Skip to main content

SecurityTrails

This Integration is part of the SecurityTrails Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This integration provides API access to the SecurityTrails platform.

Configure SecurityTrails on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for SecurityTrails.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    API KeyTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch indicatorsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

securitytrails-get-subdomains#


Returns child and sibling subdomains for a given hostname.

Base Command#

securitytrails-get-subdomains

Input#

Argument NameDescriptionRequired
hostnameThe hostname.Required
children_onlyOnly return children subdomains. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
SecurityTrails.Domain.namestringHostname
SecurityTrails.Domain.subdomainsunknownSubdomains
Domain.NamestringDomain name
Domain.SubdomainsstringSubdomains
SecurityTrails.Domain.subdomain_countnumberSubdomain Count

securitytrails-get-domain-details#


Returns the current data about the given hostname. In addition to the current data, you also get the current statistics associated with a particular record. For example, for a records you'll get how many other hostnames have the same IP.

Base Command#

securitytrails-get-domain-details

Input#

Argument NameDescriptionRequired
hostnameThe hostname.Required

Context Output#

PathTypeDescription
SecurityTrails.Domain.namestringDomain name
SecurityTrails.Domain.alexa_ranknumberAlexa rank
SecurityTrails.Domain.apex_domainstringApex domain
SecurityTrails.Domain.current_dnsunknownCurrent DNS records
SecurityTrails.Domain.subdomain_countnumberSubdomain count
Domain.NamestringDomain name
Domain.NameServersstringName servers

securitytrails-get-tags#


Returns tags for a given hostname

Base Command#

securitytrails-get-tags

Input#

Argument NameDescriptionRequired
hostnameHostname.Required

Context Output#

PathTypeDescription
SecurityTrails.Domain.namestringDomain name
SecurityTrails.Domain.tagsunknownDomain tags
Domain.NamestringDomain name
Domain.TagsstringDomain tags

securitytrails-get-company-details#


Returns details for a company domain.

Base Command#

securitytrails-get-company-details

Input#

Argument NameDescriptionRequired
domainDomain.Required

Context Output#

PathTypeDescription
SecurityTrails.Domain.namestringDomain name
SecurityTrails.Domain.companystringCompany name
Domain.NamestringDomain name
Domain.OrganizationstringOrganization
Domain.Registrant.NamestringDomain registrant name
WHOIS.Registrant.NamestringDomain registrant name

securitytrails-get-company-associated-ips#


Returns associated IPs for a company domain. The data is based on whois data with the names matched to the domains.

Base Command#

securitytrails-get-company-associated-ips

Input#

Argument NameDescriptionRequired
domainDomain.Required

Context Output#

PathTypeDescription
SecurityTrails.Domain.namestringDomain name
SecurityTrails.Domain.assocaitedipsunknownAssociated IPs
SecurityTrails.Domain.assocaitedip_countnumberAssociated IP Count

securitytrails-get-domain-whois#


Returns the current WHOIS data about a given hostname with the stats merged together

Base Command#

securitytrails-get-domain-whois

Input#

Argument NameDescriptionRequired
hostnameHostname.Required

Context Output#

PathTypeDescription
SecurityTrails.Domain.expiresDatedateExpires date
SecurityTrails.Domain.nameServersunknownName servers
SecurityTrails.Domain.updatedDatedateUpdated date
SecurityTrails.Domain.namestringDomain name
SecurityTrails.Domain.statusstringStatus
SecurityTrails.Domain.contacts.countryCodestringCountry code
SecurityTrails.Domain.contacts.organization_countnumberOrganization count
SecurityTrails.Domain.contacts.telephonestringTelephone
SecurityTrails.Domain.contacts.postalCode_countnumberPostal code count
SecurityTrails.Domain.contacts.fax_countnumberFax count
SecurityTrails.Domain.contacts.street1stringStreet 1
SecurityTrails.Domain.contacts.statestringState
SecurityTrails.Domain.contacts.organizationstringOrganization
SecurityTrails.Domain.contacts.telephone_countnumberTelephone count
SecurityTrails.Domain.contacts.countrystringCountry
SecurityTrails.Domain.contacts.postalCodestringPostcode
SecurityTrails.Domain.contacts.typestringType
SecurityTrails.Domain.contacts.city_countnumberCity count
SecurityTrails.Domain.contacts.name_countnumberName count
SecurityTrails.Domain.contacts.emailstringEmail
SecurityTrails.Domain.contacts.faxstringFax
SecurityTrails.Domain.contacts.street1_countnumberStreet 1 count
SecurityTrails.Domain.private_registrationbooleanPrivate registration
SecurityTrails.Domain.createdDatedateCreated date
SecurityTrails.Domain.registrarNamestringRegistrar name
SecurityTrails.Domain.contactEmailstringContact email
Domain.Admin.CountrystringCountry
Domain.Admin.EmailstringEmail
Domain.Admin.NamestringName
Domain.Admin.PhonestringPhone
Domain.DomainStatusstringStatus
Domain.NamestringName
Domain.NameServersstringName server
Domain.UpdatedDatedateUpdated date
Domain.WHOIS.CreationDatedateCreation date
Domain.WHOIS.DomainStatusstringStatus
Domain.WHOIS.ExpirationDatedateExpiration date
Domain.WHOIS.NameServersstringName servers
Domain.WHOIS.Registrar.NamestringName
Domain.WHOIS.UpdatedDatedateUpdated date

