Skip to main content

Google Safe Browsing v2

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Search Safe Browsing v4

Configure GoogleSafeBrowsing on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for GoogleSafeBrowsing.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    API KeyTrue
    Client IDTrue
    Client VersionTrue
    Base URLTrue
    Source ReliabilityReliability of the source providing the intelligence data.True
    Use system proxy settingsFalse
    Trust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

url#


Check URL Reputation

Base Command#

url

Input#

Argument NameDescriptionRequired
urlURL to check.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator we tested
DBotScore.TypestringThe type of the indicator
DBotScore.VendorstringVendor used to calculate the score
DBotScore.ScoreintThe actual score
DBotScore.ReliabilitystringReliability of the source providing the intelligence data.
GoogleSafeBrowsing.URL.cacheDurationstringThe URL cache duration time.
GoogleSafeBrowsing.URL.threatTypestringThe URL threat type.
GoogleSafeBrowsing.URL.threatEntryTypestringThe URL threat entry type.
GoogleSafeBrowsing.URL.platformTypestringThe URL platform type.
URL.DatastringBad URLs found
URL.Malicious.VendorstringFor malicious URLs, the vendor that made the decision
URL.Malicious.DescriptionstringFor malicious URLs, the reason for the vendor to make the decision

Command Example#

!url url="http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/"

Context Example#

{
"DBotScore": {
"Indicator": "http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "url",
"Vendor": "GoogleSafeBrowsing"
},
"URL": {
"Data": "http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/",
"Malicious": {
"Description": "Match found: MALWARE/ANY_PLATFORM,MALWARE/WINDOWS,MALWARE/LINUX,MALWARE/ALL_PLATFORMS,MALWARE/OSX,MALWARE/CHROME",
"Vendor": "GoogleSafeBrowsing"
}
}
}

Human Readable Output#

Google Safe Browsing APIs - URL Query#

Found matches for URL http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/#

cacheDurationplatformTypethreatthreatEntryTypethreatType
300sANY_PLATFORM{"url":"http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/"}URLMALWARE
300sWINDOWS{"url":"http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/"}URLMALWARE
300sLINUX{"url":"http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/"}URLMALWARE
300sALL_PLATFORMS{"url":"http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/"}URLMALWARE
300sOSX{"url":"http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/"}URLMALWARE
300sCHROME{"url":"http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/"}URLMALWARE