ff1", "investigated": true, "x": 0.03296637880146804}, "84a3b4c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "193.28.179.39", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "84a3b4c8", "investigated": true, "x": 0.03296637880146804}, "acd4bd2c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "14.198.77.112", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "acd4bd2c", "investigated": true, "x": 0.03296637880146804}, "5e8ca8ed": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "58.221.49.56", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "5e8ca8ed", "investigated": true, "x": 0.03296637880146804}, "a6be48c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "223.197.167.17", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "a6be48c8", "investigated": true, "x": 0.03296637880146804}, "8a2a9e6d": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "61.136.93.5", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "8a2a9e6d", "investigated": true, "x": 0.03296637880146804}}, "owner": "1a49ff0c-c319-47fe-8531-a07c29ccb618"}
\ No newline at end of file
diff --git a/Cyberprotect/Snapshot-with-IP-observable-223.197.167.17.json b/Cyberprotect/Snapshot-with-IP-observable-223.197.167.17.json
index 7b704615..9d9798cf 100644
--- a/Cyberprotect/Snapshot-with-IP-observable-223.197.167.17.json
+++ b/Cyberprotect/Snapshot-with-IP-observable-223.197.167.17.json
@@ -1 +1 @@
-{"description": "Investigate IP 223.197.167.17", "schema_version": "1.0.16", "type": "investigation", "search-txt": "ip:\"223.197.167.17\"", "source": "Heorhii Yatsenko", "actions": "[{\"created-perf\":609011794999.9999,\"updated-perf\":609011794999.9999,\"type\":\"collect\",\"created\":\"2020-08-14T13:46:34.038Z\",\"state\":\"ok\",\"arg\":\"223.197.167.17\",\"result\":[{\"value\":\"223.197.167.17\",\"type\":\"ip\"}],\"id\":\"collect-85b9468a\",\"uuid\":\"19f92a96-453b-4914-a1dd-4f9b7f1fcbb2\"},{\"created-perf\":610296230000,\"updated-perf\":610296230000,\"type\":\"investigate\",\"created\":\"2020-08-14T13:46:35.323Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"223.197.167.17\"},\"result\":{\"data\":[{\"module\":\"Threatscore | Cyberprotect\",\"module_instance_id\":\"25350f50-4d8d-4ed8-8ef7-8f77a05f33f5\",\"module_type_id\":\"a89161ba-8d70-4ea9-a190-1453a763d84f\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"}}]},\"judgements\":{\"count\":4,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 40680420652cc5adb33522967e537797\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-738dc2b1-df01-416a-af94-95884a3bda01\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 58b66f4c41704f90a0391f88db24809c\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-cda5a55f-2107-494f-91f2-219e9b980581\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: f06549a927164a3f2e336977a41794c8\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-0e9a1475-e19d-4f7e-ae66-3fbc8b54afd4\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-17T06:00:00.174Z\",\"end_time\":\"2023-11-24T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: ccd8319da61e093d4be62c549d71f23a\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-7717048f-4107-419f-b2b6-6fa0e0f0a7a6\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]}}},{\"module\":\"Splunk CESA/NVM\",\"module_instance_id\":\"9dcb751d-0a1b-4985-be9a-16b0dfdf41a2\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{}},{\"module\":\"SpyCloud Account Takeover Prevention\",\"module_instance_id\":\"acc21712-0ee9-4d83-be09-56815609b442\",\"module_type_id\":\"54215e52-6d6e-499b-a304-59e8fa8ea349\",\"data\":{}}]},\"id\":\"investigate-f291fd40\",\"uuid\":\"559e8aaf-3025-48f0-8a20-5d1c53082f15\"}]", "short_description": "Snapshot with IP observable 223.197.167.17", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-3c29fc75-f025-4798-9752-f4e0c002b093", "tlp": "amber", "groups": ["0f42df97-7dde-4ced-ba90-10642abb9f51"], "timestamp": "2020-08-14T13:48:25.936Z", "nodePositions": {"64617535": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "95.87.205.209", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "64617535", "investigated": true, "x": 0.03296637880146804}, "f5c9ff93": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "86.106.131.149", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "f5c9ff93", "investigated": true, "x": 0.03296637880146804}, "991c89e4": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "220.169.155.