securitytrails-get-dns-history#


Lists out specific historical information about the given hostname parameter. In addition of fetching the historical data for a particular type, the count statistic is returned as well, which represents the number of that particular resource against current data.

Base Command#

securitytrails-get-dns-history

Input#

Argument NameDescriptionRequired
hostnameHostname.Required
typeType. Possible values are: a, aaaa, mx, ns, soa, txt. Default is a.Required

Context Output#

PathTypeDescription
SecurityTrails.Domain.a_history_records.first_seenstringFirst seen
SecurityTrails.Domain.a_history_records.last_seenstringLast seen
SecurityTrails.Domain.a_history_records.organizationsunknownOrganizations
SecurityTrails.Domain.a_history_records.typestringType
SecurityTrails.Domain.a_history_records.values.ipstringIP
SecurityTrails.Domain.a_history_records.values.ipv6stringIPv6
SecurityTrails.Domain.mx_history_records.values.hoststringHost
SecurityTrails.Domain.mx_history_records.values.mx_countnumberMX count
SecurityTrails.Domain.mx_history_records.values.prioritynumberPriority
SecurityTrails.Domain.namestringName
SecurityTrails.Domain.ns_history_records.values.nameserverstringName server
SecurityTrails.Domain.ns_history_records.values.nameserver_countnumberName server count
SecurityTrails.Domain.soa_history_records.values.emailstringEmail
SecurityTrails.Domain.soa_history_records.values.email_countnumberEmail count
SecurityTrails.Domain.soa_history_records.values.ttlnumberTTL
SecurityTrails.Domain.txt_history_records.values.valuestringValue
SecurityTrails.Domain.a_history_record_pagesnumberA record pages count
SecurityTrails.Domain.aaaa_history_record_pagesnumberAAAA record pages count
SecurityTrails.Domain.mx_history_record_pagesnumberMX record pages count
SecurityTrails.Domain.ns_history_record_pagesnumberNS record pages count
SecurityTrails.Domain.soa_history_record_pagesnumberSOA record pages count
SecurityTrails.Domain.txt_history_record_pagesnumberTXT record pages count

securitytrails-get-whois-history#


Returns historical WHOIS information about the given domain.

Base Command#

securitytrails-get-whois-history

Input#

Argument NameDescriptionRequired
hostnameHostname.Required
pageThe page of the returned results, starting at 1. A page returns 100 results.Optional

Context Output#

PathTypeDescription
SecurityTrails.Domain.namestringName
SecurityTrails.Domain.whois_history.contact.telephonestringTelephone
SecurityTrails.Domain.whois_history.contact.citystringCity
SecurityTrails.Domain.whois_history.contact.namestringName
SecurityTrails.Domain.whois_history.contact.street1stringStreet 1
SecurityTrails.Domain.whois_history.contact.statestringState
SecurityTrails.Domain.whois_history.contact.organizationstringOrganization
SecurityTrails.Domain.whois_history.contact.countrystringCountry
SecurityTrails.Domain.whois_history.contact.postalCodestringPostal code
SecurityTrails.Domain.whois_history.contact.typestringType
SecurityTrails.Domain.whois_history.contact.emailstringEmail
SecurityTrails.Domain.whois_history.contact.faxstringFax
SecurityTrails.Domain.whois_history.startednumberStarted
SecurityTrails.Domain.whois_history.expiresDatenumberExpires date
SecurityTrails.Domain.whois_history.domainstringDomain
SecurityTrails.Domain.whois_history.nameServersstringName servers
SecurityTrails.Domain.whois_history.gtldbooleanGTLD
SecurityTrails.Domain.whois_history.updatedDatenumberUpdated date
SecurityTrails.Domain.whois_history.statusstringStatus
SecurityTrails.Domain.whois_history.full_domainstringFull domain
SecurityTrails.Domain.whois_history.createdDatenumberCreated date
SecurityTrails.Domain.whois_history.registrarNamestringRegistrar name
SecurityTrails.Domain.whois_history.endednumberEnded date
SecurityTrails.Domain.whois_history_countnumberWHOIS history count
Domain.NamestringName
Domain.WHOIS/History.Admin.EmailstringEmail
Domain.WHOIS/History.Admin.NamestringName
Domain.WHOIS/History.Admin.PhonestringPhone
Domain.WHOIS/History.CreationDatedateCreation date
Domain.WHOIS/History.DomainStatusstringStatus
Domain.WHOIS/History.ExpirationDatedateExpiration date
Domain.WHOIS/History.NameServersstringName servers
Domain.WHOIS/History.Registrant.EmailstringEmail
Domain.WHOIS/History.Registrant.NamestringName
Domain.WHOIS/History.Registrant.PhonestringPhone
Domain.WHOIS/History.Registrar.EmailstringEmail
Domain.WHOIS/History.Registrar.NamestringName
Domain.WHOIS/History.Registrar.PhonestringPhone
Domain.WHOIS/History.UpdatedDatedateUpdated date

