Skip to main content

URL Enrichment - RST Threat Feed

This Playbook is part of the RST Threat Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Enrich URLs using one or more integrations.

URL enrichment includes:

  • SSL verification for URLs
  • Threat information
  • Providing of URL screenshots


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • RST Cloud - Threat Feed API
  • Rasterize


  • URLSSLVerification
  • Exists


  • url
  • rasterize

Playbook Inputs#

NameDescriptionDefault ValueRequired
URLURLs to enrich.URL.DataRequired
RasterizeShould the system take safe screenshots of input URLs?TrueOptional
VerifyURLShould the system perform SSL certificate verification on the URLs?FalseOptional
thresholdDefines the minimum score to set indicators as maliciousinputs.thresholdOptional

Playbook Outputs#

URLThe URL object.string
URL.DataThe enriched URL.string
DBotScoreThe DBotScore object.unknown
URL.MaliciousWhether the detected URL was malicious.unknown
URL.VendorVendor that labeled the URL as malicious.string
URL.DescriptionAdditional information for the URL.string