Skip to main content
Extraction Utilities

Explore the extraction utility steps in Torq.

Updated over a week ago

Use these utility steps to extract information. See below for examples of each step's input and output.

Check if IP Address is Private

Check if the given IP address is private.

Input

8.8.8.8

Output

  "api_object": {
"is_private": "False",
"network_address": "8.8.8.8/32",
"version": "4"

Extract all CVEs

Returns all of the CVEs extracted from the given text.

Input

A text potentially containing one or more CVEs, like CVE-1999-0001 or CVE-2022-32768.

Output

  "results": [
"CVE-1999-0001",
"CVE-2022-32768"
]

Extract all domains

Returns a list of all domains (including, but not limited to, FQDNs) extracted from the given text.

Input

A text potentially containing one or more domain names, like en.wikipedia.com and torq.io.

Output

  "results": [
"en.wikipedia.com",
"torq.io"
]

Extract all email addresses

Returns a list of all email addresses extracted from the given text.

Input

A text potentially containing one or more email addresses, like mary@gmail.com and tom@hey.com.

Output

  "results": [
"mary@gmail.com",
"tom@hey.com"
]

Extract all IPv4 addresses

Returns a list of all IPv4 addresses extracted from the given text.

Input

A text potentially containing one or more IPv4 addresses, like 127.0.0.1 and 10.0.3.11.

Output

  "results": [
"127.0.0.1",
"10.0.3.11"
]

Extract all IPv6 addresses

Returns a list of all extracted IPv6 addresses from the given text.

Input

A text potentially containing one or more IPv6 addresses, like 2001:0db8:85a3:0000:0000:8a2e:0370:7334 and fe80:3::1ff:fe23:4567:890a.

Output

  "results": [
"2001:0db8:85a3:0000:0000:8a2e:0370:7334",
"fe80:3::1ff:fe23:4567:890a"
]

Extract all MD5 hashes

Returns a list of all MD5 hashes extracted from the given text.

Input

A text potentially containing one or more MD5 hashes, like 99b6814ccfb074ad6acb28ae47e5db1a and 77fe4f88c159068eced74629bbfef099.

Output

  "results": [
"99b6814ccfb074ad6acb28ae47e5db1a",
"77fe4f88c159068eced74629bbfef099"
]

Extract all SHA1 hashes

Returns a list of all extracted SHA1 hashes from the given text.

Input

A text potentially containing one or more SHA1 hashes, like 1c5007684acc8f01285dd51cd05136c00b257329 and a4f82a0285ca3ed87162069244fc1618f7046513.

Output

  "results": [
"1c5007684acc8f01285dd51cd05136c00b257329",
"a4f82a0285ca3ed87162069244fc1618f7046513"
]

Extract all SHA256 hashes

Returns a list of all extracted SHA256 hashes extracted from the given text.

Input

A text potentially containing one or more SHA256 hashes, like 4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877 and ed2456914e48c1e17b7bd922177291ef8b7f553edf1b1f66b6fc1a076524b22f.

Output

 "results": [
"4bac27393bdd9777ce02453256c5577cd02275510b2227f473d03f533924f877",
"ed2456914e48c1e17b7bd922177291ef8b7f553edf1b1f66b6fc1a076524b22f"
]

Extract all URLs

Returns a list of all URLs extracted from the given text. Only URLs which start with 'http://', 'https://' or 'www' are returned by default.

Input

A text potentially containing one or more URL addresses, like https://google.com and https://facebook.com.

Output

  "results": [
"https://google.com",
"https://facebook.com"
]

Extract all using a regex group

Returns a list of all expressions that match the given regex pattern, returning the match and groups.

Input

https://example.com/some_file.txt

Regex

mary([a-zA-Z0-9]*)@([a-zA-Z0-9]*).com


Extract all using a regex pattern

Returns a list of all expressions that match the given regex pattern.

Input

https://example.com/some_file.txt

Regex

mary.*@.*.com


Extract domain from email

Extracts domain from an email address.

Input

mary@gmail.com

Output

gmail.com

Extract First CVE

Returns the first CVE extracted from the given text.

Input

A text potentially containing one or more CVEs, like CVE-1999-0001 or CVE-2022-32768.

Output

  "result": "CVE-1999-0001"

Extract first domain

Returns the first domain (including, but not limited to, FQDNs) extracted from the given text.

