Skip to main content

URL Enrichment - RST Threat Feed

This Playbook is part of the RST Threat Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Enrich URLs using one or more integrations.

URL enrichment includes:

  • SSL verification for URLs
  • Threat information
  • Providing of URL screenshots

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • RST Cloud - Threat Feed API
  • Rasterize

Scripts#

  • URLSSLVerification
  • Exists

Commands#

  • url
  • rasterize

Playbook Inputs#


NameDescriptionDefault ValueRequired
URLURLs to enrich.URL.DataRequired
RasterizeShould the system take safe screenshots of input URLs?TrueOptional
VerifyURLShould the system perform SSL certificate verification on the URLs?FalseOptional
thresholdDefines the minimum score to set indicators as maliciousinputs.thresholdOptional

Playbook Outputs#


PathDescriptionType
URLThe URL object.string
URL.DataThe enriched URL.string
DBotScoreThe DBotScore object.unknown
URL.MaliciousWhether the detected URL was malicious.unknown
URL.VendorVendor that labeled the URL as malicious.string
URL.DescriptionAdditional information for the URL.string