This playbook is similar to the domain reputation playbook (https://github.com/MISP/misp-playbooks/issues/13) , including the possibility to gather the screenshots.
The playbook also includes the possibility to submit a URL to Lookyloo for analysis. The playbook includes a "wait" time for the analysis of Lookyloo to finish and will then include the results in the summary.
cudeso
commented
8 months ago
The title of the playbook
Query URL reputation
Purpose of the playbook
This playbook is similar to the domain reputation playbook (https://github.com/MISP/misp-playbooks/issues/13) , including the possibility to gather the screenshots. The playbook also includes the possibility to submit a URL to Lookyloo for analysis. The playbook includes a "wait" time for the analysis of Lookyloo to finish and will then include the results in the summary.
External resources used by this playbook
Lookyloo, Whois, DNS, URLscan, Shodan, VirusTotal, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
SOC, CSIRT, CTI
Breefly list the execution steps or workflow
No response