Query domain reputation #13
Assignees
Labels
needs triage
This issue has been automatically labelled and needs further triage
playbook:activity=1
Playbooks for activity 1
playbook:state=proposal
A 'proposal' for a new playbook
Comments
cudeso
added
playbook:state=proposal
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The title of the playbook
Query domain reputation
Purpose of the playbook
This playbook is similar to the IP address reputation playbook (#12) . In addition it also extract screenshots from URLscan (directly via the API) for those URLs belonging to the domain. These screenshots are also included in the summary. The playbook also identifies historical scans at URLscan. The playbook then queries external services with MISP modules and adds the results to the summary in the playbook, Mattermost, Slack and ticket information.
External resources used by this playbook
Whois, DNS, URLscan, Shodan, VirusTotal, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
SOC, CSIRT, CTI
Breefly list the execution steps or workflow
No response
The text was updated successfully, but these errors were encountered: