Contents x
      URL Scan 1.1.0
      • 30 Aug 2022
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Contents

      URL Scan 1.1.0

      • Updated on 30 Aug 2022
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Article summary

      tags: Python | Enrichment | urlscan.io | Image Similarity | deepai.org | URL | Domain

      Description

      Integration with urlscan.io is created to support CDC users by providing the enrichment of URLs or domains. This enables CDC users to make informed decisions regarding incident response.

      URLscan.io enrichment provides screenshots of URLs/domains during the current scan and from last successful scans. This enables CDC users to check content for suspected website defacement, if any. These screenshots are further processed as input using Image Similarity API on deepai.org, which compares two images and returns a value to confirm how two screenshots are visually similar. The lower the score, the more contextually similar the two screenshots are - with a score of '0' being identical.

      We have used customized adaptive cards to display URL or domain-related enrichments in a meaningful intuitive GUI, to facilitate easy understanding of data received from urlscan.io and deepai.org.

      Integration Type:Threat Intelligence Enrichment
      Information read:URL or Domain
      API Supported:API V1
      Input:URL/Domain that needs to be checked.
      Output:Detailed enrichment consisting of URL/Domain enrichment and similarity score, to suggest how two screenshots taken at different timestamps are similar.

      Customer Configuration

      No customer configuration

      CDC Command Lines

      * **enrich_url_scan**
      Generated generic CLI command. This command could be used in a generic context. The result will be posted to "notify_endpoint" provided in metadata. Error messages should be returned as {"error_message":"..."}.

      OptionTypeDescriptionRequired
      metadataobjectcommand metadataFalse
      url_or_domainstringurl or domain to be scannedTrue
      nth_daystringscan result to fetch of nth day eg 1d 2d 3dFalse

      Workflows

      * **enrich_url_scan**
      Generated generic CLI command. This command could be used in a generic context. The result will be posted to "notify_endpoint" provided in metadata. Error messages should be returned as {"error_message":"..."}.

      * **url_scan_workflow**
      Get the latest scan for a URL or IP.

      Rules

      No rules

      Sensors

      No sensors

      Triggers

      No triggers

      Known Issues

      No known issues

      Was this article helpful?
      What's Next