Skip to main content

Workflow Template: Analyze URL with HyperAgent

HyperAgent scans suspicious URLs for phishing: decodes, defangs, checks infrastructure, inspects content, scores risk with OCSF output.

Updated over 3 weeks ago

The "Analyze URL with HyperAgent" workflow template is designed for threat hunting and threat intelligence enrichment by analyzing suspicious URLs for phishing indicators. It employs a comprehensive 6-phase analysis protocol, including URL decoding, defanging, connectivity testing, content inspection, and risk scoring using the OCSF framework. The workflow outputs an OCSF-formatted JSON object and a detailed HTML report, providing actionable insights into potential phishing threats.

Take Me to the Template

Optional Triggers

["Workflow can be initiated from an 'Observable Created' trigger."]

Use Cases

Threat Hunting , Threat Intelligence Enrichment

Workflow Breakdown

  1. HyperAgent enriches URLs through a 6-phase analysis protocol, detecting phishing indicators and delivering an OCSF risk score.

  2. Renders a self-contained HTML phishing analysis report embedding the full analysis data and screenshot.

Vendors

Utils

Workflow Output

OCSF-formatted enrichment as a JSON object and URL of the rendered HTML report.

Tips

Related Articles
Workflow Template: Scan URLs with VirusTotal and Provide Summary Verdict
Workflow Template: URLScan URL Enrichment with Cache
Workflow Template: Analyze URLs and Files in Recorded Future Sandbox
Workflow Template: Scan URLs with URLScan and Provide a Summary
Workflow Template: Decode Safe Links
Did this answer your question?