URLhaus
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 2.0.0 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-09-29 |
| Solution Folder | URLhaus |
| Marketplace | Azure Marketplace · Popularity: 🟡 Low (43%) |
The URLhaus solution for Microsoft Sentinel allows enriching incidents with additional information about file hashes, Hostname and URL using feeds and lists from URLhaus.Beside the APIs documented on URLhaus that serves various feeds and lists, abuse.ch also offers a dedicated API that allows to gather information on a specific URL, file hash or host from URLhaus through an automated way. It is also possible to retrieve a payload (malware sample) URLhaus has collected from malware URLs it tracks.
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Content Items
This solution includes 3 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 3 |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| URLhaus-CheckHashAndEnrichIncident | Once a new Microsoft Sentinel incident is created, this playbook gets triggered and performs the fol... | - |
| URLhaus-CheckHostAndEnrichIncident | Once a new Microsoft Sentinel incident is created, this playbook gets triggered and performs the fol... | - |
| URLhaus-CheckURLAndEnrichIncident | Once a new Microsoft Sentinel incident is created, this playbook gets triggered and performs the fol... | - |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