Contents x
      URL Scan 2.0.0
      • 16 Apr 2023
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Contents

      URL Scan 2.0.0

      • Updated on 16 Apr 2023
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Article summary

      tags: Python | Enrichment | urlscan.io | Image Similarity | deepai.org | URL | Domain

      Description

      Integration with urlscan.io is created to support CDC users by providing the enrichment of a URL or domain. This enables CDC users to make informed decisions regarding incident response.

      URLscan.io enrichments provide screenshots of URLs/domains during the current scan and from recent successful scans. This enable CDC users to check content for suspected website defacement, if any. These screenshots are further processed as inputs using Image Similarity API on deepai.org, which compares two images and returns a value to confirm how two screenshots are visually similar. The lower the score, the more contextually similar the two screenshots are - with a score of '0' being identical.

      We have used customized adaptive cards to display URL or domain-related enrichments in a meaningful intuitive GUI, to facilitate easy understanding of data received from urlscan.io and deepai.org.

      Integration Type:Threat Intelligence Enrichment
      Information read:URL or Domain
      API Supported:API V1
      Input:URL/Domain that needs to be checked.
      Output:Detailed enrichment consisting of URL/Domain enrichment and similarity score, to suggest how two screenshots taken at different timestamps are similar.

      Customer Configuration

      No customer configuration

      CDC Command Lines

      * **enrich_url_scan**
      Generated generic CLI command. This command could be used in a generic context. The result will be posted to "notify_endpoint" provided in the metadata. Error messages should be returned as {"error_message":"..."}.

      OptionTypeDescriptionRequired
      metadataobjectCommand metadata.False
      url_or_domainstringURL or domain to be scanned.True
      nth_daystringScan result to fetch of nth day; e.g., 1d 2d 3d.False

      Workflows

      * **enrich_url_scan**
      Generated generic CLI command. This command could be used in a generic context. The result will be posted to "notify_endpoint" provided in the metadata. Error messages should be returned as {"error_message":"..."}.

      * **url_scan_workflow**
      Get the latest scan for the URL or IP.

      Rules

      No rules

      Sensors

      No sensors

      Triggers

      No triggers

      Known Issues

      No known issues

      Was this article helpful?
      What's Next