Skip to main content
All CollectionsTemplatesBasic
Retrieve and Normalize data on a Domain - Workflow Template
Retrieve and Normalize data on a Domain - Workflow Template

Workflow to lookup threat intelligence data from a number of sources and aggregate domain and threat data, normalize a score for a domain

Updated over 6 months ago

This workflow template "Retrieve and Normalize data on a Domain" is designed to streamline threat intelligence processes by automatically aggregating and normalizing threat data for a given domain. Triggerable by events or webhooks, the workflow pulls information from multiple enabled threat intel sources, like AlienVault OTX, Recorded Future, Shodan, and VirusTotal. It delivers a comprehensive report with details from each source and a normalized domain threat score, aiding businesses in risk assessment and cyber defense initiatives.

Optional Triggers

Webhook,Slack,"Microsoft Teams"

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Receive a domain as an event from a parent workflow or other trigger

  2. Loop through the threat intel sources that are set to true/enabled

  3. Aggregate information that is found on each source

  4. Provide detailed findings and normalized score on the exit of the workflow

Vendors

Utils, VirusTotal, Shodan, AlienVault OTX, Recorded Future

Workflow Output

Detailed findings of the threat data for the domain

Tips

Enable the threat sources by setting the source to true in the step \"Threat Intel Sources to Use\"","Use the workflow as a nested workflow to simplify threat lookups for domains

Did this answer your question?