The "Extract Multiple Observables" workflow template automates the extraction and categorization of multiple types of cyber observables from raw text input. Utilizing advanced Regex patterns, it identifies and groups file hashes, IP addresses, ranges, email addresses, hostnames, URLs, and CVE identifiers, enhancing clarity in threat intelligence and threat hunting operations. For improved accuracy, it also validates top-level domains against the official IANA list. Outputs can be configured as consolidated lists by observable type or as detailed, individual entries, tailored for integration into Torq cases.
Optional Triggers
["This workflow is intended to be used as a nested function."]
Use Cases
Function , Threat Hunting , Threat Intelligence Enrichment
Workflow Breakdown
Receives Raw Text as input
Applies multiple Regex to a single text, extracts and groups the results.
Verifies TLDs against IANA TLD official list.
Identify Observable types and subtypes as used in Torq Cases.
Vendors
Scripting
Workflow Output
List of observables sorted or grouped, by type and subtype.
Tips
Set Group Output to True to consolidate all observables or set it to False for a detailed, expanded output.