This document explains how to set up the urlscan premium intelligence source in the TruSTAR platform.
The urlscan is a free-mium service which virtually allows anyone to analyze unknown or potentially malicious domains and IP addresses. TruSTAR’s integration to the urlscan intelligence source will query for IP’s and Domain’s found in the submission enclave and report known findings in the urlscan enclave
- Source Type: Premium Intel
- Update Type: Query-based
- Update Frequency: 15 minutes
- Time to install: 10 minutes
- IP Address
- A Free-mium or paid subscription to urlscan
- urlscan API Key
- Login into the TruSTAR Web App.
- Click the Marketplace icon on the Navigation Bar.
- Choose Premium Intel.
- Click Subscribe to urlscan.
- Enter your urlscan API Key and then enter the Pull Enclave ID where you will submit Indicators to and then click Save Credentials & Request Subscription.
Example Enclave ID: 71f337a0-XXXX-XXXX-XXXX-5679271656a0
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
The information retrieved from this intelligence source is stored in the urlscan Enclave using this format.
URLSCAN: IOC-Type + IOC -Value
urlscan UUID taken from indicator
Value: <IOC Value>
Type: <URL, Domain, or IP>
Malicious Score: <BENIGN, Malicious>
Type: IP4, IP6
No reported issues.