This Torq workflow template, "Extract Multiple Observables," is designed for efficiently processing raw text to identify and extract various types of cybersecurity-related observables including File Hashes, IP Addresses, Ranges, Email Addresses, Filenames, Hostnames, URLs, and CVEs. It applies multiple Regex patterns, verifies TLDs against the official IANA list, and identifies observables for use in Torq Cases. Ideal for functions such as Threat Hunting and Threat Intelligence Enrichment, the workflow offers configurable output, enabling grouped or detailed views of extracted data.
Optional Triggers
["This workflow is intended to be used as a nested function."]
Use Cases
Function , Threat Hunting , Threat Intelligence Enrichment
Workflow Breakdown
Receives Raw Text as input
Applies multiple Regex to a single text, extracts and groups the results.
Verifies TLDs against IANA TLD official list.
Identify Observable types and subtypes as used in Torq Cases.
Vendors
Scripting
Workflow Output
List of observables sorted or grouped, by type and subtype.
Tips
Set Group Output to True to consolidate all observables or set it to False for a detailed, expanded output.