Integration
The APWG eCrime Exchange (eCX) is the oldest and most trusted repository developed specifically to exchange threat data about common cybercrime events such as phishing. The APWG’s member organizations contribute new data, and extract data programmatically to inform their products and services – as well as to drive their own security applications and forensic routines.
About
This app integrates Splunk SOAR with the APWG eCrime Exchange allowing the user to query the urls to determine if they are present in the database.
The filters determine how the url is looked up in the database.
URL_exact - query the database exactly with the url provided
domain - query the database using only the domain of the url
url - query the database using everything before the path of the url. This will return many results if https:// or any other common URL components are included
Sanitize_url - removes the path of the url, this is to exclude any sensitive information that might be in the the url. THIS DOES NOT WORK WITH URL_exact
Name of the app apwgecrimex
Integration The APWG eCrime Exchange (eCX) is the oldest and most trusted repository developed specifically to exchange threat data about common cybercrime events such as phishing. The APWG’s member organizations contribute new data, and extract data programmatically to inform their products and services – as well as to drive their own security applications and forensic routines.
About This app integrates Splunk SOAR with the APWG eCrime Exchange allowing the user to query the urls to determine if they are present in the database.
The filters determine how the url is looked up in the database. URL_exact - query the database exactly with the url provided domain - query the database using only the domain of the url url - query the database using everything before the path of the url. This will return many results if https:// or any other common URL components are included
Sanitize_url - removes the path of the url, this is to exclude any sensitive information that might be in the the url. THIS DOES NOT WORK WITH URL_exact