Skip to main content

URLhaus Feed

This Integration is part of the URLhaus Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

URLhaus is a platform from abuse.ch and Spamhaus dedicated to sharing malicious URLs that are being used for malware distribution. For more information, visit: https://urlhaus.abuse.ch/

Fetch indicators from URLhaus api#

Fetch indicators from the URLhaus API.

ParameterDescriptionRequired
Auth KeyAuth Key for authentication with abuse.chTrue
Fetches indicatorsCheck tofetch indicatorsTrue
Indicator ReputationThe type of reputation for the indicatorTrue
Feed SourceThe type of data we want to get from the apiTrue
Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed.True
Indicator Expiration MethodThe indicator expiration methodTrue
Source ReliabilityThe reliability of the feedTrue
Feed Fetch IntervalThe time interval to fetch indicators from the apiTrue
Trust any certificateWeather or not to trust any certificateTrue
Use system proxy settingsIf you want to use proxy for the integrationTrue

Create an Auth Key for abuse.ch#

Note: If you already have a profile, you can skip steps 1 and 2.

  1. Sign up for an abuse.ch account. You can do this easily by using an existing account that you may already have on X, LinkedIn, Google or Github. Just log in with the authentication provider of your choice here: https://auth.abuse.ch/

  2. Once you are authenticated on abuse.ch, ensure that you connect at least one additional authentication provider. This will ensure that you have access to abuse.ch platforms, even if one of the authentication providers you use shuts down (yes, it happened with Twitter!)

  3. Ensure that you hit the "Save profile" button. In the "Optional" section, you can now generate an "Auth-Key". This is your personal Auth-Key that you can now use in the integration.

Commands#

You can execute these commands in a playbook.

urlhaus-get-indicators#


Manual command to fetch events and display them.