Skip to main content

Extract Multiple Observables - Workflow Template

Extracts different types of observables such as File Hashes, IP Addresses, IP Range, Email Addresses, Filenames, Hostnames, URLs, and CVEs.

Updated this week

The "Extract Multiple Observables" workflow template automates the extraction and categorization of multiple types of cyber observables from raw text input. Utilizing advanced Regex patterns, it identifies and groups file hashes, IP addresses, ranges, email addresses, hostnames, URLs, and CVE identifiers, enhancing clarity in threat intelligence and threat hunting operations. For improved accuracy, it also validates top-level domains against the official IANA list. Outputs can be configured as consolidated lists by observable type or as detailed, individual entries, tailored for integration into Torq cases.

Optional Triggers

["This workflow is intended to be used as a nested function."]

Use Cases

Function , Threat Hunting , Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives Raw Text as input

  2. Applies multiple Regex to a single text, extracts and groups the results.

  3. Verifies TLDs against IANA TLD official list.

  4. Identify Observable types and subtypes as used in Torq Cases.

Vendors

Scripting

Workflow Output

List of observables sorted or grouped, by type and subtype.

Tips

  • Set Group Output to True to consolidate all observables or set it to False for a detailed, expanded output.

Did this answer your question?