misp-playbooks icon indicating copy to clipboard operation
misp-playbooks copied to clipboard
verified publisher icon MISP

Query URL reputation

Open cudeso opened this issue 3 years ago • 1 comments

The title of the playbook

Query URL reputation

Purpose of the playbook

This playbook is similar to the domain reputation playbook (https://github.com/MISP/misp-playbooks/issues/13) , including the possibility to gather the screenshots. The playbook also includes the possibility to submit a URL to Lookyloo for analysis. The playbook includes a "wait" time for the analysis of Lookyloo to finish and will then include the results in the summary.

External resources used by this playbook

Lookyloo, Whois, DNS, URLscan, Shodan, VirusTotal, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)

Target audience

SOC, CSIRT, CTI

Breefly list the execution steps or workflow

No response

cudeso avatar Feb 16 '23 18:02 cudeso

  • URL import
  • Check for variants at other TLDs

cudeso avatar Nov 02 '23 09:11 cudeso

Check support with https://developers.cloudflare.com/radar/

cudeso avatar Oct 11 '24 20:10 cudeso