Input

A text potentially containing one or more domain names, like en.wikipedia.com and torq.io.

Output

  "result": "en.wikipedia.com"

Extract first email

Returns the first email address extracted from the given text.

Input

A text potentially containing one or more email addresses, like mary@gmail.com and tom@hey.com.

Output

  "result": "mary@gmail.com"

Extract first expression

Returns the first expression that matches the given regex pattern.


Extract IOCs

Extract IOCs from a given input.

A text potentially containing one or more IOCs.


Extract the domain from a URL

Returns the domain extracted from the given URL.

Input

http://www.this.is.a.url.com

Output

this.is.a.url.com

Extract the first IPv4 address

Returns the first IPv4 address extracted from the given text.

Input

A text potentially containing one or more IPv4 addresses, like 127.0.0.1 and 10.0.3.11.

Extract the first IPv6 address

Returns the first IPv6 address extracted from the given text.

Input

A text potentially containing one or more IPv6 addresses, like 2001:0db8:85a3:0000:0000:8a2e:0370:7334 and fe80:3::1ff:fe23:4567:890a.

Output

  "result": "2001:0db8:85a3:0000:0000:8a2e:0370:7334"

Extract the first MD5 hash

Returns the first MD5 hash extracted from the given text.

Input

A text potentially containing one or more MD5 hashes, like 99b6814ccfb074ad6acb28ae47e5db1a and 77fe4f88c159068eced74629bbfef099.

Output

  "result": "99b6814ccfb074ad6acb28ae47e5db1a"

Extract the first SHA1 hash

Returns the first SHA1 hash extracted from the given text.

Input

A text potentially containing one or more SHA1 hashes, like 1c5007684acc8f01285dd51cd05136c00b257329 and a4f82a0285ca3ed87162069244fc1618f7046513.

Output

  "result": "1c5007684acc8f01285dd51cd05136c00b257329"

Extract the first URL

Returns the first URL extracted from the given text.

Input

A text potentially containing one or more URL addresses, like https://google.com and https://facebook.com.

Output

  "result": "https://google.com"

Extract URL parts

Extracts the parts of a URL address

Input

https://linkprotect.cudasvc.com/url?a=https%3A%2F%2Fpressetunisie-1316850103.cos.ap-chongqing.myqcloud.com%2Fpressetunisie.html&c=E,1,XIgB83y2NPwfKHSIr6j2_O8VyZ_CqeEi1q-K84aHVWE-XIHK_NdnRs1bkGCuaLi3nsIYk6nbnqN3PXAOJ2zYJ1i-lwlmvAiJNnHq78Z_Bg,,&typo=1

Output

"result": {
"firstLevelDomain": "cudasvc.com",
"fragments": "",
"fullyQualifiedDomain": "linkprotect.cudasvc.com",
"host": "linkprotect.cudasvc.com",
"password": "",
"path": "/url",
"port": "",
"queryParameters": {
"a": "https://pressetunisie-1316850103.cos.ap-chongqing.myqcloud.com/pressetunisie.html",
"c": "E,1,XIgB83y2NPwfKHSIr6j2_O8VyZ_CqeEi1q-K84aHVWE-XIHK_NdnRs1bkGCuaLi3nsIYk6nbnqN3PXAOJ2zYJ1i-lwlmvAiJNnHq78Z_Bg,,",
"typo": "1"
},
"scheme": "https",
"username": ""
}

Flatten JSON Object

Given a JSON object (e.g., record or list of records) and field names, this step extracts a list of all inner-most values for the provided field names. If no field names are provided, the entire object will be flattened, and the names of the new keys will match the JSON paths of each of the object's values.

Input

[
{
"name": "John Doe",
"age": 37,
"mother": {
"name": "Jennifer Eod",
"age": 73,
"mother": {
"name": "Nature",
"age": -1
}
}
},
{
"name": "Jane Doe",
"age": 92,
"mother": {
"name": "Lilly McDonald",
"age": 125
}
}
]

Output

{
"result": {
"0.age": 37,
"0.mother.age": 73,
"0.mother.mother.age": -1,
"0.mother.mother.name": "Nature",
"0.mother.name": "Jennifer Eod",
"0.name": "John Doe",
"1.age": 92,
"1.mother.age": 125,
"1.mother.name": "Lilly McDonald",
"1.name": "Jane Doe"
}
Did this answer your question?