This workflow template "Retrieve and Normalize data on a Domain" is designed to streamline threat intelligence processes by automatically aggregating and normalizing threat data for a given domain. Triggerable by events or webhooks, the workflow pulls information from multiple enabled threat intel sources, like AlienVault OTX, Recorded Future, Shodan, and VirusTotal. It delivers a comprehensive report with details from each source and a normalized domain threat score, aiding businesses in risk assessment and cyber defense initiatives.
Optional Triggers
Webhook,Slack,"Microsoft Teams"
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Receive a domain as an event from a parent workflow or other trigger
Loop through the threat intel sources that are set to true/enabled
Aggregate information that is found on each source
Provide detailed findings and normalized score on the exit of the workflow
Vendors
Utils, VirusTotal, Shodan, AlienVault OTX, Recorded Future
Workflow Output
Detailed findings of the threat data for the domain
Tips
Enable the threat sources by setting the source to true in the step \"Threat Intel Sources to Use\"","Use the workflow as a nested workflow to simplify threat lookups for domains