URLScan.io provides a service that analyzes websites and the resources they request.
This document provides information about the URLScan.io connector, which facilitates automated interactions, with a URLScan.io server using FortiSOAR™ playbooks. Add the URLScan.io connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching for information about a domain or an IP address on the URLScan.io server, or scanning a URL on the URLScan.io server.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with URLScan.io Versions: 1.0 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the URLScan.io connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the URLScan.io server to which you will connect and perform automated operations. |
API Key | API key that is configured for your account for using the URLScan.io server. |
Verify SSL | Specifies whether an SSL certificate will be required for the connection between the URLScan.io connector and URLScan.io server. By default, this option is set as True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Report | Retrieves a report from URLScan.io for the URLs that you have already submitted to the URLScan.io for analysis. Reports are retrieved based on the scan_id of the sample | get_report Investigation |
Search Domain | Searches and returns information about a domain that you have specified by its domain name. | domain_details Investigation |
Search IP | Searches and returns information about an IP that you have specified by its IP address. | ip_details Investigation |
Submit URL | Submits a URL to the URLScan.io for analysis. | submit_url Investigation |
Parameter | Description |
---|---|
Scan ID | Scan ID for a previously submitted URL for which you want to retrieve an analysis report from URLScan.io. |
The JSON output contains the report and details retrieved from URLScan.io for the previously submitted URLs.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain Name | Name of the domain for which you want to retrieve information. |
The JSON output contains the details of the specified domain name.
Following image displays a sample output:
Parameter | Description |
---|---|
IP | IP address for which you want to retrieve information. |
The JSON output contains the details of the specified IP address.
Following image displays a sample output:
Parameter | Description |
---|---|
URL | URL that you want to submit to URLScan.io for scanning and analyzing. |
The JSON output contains the UUID (or scan id) and the status of submission for the submitted URL. You can use this UUID in subsequent queries to retrieve scan reports from URLScan.io for the submitted URL.
Following image displays a sample output:
The Sample-URLScan.io-1.0.0
playbook collection comes bundled with the URLScan.io connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the URLScan.io connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
URLScan.io provides a service that analyzes websites and the resources they request.
This document provides information about the URLScan.io connector, which facilitates automated interactions, with a URLScan.io server using FortiSOAR™ playbooks. Add the URLScan.io connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching for information about a domain or an IP address on the URLScan.io server, or scanning a URL on the URLScan.io server.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with URLScan.io Versions: 1.0 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the URLScan.io connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the URLScan.io server to which you will connect and perform automated operations. |
API Key | API key that is configured for your account for using the URLScan.io server. |
Verify SSL | Specifies whether an SSL certificate will be required for the connection between the URLScan.io connector and URLScan.io server. By default, this option is set as True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Report | Retrieves a report from URLScan.io for the URLs that you have already submitted to the URLScan.io for analysis. Reports are retrieved based on the scan_id of the sample | get_report Investigation |
Search Domain | Searches and returns information about a domain that you have specified by its domain name. | domain_details Investigation |
Search IP | Searches and returns information about an IP that you have specified by its IP address. | ip_details Investigation |
Submit URL | Submits a URL to the URLScan.io for analysis. | submit_url Investigation |
Parameter | Description |
---|---|
Scan ID | Scan ID for a previously submitted URL for which you want to retrieve an analysis report from URLScan.io. |
The JSON output contains the report and details retrieved from URLScan.io for the previously submitted URLs.
Following image displays a sample output:
Parameter | Description |
---|---|
Domain Name | Name of the domain for which you want to retrieve information. |
The JSON output contains the details of the specified domain name.
Following image displays a sample output:
Parameter | Description |
---|---|
IP | IP address for which you want to retrieve information. |
The JSON output contains the details of the specified IP address.
Following image displays a sample output:
Parameter | Description |
---|---|
URL | URL that you want to submit to URLScan.io for scanning and analyzing. |
The JSON output contains the UUID (or scan id) and the status of submission for the submitted URL. You can use this UUID in subsequent queries to retrieve scan reports from URLScan.io for the submitted URL.
Following image displays a sample output:
The Sample-URLScan.io-1.0.0
playbook collection comes bundled with the URLScan.io connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the URLScan.io connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.