Fortinet black logo

URLScan.io v1.0.0

Copy Link
Copy Doc ID f0c4430f-ecf0-4736-955e-7a0268578b55:1

About the connector

URLScan.io provides a service that analyzes websites and the resources they request.

This document provides information about the URLScan.io connector, which facilitates automated interactions, with a URLScan.io server using FortiSOAR™ playbooks. Add the URLScan.io connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching for information about a domain or an IP address on the URLScan.io server, or scanning a URL on the URLScan.io server.

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with URLScan.io Versions: 1.0 and later

Installing the connector

For the procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of the URLScan.io server to which you will connect and perform the automated operations and the API key to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the URLScan.io connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the URLScan.io server to which you will connect and perform automated operations.
API Key API key that is configured for your account for using the URLScan.io server.
Verify SSL Specifies whether an SSL certificate will be required for the connection between the URLScan.io connector and URLScan.io server.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Report Retrieves a report from URLScan.io for the URLs that you have already submitted to the URLScan.io for analysis. Reports are retrieved based on the scan_id of the sample get_report
Investigation
Search Domain Searches and returns information about a domain that you have specified by its domain name. domain_details
Investigation
Search IP Searches and returns information about an IP that you have specified by its IP address. ip_details
Investigation
Submit URL Submits a URL to the URLScan.io for analysis. submit_url
Investigation

operation: Get Report

Input parameters

Parameter Description
Scan ID Scan ID for a previously submitted URL for which you want to retrieve an analysis report from URLScan.io.

Output

The JSON output contains the report and details retrieved from URLScan.io for the previously submitted URLs.

Following image displays a sample output:

Sample output of the Get Report operation

operation: Search Domain

Input parameters

Parameter Description
Domain Name Name of the domain for which you want to retrieve information.

Output

The JSON output contains the details of the specified domain name.

Following image displays a sample output:

Sample output of the Search Domain operation

operation: Search IP

Input parameters

Parameter Description
IP IP address for which you want to retrieve information.

Output

The JSON output contains the details of the specified IP address.

Following image displays a sample output:

Sample output of the Search IP operation

operation: Submit URL

Input parameters

Parameter Description
URL URL that you want to submit to URLScan.io for scanning and analyzing.

Output

The JSON output contains the UUID (or scan id) and the status of submission for the submitted URL. You can use this UUID in subsequent queries to retrieve scan reports from URLScan.io for the submitted URL.

Following image displays a sample output:

Sample output of the Submit URL operation

Included playbooks

The Sample-URLScan.io-1.0.0 playbook collection comes bundled with the URLScan.io connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the URLScan.io connector.

  • Get Report
  • Search Domain
  • Search IP
  • Submit URL
    Note: If you submit a URL and then want to get the report for the URL from URLScan.io, you must add a delay step that has a delay of a minimum of 60 seconds after the Submit URL step and then add the step to get the report from URLScan.io. This is required since URLScan.io takes some time to analyze the URL you have submitted and therefore the playbook should wait for URLScan.io to analyze the sample and then generate the report.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

URLScan.io provides a service that analyzes websites and the resources they request.

This document provides information about the URLScan.io connector, which facilitates automated interactions, with a URLScan.io server using FortiSOAR™ playbooks. Add the URLScan.io connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching for information about a domain or an IP address on the URLScan.io server, or scanning a URL on the URLScan.io server.

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with URLScan.io Versions: 1.0 and later

Installing the connector

For the procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the URLScan.io connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the URLScan.io server to which you will connect and perform automated operations.
API Key API key that is configured for your account for using the URLScan.io server.
Verify SSL Specifies whether an SSL certificate will be required for the connection between the URLScan.io connector and URLScan.io server.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Report Retrieves a report from URLScan.io for the URLs that you have already submitted to the URLScan.io for analysis. Reports are retrieved based on the scan_id of the sample get_report
Investigation
Search Domain Searches and returns information about a domain that you have specified by its domain name. domain_details
Investigation
Search IP Searches and returns information about an IP that you have specified by its IP address. ip_details
Investigation
Submit URL Submits a URL to the URLScan.io for analysis. submit_url
Investigation

operation: Get Report

Input parameters

Parameter Description
Scan ID Scan ID for a previously submitted URL for which you want to retrieve an analysis report from URLScan.io.

Output

The JSON output contains the report and details retrieved from URLScan.io for the previously submitted URLs.

Following image displays a sample output:

Sample output of the Get Report operation

operation: Search Domain

Input parameters

Parameter Description
Domain Name Name of the domain for which you want to retrieve information.

Output

The JSON output contains the details of the specified domain name.

Following image displays a sample output:

Sample output of the Search Domain operation

operation: Search IP

Input parameters

Parameter Description
IP IP address for which you want to retrieve information.

Output

The JSON output contains the details of the specified IP address.

Following image displays a sample output:

Sample output of the Search IP operation

operation: Submit URL

Input parameters

Parameter Description
URL URL that you want to submit to URLScan.io for scanning and analyzing.

Output

The JSON output contains the UUID (or scan id) and the status of submission for the submitted URL. You can use this UUID in subsequent queries to retrieve scan reports from URLScan.io for the submitted URL.

Following image displays a sample output:

Sample output of the Submit URL operation

Included playbooks

The Sample-URLScan.io-1.0.0 playbook collection comes bundled with the URLScan.io connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the URLScan.io connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next