Malware Domain List (MDL) is a non-commercial community project and their list can be used for free by anyone.
This document provides information about the Malware Domain List connector, which facilitates automated interactions, with a Malware Domain List server using FortiSOAR™ playbooks. Add the Malware Domain List connector as a step in FortiSOAR™ playbooks and perform automated operations, such as automatically retrieving information for a specified IP address or domain name from MDL.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 5.0.1-098
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-malwaredomainlist
For the procedure to configure a connector, click here
In FortiSOAR™ , on the Connectors page, click the Malware Domain List connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
URL | URL of the Malware Domain List server to which you will connect and lookup specified IP addresses and domains. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
IP Lookup | Performs a lookup on the IP address that you specified on Malware Domain List and retrieves information for that IP address from Malware Domain List. | ip_lookup Investigation |
Domain Lookup | Performs a lookup on the domain that you specified on Malware Domain List and retrieves information for that domain name from Malware Domain List. | domain_lookup Investigation |
Parameter | Description |
---|---|
IP | IP address that you want to lookup and whose information you want to retrieve from Malware Domain List. |
Limit | (Optional) Maximum number of results that this operation should return. |
The output contains the following populated JSON schema:
[
{
"ip": "",
"description": "",
"asn": "",
"domain": "",
"dateutc": "",
"reverselookup": ""
}
]
Parameter | Description |
---|---|
Domain | Name of the domain that you want to lookup and whose information you want to retrieve from Malware Domain List. |
Limit | (Optional) Maximum number of results that this operation should return. |
The output contains the following populated JSON schema:
[
{
"ip": "",
"description": "",
"asn": "",
"domain": "",
"dateutc": "",
"reverselookup": ""
}
]
The Sample - Malware Domain List - 1.0.0
playbook collection comes bundled with the Malware Domain List connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Malware Domain List connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Malware Domain List (MDL) is a non-commercial community project and their list can be used for free by anyone.
This document provides information about the Malware Domain List connector, which facilitates automated interactions, with a Malware Domain List server using FortiSOAR™ playbooks. Add the Malware Domain List connector as a step in FortiSOAR™ playbooks and perform automated operations, such as automatically retrieving information for a specified IP address or domain name from MDL.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 5.0.1-098
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-malwaredomainlist
For the procedure to configure a connector, click here
In FortiSOAR™ , on the Connectors page, click the Malware Domain List connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
URL | URL of the Malware Domain List server to which you will connect and lookup specified IP addresses and domains. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
IP Lookup | Performs a lookup on the IP address that you specified on Malware Domain List and retrieves information for that IP address from Malware Domain List. | ip_lookup Investigation |
Domain Lookup | Performs a lookup on the domain that you specified on Malware Domain List and retrieves information for that domain name from Malware Domain List. | domain_lookup Investigation |
Parameter | Description |
---|---|
IP | IP address that you want to lookup and whose information you want to retrieve from Malware Domain List. |
Limit | (Optional) Maximum number of results that this operation should return. |
The output contains the following populated JSON schema:
[
{
"ip": "",
"description": "",
"asn": "",
"domain": "",
"dateutc": "",
"reverselookup": ""
}
]
Parameter | Description |
---|---|
Domain | Name of the domain that you want to lookup and whose information you want to retrieve from Malware Domain List. |
Limit | (Optional) Maximum number of results that this operation should return. |
The output contains the following populated JSON schema:
[
{
"ip": "",
"description": "",
"asn": "",
"domain": "",
"dateutc": "",
"reverselookup": ""
}
]
The Sample - Malware Domain List - 1.0.0
playbook collection comes bundled with the Malware Domain List connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Malware Domain List connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.