Fortinet Document Library

Version:


Table of Contents

1.1.0
Copy Link

About the connector

URLVoid provides a service to analyze websites through multiple blacklist engines and online reputation tools to facilitate the detection of fraudulent and malicious websites. This service helps you identify websites involved in malware incidents, fraudulent activities, and phishing websites.

This document provides information about the URLVoid connector, which provides an interface to connect with the URLVoid server and facilitate automated interactions, with a URLVoid server using FortiSOAR™playbooks. Add the URLVoid connector as a step in FortiSOAR™playbooks and perform automated operations, such as scanning a website on the URLVoid server and retrieving the reputation of a website from URLVoid.

 

Version information

Connector Version: 1.1.0

Compatibility with FortiSOAR™Versions: 4.9.0.0-708 and later

 

Release Notes for version 1.1.0

Following enhancements have been made to the URLVoid Connector in version 1.1.0:

  • Merged the Scan Website operation with the Get Website Reputation operation.
  • Added a new input parameter named Rescan in the Get Website Reputation operation.

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of URLVoid server to which you will connect and perform the automated operations and the API Key and the user identifier to access that server.
  • To access the FortiSOAR™UI, ensure that port 443 is open through the firewall for the FortiSOAR™instance.

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In CyOPs™, on the Connectors page, select the URLVoid connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the URLVoid server to which you will connect and perform the automated operations.
API Key API key that is configured for your account to access the URLVoid server.
Identifier Identifier of the user that is configured for your account to access the URLVoid server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Website Reputation Retrieves the score and other details for the specified website from the URLVoid server based on the website name you have specified. domain_reputation
Investigation

 

operation: Get Website Reputation

Input parameters

 

Parameter Description
Website Name Name of the website for which you want to retrieve reputation information and other details from the URLVoid server.
Rescan If you select this option, i.e. set this option to True, then the website is rescanned every time this operation is run so that the latest information is retrieved from the URLVoid server.
By default, this option is set as True.

 

Output

The JSON output contains the reputation with the score and other details of the specified website, retrieved from the URLVoid server, based on the website name you have specified.

 

Note: Safety reputation for a website is defined in the count variable. If the safety reputation of a website is 0, then the count variable is not shown in the output. 0 means that no data for that website is available with the configured URLVoid server.

 

Following image displays a sample output:
 

Sample output of the Get Website Reputation operation

 

Included playbooks

The Sample - URLVoid - 1.1.0 playbook collection comes bundled with the URLVoid connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™after importing the URLVoid connector.

  • Get Website Reputation

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

URLVoid provides a service to analyze websites through multiple blacklist engines and online reputation tools to facilitate the detection of fraudulent and malicious websites. This service helps you identify websites involved in malware incidents, fraudulent activities, and phishing websites.

This document provides information about the URLVoid connector, which provides an interface to connect with the URLVoid server and facilitate automated interactions, with a URLVoid server using FortiSOAR™playbooks. Add the URLVoid connector as a step in FortiSOAR™playbooks and perform automated operations, such as scanning a website on the URLVoid server and retrieving the reputation of a website from URLVoid.

 

Version information

Connector Version: 1.1.0

Compatibility with FortiSOAR™Versions: 4.9.0.0-708 and later

 

Release Notes for version 1.1.0

Following enhancements have been made to the URLVoid Connector in version 1.1.0:

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In CyOPs™, on the Connectors page, select the URLVoid connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the URLVoid server to which you will connect and perform the automated operations.
API Key API key that is configured for your account to access the URLVoid server.
Identifier Identifier of the user that is configured for your account to access the URLVoid server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Website Reputation Retrieves the score and other details for the specified website from the URLVoid server based on the website name you have specified. domain_reputation
Investigation

 

operation: Get Website Reputation

Input parameters

 

Parameter Description
Website Name Name of the website for which you want to retrieve reputation information and other details from the URLVoid server.
Rescan If you select this option, i.e. set this option to True, then the website is rescanned every time this operation is run so that the latest information is retrieved from the URLVoid server.
By default, this option is set as True.

 

Output

The JSON output contains the reputation with the score and other details of the specified website, retrieved from the URLVoid server, based on the website name you have specified.

 

Note: Safety reputation for a website is defined in the count variable. If the safety reputation of a website is 0, then the count variable is not shown in the output. 0 means that no data for that website is available with the configured URLVoid server.

 

Following image displays a sample output:
 

Sample output of the Get Website Reputation operation

 

Included playbooks

The Sample - URLVoid - 1.1.0 playbook collection comes bundled with the URLVoid connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™after importing the URLVoid connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.