Script: Domain-level URL Filtering

Updated 5 months ago by TruSTAR

You can use this script to review domain names in a specific Enclave against an list of allowed domain names and then copy all remaining URLs to a destination Enclave. This can make it easier to remove non-malicious domains before diving into investigations.

Activating This Script

Contact your TruSTAR account manager and provide the following information:

  • Source Enclave ID(s)
  • Destination Enclave ID
  • An Allow List of domain names
  • Frequency of script execution. The default is every 24 hours but you can request a different time interval to meet your organization's needs.

After you have provided the information, your account manager will configure the feature and then email you with confirmation that this script has been enabled.

How It Works

  1. Searches the source Enclave(s) for all URL Indicators added since the last time the script was run. The default is 24 hours, but you also can request a customized interval.
  2. Scrubs the result set against the Domain Allow List. All URLs that match the Allow List are removed from the result set.
  3. Copies the remaining URLs in the result set to the destination Enclave.

If you have any issues or questions about this script, please contact

How Did We Do?