Malware Domain List

Integration version: 8.0

Configure Malware Domain List integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Check URL

Description

This action fetches a URL and searches for it in the Malware Domain List. database.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the URL entity.

Action Results

Entity Enrichment
Enrichment Field Name Logic-When to apply
Domain Returns if it exists in JSON result
Description Returns if it exists in JSON result
IP Returns if it exists in JSON result
Country Returns if it exists in JSON result
Reverse Lookup Returns if it exists in JSON result
Data (UTC) Returns if it exists in JSON result
Insights

N/A

Script Result
Script Result Name Value Options Example
results_count True/False results_count:False
JSON Result
[{
   "EntityResult":
    [{
       "Domain": "dieutribenhkhop.com/parking/",
       "Description": "Ransom, Fake.PCN, Malspam",
       "IP": "1.1.1.1",
       "Country": "DE",
       "Reverse Lookup": "125.0-1.1.1.1.in-addr.arpa.",
       "Date (UTC)": "2017/03/20_10:13"
     },
    {
       "Domain": "dieutribenhkhop.com/parking/pay/rd.php?id=10",
       "Description": "Ransom, Fake.PCN, Malspam",
       "IP": "1.1.1.1",
       "Country": "DE",
       "Reverse Lookup": "125.0-1.1.1.1.in-addr.arpa.",
       "Date (UTC)": "2017/03/20_10:13"
    }],
   "Entity": "dieutribenhkhop.com"
}]

Ping

Description

Test Connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A