securitytrails-get-ip-neighbors#


Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses. It will divide the range into 16 groups. Example: a /28 would be divided into 16 /32 blocks or a /24 would be divided into 16 /28 blocks

Base Command#

securitytrails-get-ip-neighbors

Input#

Argument NameDescriptionRequired
ipaddressStarting IP address (optionally with CIDR subnet mask).Required

Context Output#

PathTypeDescription
SecurityTrails.IP.ipstringIP address
SecurityTrails.IP.block.active_egressbooleanActive Egress
SecurityTrails.IP.block.hostnamesstringHostnames
SecurityTrails.IP.block.portsnumberPort
SecurityTrails.IP.block.sitesnumberSites
IP.AddressstringAddress

securitytrails-search-domain#


Filter and search specific records using DSL - a powerful SQL like query interface to the data via certain API end points.

Base Command#

securitytrails-search-domain

Input#

Argument NameDescriptionRequired
include_ipsResolves any A records and additionally returns IP addresses. Possible values are: false, true. Default is false.Optional
pageThe page of the returned results, starting at 1. A page returns 100 results.Optional
scrollRequest scrolling. Only supported when query is used and not filter. See the Scrolling API endpoint. Possible values are: false, true. Default is false.Optional
queryThe DSL query you want to run (https://docs.securitytrails.com/docs/how-to-use-the-dsl).Optional
filterJSON dicitonary of filter terms (https://docs.securitytrails.com/reference#domain-search). Can not be used together with query.Optional

Context Output#

PathTypeDescription
SecurityTrails.Domain.Search.alexa_ranknumberAlexa rank
SecurityTrails.Domain.Search.computed.company_namestringCompany name
SecurityTrails.Domain.Search.host_providerstringHost provider
SecurityTrails.Domain.Search.hostnamestringHostname
SecurityTrails.Domain.Search.mail_provider.[0]stringMail provider
SecurityTrails.Domain.Search.whois.createdDatenumberCreated date
SecurityTrails.Domain.Search.whois.expiresDatenumberExpires date
SecurityTrails.Domain.Search.whois.registrarstringRegistrar

securitytrails-statistics-domain#


Domain statistics

Base Command#

securitytrails-statistics-domain

Input#

Argument NameDescriptionRequired
queryThe DSL query you want to run (https://docs.securitytrails.com/docs/how-to-use-the-dsl).Optional
filterJSON dicitonary of filter terms (https://docs.securitytrails.com/reference#domain-search). Can not be used together with query.Optional

Context Output#

PathTypeDescription
SecurityTrails.Domain.Search.DomainStats.domain_countnumberDomain count
SecurityTrails.Domain.Search.DomainStats.hostname_count.relationstringRelation
SecurityTrails.Domain.Search.DomainStats.hostname_count.valuenumberValue
SecurityTrails.Domain.Search.DomainStats.tld_countnumberTLD count
SecurityTrails.Domain.Search.DomainStats.top_organizations.countnumberCount
SecurityTrails.Domain.Search.DomainStats.top_organizations.keystringKey
SecurityTrails.Domain.Search.DomainStats.whois_organization_countnumberWHOIS count

securitytrails-get-associated-domains#


Find all domains that are related to a hostname you input. Limited to 10000 results.

