Is your feature request related to a problem? Please describe.
A duplicate captures on lookyloo doesn't match what we need for the takedown process:
It makes sense to have the same URL in multiple captures multiple times a day, even without changing any setting between two captures because they change. Or just because the URL is part of a chain of redirects
It makes very little sense to trigger takedown multiple times a day on the same URL
Describe the solution you'd like
MISP. When a takedown request has been validated by an analyst, it is added to MISP. When we trigger a report for suspicious URL from lookyloo, we need to add a lookup against MISP. If we have a hit, we will also know when it was added (timestamp). With that information, we can warn the analyst before they trigger the takedown that this URL was (probably) already processed recently.
Describe alternatives you've considered
Pushing back to Lookyloo a note saying that we already triggered a takedown request for a specific URL is not really an option as a URL can be somewhere in the chain of redirect an that's going to be really hard to keep track of.
Is your feature request related to a problem? Please describe.
A duplicate captures on lookyloo doesn't match what we need for the takedown process:
Describe the solution you'd like
MISP. When a takedown request has been validated by an analyst, it is added to MISP. When we trigger a report for suspicious URL from lookyloo, we need to add a lookup against MISP. If we have a hit, we will also know when it was added (timestamp). With that information, we can warn the analyst before they trigger the takedown that this URL was (probably) already processed recently.
Describe alternatives you've considered
Pushing back to Lookyloo a note saying that we already triggered a takedown request for a specific URL is not really an option as a URL can be somewhere in the chain of redirect an that's going to be really hard to keep track of.
Additional context
No response