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "991c89e4", "investigated": true, "x": 0.03296637880146804}, "af62138a": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.236.4.234", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "af62138a", "investigated": true, "x": 0.03296637880146804}, "9955584c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "69.183.32.121", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9955584c", "investigated": true, "x": 0.03296637880146804}, "d2c425f2": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "121.12.105.83", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "d2c425f2", "investigated": true, "x": 0.03296637880146804}, "790c4a11": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "119.59.124.163", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "790c4a11", "investigated": true, "x": 0.03296637880146804}, "358f2531": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "132.148.91.227", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "358f2531", "investigated": true, "x": 0.03296637880146804}, "e8e3274": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.241.104.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "e8e3274", "investigated": true, "x": 0.03296637880146804}, "165c91f8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "176.104.76.63", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "165c91f8", "investigated": true, "x": 0.03296637880146804}, "9eef6ff1": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "164.132.92.180", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9eef6ff1", "investigated": true, "x": 0.03296637880146804}, "84a3b4c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "193.28.179.39", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "84a3b4c8", "investigated": true, "x": 0.03296637880146804}, "acd4bd2c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "14.198.77.112", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "acd4bd2c", "investigated": true, "x": 0.03296637880146804}, "5e8ca8ed": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "58.221.49.56", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "5e8ca8ed", "investigated": true, "x": 0.03296637880146804}, "a6be48c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "223.197.167.17", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "a6be48c8", "investigated": true, "x": 0.03296637880146804}, "8a2a9e6d": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "61.136.93.5", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "8a2a9e6d", "investigated": true, "x": 0.03296637880146804}}, "owner": "1a49ff0c-c319-47fe-8531-a07c29ccb618"}
\ No newline at end of file
+{"description": "Investigate IP 223.197.167.17", "schema_version": "1.0.16", "type": "investigation", "search-txt": "ip:\"223.197.167.17\"", "source": "Heorhii Yatsenko", "actions": "[{\"created-perf\":609011794999.9999,\"updated-perf\":609011794999.9999,\"type\":\"collect\",\"created\":\"2020-08-14T13:46:34.038Z\",\"state\":\"ok\",\"arg\":\"223.197.167.17\",\"result\":[{\"value\":\"223.197.167.17\",\"type\":\"ip\"}],\"id\":\"collect-85b9468a\",\"uuid\":\"19f92a96-453b-4914-a1dd-4f9b7f1fcbb2\"},{\"created-perf\":610296230000,\"updated-perf\":610296230000,\"type\":\"investigate\",\"created\":\"2020-08-14T13:46:35.323Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"223.197.167.17\"},\"result\":{\"data\":[{\"module\":\"Threatscore | Cyberprotect\",\"module_instance_id\":\"25350f50-4d8d-4ed8-8ef7-8f77a05f33f5\",\"module_type_id\":\"a89161ba-8d70-4ea9-a190-1453a763d84f\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"}}]},\"judgements\":{\"count\":4,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 40680420652cc5adb33522967e537797\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-738dc2b1-df01-416a-af94-95884a3bda01\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: 58b66f4c41704f90a0391f88db24809c\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-cda5a55f-2107-494f-91f2-219e9b980581\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: f06549a927164a3f2e336977a41794c8\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-0e9a1475-e19d-4f7e-ae66-3fbc8b54afd4\",\"severity\":\"Medium\",\"confidence\":\"Medium\"},{\"valid_time\":{\"start_time\":\"2023-11-24T06:00:00.174Z\",\"end_time\":\"2023-12-01T06:00:00.174Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"223.197.167.17\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Threatscore