The "Extract Multiple Observables" workflow template is designed to streamline threat intelligence and threat hunting processes by extracting various observables from raw text inputs. It identifies and categorizes data such as file hashes, IP addresses, email addresses, hostnames, URLs, and CVEs. This workflow enhances data analysis by verifying domain TLDs against the IANA list and offers flexible output options, making it a valuable tool for enriching threat intelligence and supporting incident response activities.
Optional Triggers
["This workflow is intended to be used as a nested function."]
Use Cases
Function , Threat Hunting , Threat Intelligence Enrichment
Workflow Breakdown
Receives Raw Text as input
Applies multiple Regex to a single text, extracts and groups the results.
Verifies TLDs against IANA TLD official list.
Identify Observable types and subtypes as used in Torq Cases.
Vendors
Scripting
Workflow Output
List of observables sorted or grouped, by type and subtype.
Tips
Set Group Output to True to consolidate all observables or set it to False for a detailed, expanded output.