urlscan

Updated 3 days ago by Sachit Soni

This document explains how to set up and use the urlscan premium intelligence source with the TruSTAR Web App.

The urlscan is a free-mium service which virtually allows anyone to analyze unknown or potentially malicious domains and IP addresses. TruSTAR’s integration to the urlscan intelligence source will query for IP’s and Domain’s found in the submission enclave and report known findings in the urlscan enclave

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Update Frequency: 15 minutes
  • Time to install: 10 minutes

Data Types

The integration pulls the following observables:

  • IP Address
  • URL
When submitting URL's to query urlscan you must include the protocol (i.e http, https, etc.)

Requirements

  • A Free-mium or paid subscription to urlscan
  • urlscan API Key
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Login into the TruSTAR Web App.
  2. Click the Marketplace icon on the Navigation Bar.
  3. Choose Premium Intel.
  4. Click Subscribe to urlscan.
  5. Enter your urlscan API Key and then enter the Pull Enclave ID where you will submit Indicators to and then click Save Credentials & Request Subscription.
    1. Example
      1. API Key: Bknryj%Q9cKrv2D
      2. Enclave ID: 71f337a0-XXXX-XXXX-XXXX-5679271656a0

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

Field

Explanation

Report Title

URLSCAN: IOC-Type + IOC -Value

External ID

urlscan UUID taken from indicator

Report Body

 

These responses are taken from:

https://urlscan.io/api/v1/search/?q=domain:urlscan.io

Tags

 

Deeplink

None

Client Type

Python SDK

Client MetaTag

TruSTASH

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?