Skip to main content

Extract Multiple Observables - Workflow Template

Extracts different types of observables such as File Hashes, IP Addresses, IP Range, Email Addresses, Filenames, Hostnames, URLs, and CVEs.

Updated over 2 weeks ago

Enhance your threat hunting and intelligence enrichment capabilities with the "Extract Multiple Observables" workflow. This workflow accepts raw text input and utilizes powerful Regex patterns to extract a range of observables, including file hashes, IP addresses, IP ranges, email addresses, filenames, hostnames, URLs, and CVE identifiers. For added reliability, it checks domain TLDs using IANA's official list. The output is neatly organized by type and subtype, optimizing integration with Torq Cases for comprehensive security analysis.

Optional Triggers

["This workflow is intended to be used as a nested function."]

Use Cases

Function , Threat Hunting , Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives Raw Text as input

  2. Applies multiple Regex to a single text, extracts and groups the results.

  3. Verifies TLDs against IANA TLD official list.

  4. Identify Observable types and subtypes as used in Torq Cases.

Vendors

Scripting

Workflow Output

List of observables sorted or grouped, by type and subtype.

Tips

  • Set Group Output to True to consolidate all observables or set it to False for a detailed, expanded output.

Did this answer your question?