H-ISAC is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other.
Bandura Cyber provides easy integration with H-ISAC to leverage threat intelligence allowing customers who are H-ISAC members to create denied lists using IPv4 and Domain indicators of compromise that will be used to block malicious traffic.
When creating a Denied List using H-ISAC threat intelligence, you’ll want to make sure you have the correct credentials for accessing H-ISAC data from the Cyware CTIX platform.
To create a list, log into the Bandura console and select either Denied or Allowed from the left menu, then choose either IPv4 or Domain. Click the green plus icon in the top right corner. In the Create Denied or Allowed List modal that opens, Choose “H-ISAC” from the Type dropdown. Give your list a name (required) and add a description if you wish (optional). The minimum available Interval in Minutes is 720, this represents how often we will check for updates to the H-ISAC feed.
Next, you’ll need to choose the feed you wish to pull indicators from. H-ISAC members will want to pull the “Amber Members” field, so select that option from the dropdown. Select the number of hours you wish the indicators to stay active in the list (our recommendation is 720). Finally, select the radio button for the “Basic” Authentication Type and enter your username and password credentials as provided by H-ISAC.
After you have filled out the fields in the plugin modal, click on “Create” to add your new list. You will see the newly created entry on your list. Please note that it may take 10-15 minutes to begin pulling the indicators from H-ISAC.
If you have any questions or need assistance in setting up H-ISAC Denied Lists please contact the Bandura Support team at firstname.lastname@example.org or by calling +1-855-765-4925.