search

splunk-soar-connectors / .github

Stores default community health files for the organization
Apache License 2.0
1 stars 7 forks source link

apwgecrimex #67

Closed Garrett-Logan closed 1 year ago

Garrett-Logan commented 1 year ago

Name of the app apwgecrimex

Integration The APWG eCrime Exchange (eCX) is the oldest and most trusted repository developed specifically to exchange threat data about common cybercrime events such as phishing. The APWG’s member organizations contribute new data, and extract data programmatically to inform their products and services – as well as to drive their own security applications and forensic routines.

About This app integrates Splunk SOAR with the APWG eCrime Exchange allowing the user to query the urls to determine if they are present in the database.

The filters determine how the url is looked up in the database. URL_exact - query the database exactly with the url provided domain - query the database using only the domain of the url url - query the database using everything before the path of the url. This will return many results if https:// or any other common URL components are included

Sanitize_url - removes the path of the url, this is to exclude any sensitive information that might be in the the url. THIS DOES NOT WORK WITH URL_exact

mpan-splunk commented 1 year ago

https://github.com/splunk-soar-connectors/apwgecrimex