-
Notifications
You must be signed in to change notification settings - Fork 179
Workflow Actions
Olaf Hartong edited this page Nov 13, 2018
·
1 revision
Thanks to @rkovar for some of these actions
| field names | action | description |
|---|---|---|
| src_ip, dst_ip, dst_host_name | iplocation | Search for the Geolocation of the IP / hostname |
| ssl_cert_sha1, ssl_cert_md5, ssl_cert_sha256 | censys | Look up the field in the Censys database |
| src_ip, dst_ip, dst_host_name | threatminerip | Look for the IP / hostname at ThreatMiner |
| hash_sha256, hash_sha1, hash_md5, sha256 | threatminerhash | Look for the hash at ThreatMiner |
| dst_host_name | VirusTotalDomainInfo | Look for the hostname at VirusTotal |
| src_ip, dst_ip | VirusTotalIPInfo | Look for the IP at VirusTotal |
| hash_sha256, hash_sha1, hash_md5 sha256 | virustotal_all | Look for the hash at VirusTotal |
| src_ip, dst_ip, dst_host_name | ShodanGeneralSearch | Generic search for the IP/hostname at Shodan |
| src_ip, dst_ip, dst_host_name | ShodanIPInfo | Look for the IP/hostname at Shodan |
| * | github | Search the field at GitHub |
| src_ip, dst_ip, dst_host_name | urlquery | Search for the IP/hostname at URLQuery |
| * | Google for the field |