alphaMountain

There are three alphaMountain API integrations that can be subscribed with the appropriate API keys. When enabled and configured, alphaMountain resources can be used as an API-based lookup.

alphaMountain Category

Returns categorization for Internet URIs, generated by alphaMountain's own statistical and neural network models. For more information on alphaMountain's categories, visit this page.

alphaMountain Popularity

Returns the popularity of a domain, as measured by a combination of page-rank, daily traffic bandwidth, total number of requests, and passive DNS activity for a given hostname. For more information, visit this page.

alphaMountain Threat

Returns threat ratings for Internet URIs, generated by alphaMountain's own statistical and neural network models, cross-validated by a variety of sources as appropriate. For more information, visit this page.

Detection & Response Rule

The following is an example rule that pulls domain names from DNS_REQUEST events and performs a lookup using alphaMountain's category API.

event: DNS_REQUEST
op: lookup
path: event/DOMAIN_NAME
resource: lcr://api/alphamountain-category

The data returned is in JSON format, and includes the API response and a threatYeti URL, which is appended by LimaCharlie. For example:

{
  "api_alphamountain-category": {
    "categories": [
      34
    ],
    "confidence": 0.90371,
    "scope": "domain",
    "threatyeti_url": "https://www.threatyeti.com/search?q=logging-alv.googleapis.com"
  }
}