HttpRequest Automate

Target Audience

• Cybersecurity Analysts: Professionals looking to automate the process of scanning URLs and IP addresses for potential threats, enhancing their threat intelligence capabilities.
• IT Security Teams: Teams that require efficient reporting on threats detected through external APIs like VirusTotal and Greynoise, allowing for quicker response times.
• Developers: Individuals who want to integrate threat intelligence into their applications or services through automated workflows, streamlining security processes.
• Incident Response Teams: Teams that need to gather and report on threat intelligence efficiently to mitigate risks and respond to incidents effectively.

Problem Solved

This workflow addresses the challenge of manually checking URLs and IP addresses against threat intelligence databases. By automating the process, it:

• Reduces Time: Speeds up the scanning and reporting process, allowing teams to focus on analysis rather than manual checks.
• Enhances Accuracy: Minimizes human error in data handling and reporting by leveraging automated API calls to VirusTotal and Greynoise.
• Improves Communication: Automatically generates and sends comprehensive reports via Slack and email, ensuring that all stakeholders are informed of potential threats promptly.

Workflow Steps

1. Webhook Trigger: The workflow starts when a POST request is made to the webhook, allowing users to submit URLs or IP addresses along with their email for reporting.
2. Input Processing: The input data is parsed to extract URLs and emails. If an IP address is detected, it is processed differently than a URL.
3. DNS Lookup: If the input is a URL, the workflow performs a DNS lookup to resolve the domain to an IP address.
4. VirusTotal Scan: The workflow initiates a scan of the provided URL or IP address using the VirusTotal API, checking for potential threats.
5. Greynoise Checks: Simultaneously, it queries the Greynoise API to gather contextual information about the IP address, assessing its threat level.
6. Result Merging: The results from VirusTotal and Greynoise are merged based on the IP address to provide a comprehensive threat report.
7. Conditional Checks: The workflow includes conditional checks to handle cases where the VirusTotal scan is still in progress, implementing wait times as necessary.
8. Reporting: Once results are ready, the workflow sends detailed reports via Slack and email to the designated recipients, summarizing findings and classifications.