Base Command#

securitytrails-get-associated-domains

Input#

Argument NameDescriptionRequired
hostnameHostname.Required
pageThe page of the returned results, starting at 1. A page returns 100 results.Optional

Context Output#

PathTypeDescription
SecurityTrails.Domain.associated_domains.alexa_ranknumberAlexa Rank
SecurityTrails.Domain.associated_domains.computed.company_namestringCompany Name
SecurityTrails.Domain.associated_domains.host_providerstringHost Provider
SecurityTrails.Domain.associated_domains.hostnamestringHostname
SecurityTrails.Domain.associated_domains.mail_providerstringMail Provider
SecurityTrails.Domain.associated_domains.whois.createdDatenumberCreated Date
SecurityTrails.Domain.associated_domains.whois.expiresDatenumberExpires Date
SecurityTrails.Domain.associated_domains.whois.registrarstringRegistrar
SecurityTrails.Domain.associated_domain_countnumberAssociated Domain Count

securitytrails-search-ip#


Search for IP addresses. A maximum of 10000 results can be retrieved.

Base Command#

securitytrails-search-ip

Input#

Argument NameDescriptionRequired
pageThe page of the returned results, starting at 1. A page returns 100 results. Default is 1.Optional
queryThe DSL query you want to run (https://docs.securitytrails.com/docs/how-to-use-the-dsl).Required

Context Output#

PathTypeDescription
SecurityTrails.IP.Search.ipstringIP Address
SecurityTrails.IP.Search.ports.portnumberPort
SecurityTrails.IP.Search.ports.date_checkednumberDate checked
SecurityTrails.IP.Search.ptrstringPTR Record
IP.AddressstringAddress
IP.HostnamestringHostname
IP.PortsstringPorts

securitytrails-statistics-ip#


Statistics like Reverse DNS pattern identification (RDNS entries are grouped and displayed as x), ports (number of open ports found) or total results are returned

Base Command#

securitytrails-statistics-ip

Input#

Argument NameDescriptionRequired
queryThe DSL query you want to run (https://docs.securitytrails.com/docs/how-to-use-the-dsl).Required

Context Output#

PathTypeDescription
SecurityTrails.IP.Search.IPStats.ports.countnumberCount
SecurityTrails.IP.Search.IPStats.ports.keynumberKey
SecurityTrails.IP.Search.IPStats.top_ptr_patterns.countnumberCount
SecurityTrails.IP.Search.IPStats.top_ptr_patterns.keystringKey
SecurityTrails.IP.Search.IPStats.total.relationstringRelation
SecurityTrails.IP.Search.IPStats.total.valuenumberValue

securitytrails-get-ip-whois#


Returns IPs information based on whois information.

Base Command#

securitytrails-get-ip-whois

Input#

Argument NameDescriptionRequired
ipaddressIP Address.Required

Context Output#

PathTypeDescription
SecurityTrails.IP.contact_emailstringEmail
SecurityTrails.IP.contacts.emailstringEmail
SecurityTrails.IP.contacts.organizationstringOrganization
SecurityTrails.IP.contacts.telephonestringTelephone
SecurityTrails.IP.contacts.typestringType
SecurityTrails.IP.ipstringIP
SecurityTrails.IP.sourcestringSource

securitytrails-get-useragents#


Fetch user agents seen during the last 30 days for a specific IPv4 address. It shows devices with egressing traffic based on large scale web server logs. The number of results is not limited.

Base Command#

securitytrails-get-useragents

Input#

Argument NameDescriptionRequired
ipaddressIP Address.Required
pageThe page of the returned results, starting at 1. A page returns 100 results. Default is 1.Optional

Context Output#

PathTypeDescription
SecurityTrails.IP.ipstringIP Address
SecurityTrails.IP.useragent_records_countnumberCount
SecurityTrails.IP.useragents.browser_familystringBrowser Family
SecurityTrails.IP.useragents.client.enginestringClient Engine
SecurityTrails.IP.useragents.client.engine_versionstringClient Engine Version
SecurityTrails.IP.useragents.client.namestringClient Engine Name
SecurityTrails.IP.useragents.client.typestringClient Engine Type
SecurityTrails.IP.useragents.client.versionstringClient Version
SecurityTrails.IP.useragents.device.brandstringDevice Brand
SecurityTrails.IP.useragents.device.modelstringDevice Model
SecurityTrails.IP.useragents.device.typestringDevice Type
SecurityTrails.IP.useragents.lastseenstringLast Seen
SecurityTrails.IP.useragents.os.namestringOS Name
SecurityTrails.IP.useragents.os.platformstringOS Platform
SecurityTrails.IP.useragents.os.versionstringOS Version
SecurityTrails.IP.useragents.os_familystringOS Family
SecurityTrails.IP.useragents.user_agentstringUser Agent

domain#


Provides data enrichment for domains.

Base Command#

domain

Input#

Argument NameDescriptionRequired
domainThe domain name to enrich.Required

Context Output#

There is no context output for this command.