Open krayzpipes opened 4 years ago
Coincidentally, I wrote a module to add FQDN observables for URLs the other day. I wrote it because I wanted to correlated URLs to the IP addresses they're hosted on so I can let my ip inspector module fire a detection when a URL is hosted on a blacklisted network. So yea, I think it's a good idea for the whois module to just work on FQDNs @krayzpipes, because the module to URL->FQDN will be in a PR momentarily.
Currently, the WhoIsAnalyzer works with F_URL and F_FQDN observable types.
Wondering if this would be better for the whois analysis module:
Running whois analysis twice is not a big performance hit... so it may not be worth the time. Thoughts?
@seanmcfeely / @unixfreak0037