Malware Domain List

Integration version: 8.0

Configure Malware Domain List integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Check URL

Description

This action fetches a URL and searches for it in the Malware Domain List. database.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the URL entity.

Action Results

Entity Enrichment

Enrichment Field Name	Logic-When to apply
Domain	Returns if it exists in JSON result
Description	Returns if it exists in JSON result
IP	Returns if it exists in JSON result
Country	Returns if it exists in JSON result
Reverse Lookup	Returns if it exists in JSON result
Data (UTC)	Returns if it exists in JSON result

Insights

N/A

Script Result

Script Result Name	Value Options	Example
results_count	True/False	results_count:False

JSON Result

[{
   "EntityResult":
    [{
       "Domain": "dieutribenhkhop.com/parking/",
       "Description": "Ransom, Fake.PCN, Malspam",
       "IP": "1.1.1.1",
       "Country": "DE",
       "Reverse Lookup": "125.0-1.1.1.1.in-addr.arpa.",
       "Date (UTC)": "2017/03/20_10:13"
     },
    {
       "Domain": "dieutribenhkhop.com/parking/pay/rd.php?id=10",
       "Description": "Ransom, Fake.PCN, Malspam",
       "IP": "1.1.1.1",
       "Country": "DE",
       "Reverse Lookup": "125.0-1.1.1.1.in-addr.arpa.",
       "Date (UTC)": "2017/03/20_10:13"
    }],
   "Entity": "dieutribenhkhop.com"
}]

Ping

Description

Test Connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

N/A