Cyberprotect\",\"disposition\":2,\"reason\":\"Engine: ccd8319da61e093d4be62c549d71f23a\",\"source_uri\":\"https://threatscore.cyberprotect.fr/search?query=223.197.167.17\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-7717048f-4107-419f-b2b6-6fa0e0f0a7a6\",\"severity\":\"Medium\",\"confidence\":\"Medium\"}]}}},{\"module\":\"Splunk CESA/NVM\",\"module_instance_id\":\"9dcb751d-0a1b-4985-be9a-16b0dfdf41a2\",\"module_type_id\":\"a14ae422-01b6-5013-9876-695ff1b0ebe0\",\"data\":{}},{\"module\":\"SpyCloud Account Takeover Prevention\",\"module_instance_id\":\"acc21712-0ee9-4d83-be09-56815609b442\",\"module_type_id\":\"54215e52-6d6e-499b-a304-59e8fa8ea349\",\"data\":{}}]},\"id\":\"investigate-f291fd40\",\"uuid\":\"559e8aaf-3025-48f0-8a20-5d1c53082f15\"}]", "short_description": "Snapshot with IP observable 223.197.167.17", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-3c29fc75-f025-4798-9752-f4e0c002b093", "tlp": "amber", "groups": ["0f42df97-7dde-4ced-ba90-10642abb9f51"], "timestamp": "2020-08-14T13:48:25.936Z", "nodePositions": {"64617535": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "95.87.205.209", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "64617535", "investigated": true, "x": 0.03296637880146804}, "f5c9ff93": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "86.106.131.149", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "f5c9ff93", "investigated": true, "x": 0.03296637880146804}, "991c89e4": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "220.169.155.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "991c89e4", "investigated": true, "x": 0.03296637880146804}, "af62138a": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.236.4.234", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "af62138a", "investigated": true, "x": 0.03296637880146804}, "9955584c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "69.183.32.121", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9955584c", "investigated": true, "x": 0.03296637880146804}, "d2c425f2": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "121.12.105.83", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "d2c425f2", "investigated": true, "x": 0.03296637880146804}, "790c4a11": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "119.59.124.163", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "790c4a11", "investigated": true, "x": 0.03296637880146804}, "358f2531": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "132.148.91.227", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "358f2531", "investigated": true, "x": 0.03296637880146804}, "e8e3274": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "91.241.104.9", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "e8e3274", "investigated": true, "x": 0.03296637880146804}, "165c91f8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "176.104.76.63", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "165c91f8", "investigated": true, "x": 0.03296637880146804}, "9eef6ff1": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "164.132.92.180", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "9eef6ff1", "investigated": true, "x": 0.03296637880146804}, "84a3b4c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "193.28.179.39", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "84a3b4c8", "investigated": true, "x": 0.03296637880146804}, "acd4bd2c": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "14.198.77.112", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "acd4bd2c", "investigated": true, "x": 0.03296637880146804}, "5e8ca8ed": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "58.221.49.56", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "5e8ca8ed", "investigated": true, "x": 0.03296637880146804}, "a6be48c8": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "223.197.167.17", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "a6be48c8", "investigated": true, "x": 0.03296637880146804}, "8a2a9e6d": {"y": 0.03296637880146804, "category": "ip", "index": 0, "modules": ["AMP Global Intelligence", "Talos Intelligence", "Threatscore | Cyberprotect", "Splunk CESA/NVM", "SpyCloud Account Takeover Prevention"], "value": "61.136.93.5", "type": "ip", "state": "ok", "disposition": 2, "disposition_name": "Malicious", "vx": 0, "vy": 0, "id": "8a2a9e6d", "investigated": true, "x": 0.03296637880146804}}, "owner": "1a49ff0c-c319-47fe-8531-a07c29ccb618"}
\ No newline at end of file