This Torq workflow template, *AlienVault URL Enrichment with Cache*, automates the process of analyzing and enriching URLs with threat intelligence. It queries AlienVault's General and URL List for details and cross-references findings against a cache to avoid duplicative lookups. The workflow provides actionable insights by identifying potential malicious findings, malware families, and Mitre Attack TTPs. Businesses can leverage this for enhancing security operations and threat intelligence enrichment, ensuring quick identification and response to URL-based threats.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide URL and integration information to the nested workflow
Check if the URL has been enriched and is found in the cache, if found return results.
Query AlienVault for the URL in the General and URL List information
Parse the analysis for malicious findings, malware families and Mitre Attack TTPs
Return the information to the parent workflow
Vendors
Utils, AlienVault OTX, Torq
Workflow Output
Analysis information from AlienVault for the URL