Url Scan 1.2.0

Url Scan - 1.2.0

tags: Python | Enrichment | urlscan.io | Image Similarity | deepai.org | URL | Domain

Table of Contents

• Description
• Customer Configuration
• CDC Command Lines
• Workflows
• Rules
• Sensors
• Triggers
• Known Issues

Description

Integration with urlscan.io is created to support CDC users by providing the enrichment of URL or domain; which enables CDC users to take an informed decision in incident response.

URLscan.io enrichment provide screenshot of URL/domain during the current scan and from last successful scans. This enable CDC user to check content for suspected website defacement, if any. These screenshots are further processed as input using Image Similarity API on deepai.org which compares two images and returns a value to confirm how 2 screenshots are visually similar. The lower the score, the more contextually similar the two screenshots are with a score of '0' being identical.

We have used customized adaptive cards to display URL or domain related enrichments in meaningful intuitive GUI, to facilitate easy understanding of data received from urlscan.io and deepai.org

Customer Configuration

No Customer Configuration

CDC Command Lines

* **enrich_url_scan**
Generated generic CLI command. This command could be used in generic context. Result will be posted to "notify_endpoint" provided in metadata. error messages should be returned as {"error_message":"..."}.

Workflows

* **enrich_url_scan**
Generated generic CLI command. This command could be used in generic context. Result will be posted to "notify_endpoint" provided in metadata. error messages should be returned as {"error_message":"..."}.

* **url_scan_workflow**
get the latest scan for url or ip

Rules

No rules

Sensors

No sensors

Triggers

No triggers

Known Issues

No issues