alphaMountain

There are three alphaMountain API integrations that can be subscribed with the appropriate API keys. When enabled and configured, alphaMountain resources can be used as an API-based lookup.

alphaMountain Category

Returns categorization for Internet URIs, generated by alphaMountain's own statistical and neural network models.

alphaMountain Popularity

Returns the popularity of a domain, as measured by a combination of page-rank, daily traffic bandwidth, total number of requests, and passive DNS activity for a given hostname.

alphaMountain Threat

Returns threat ratings for Internet URIs, generated by alphaMountain's own statistical and neural network models, cross-validated by a variety of sources as appropriate.

API Keys

The API key follows this format:

api_key

Example:

02c4t96fudj9f7a16ucldfdaf5notreale2aaeb65e51d96ch9f3bnva88abfd03

Detection & Response Rule

The following is an example rule that pulls domain names from DNS_REQUEST events and performs a lookup using alphaMountain's category API.

event: DNS_REQUEST
op: lookup
path: event/DOMAIN_NAME
resource: lcr://api/alphamountain-category

The data returned is in JSON format, and includes the API response and a threatYeti URL, which is appended by LimaCharlie. For example:

{
  "api_alphamountain-category": {
    "categories": [
      34
    ],
    "confidence": 0.90371,
    "scope": "domain",
    "threatyeti_url": "https://www.threatyeti.com/search?q=logging-alv.googleapis.com"
  }
}