This workflow template, "Group IoCs From Text Input," enables organizations to streamline their cybersecurity processes by analyzing and categorizing various indicators of compromise (IoCs) from a text input. It accurately extracts and groups different IoCs, like MD5, SHA1, SHA256 hashes, URLs, domains, and both IPv4 and IPv6 addresses, ensuring that each list is free of duplicate entries. Ideal for Threat Intelligence Enrichment, this workflow aids in identifying potential security threats, enabling quick and efficient response to cyber incidents.
Use Cases
Example, Threat Intelligence Enrichment
Workflow Breakdown
Takes any text, can be a list of IoCs or any website that you need to crawl and extract IoCs
Extracts MD5, SHA1, SHA256, URLs, Domaiins, IPv4 and IPv6 adresses
Makes sure all the items in each list is unique
Vendors
Utils
Workflow Output
Count and list of the founded items
Tips
Look for fresh IoCs parsing known phishing sites or research sites.","Group by item a random list of IoCs