Skip to main content

Cyware Orchestrate

urlscan.io 2.0.0

App Vendor: urlscan.io

App Category: Data Enrichment & Threat Intelligence | Forensic and Malware Analysis

Connector Version: 2.3.0

API Version: 1.0.0

About App

The urlscan.io allows security teams to integrate with the urlscan.io application. urlscan.io is a free service that scans and analyzes websites. When you submit a URL to urlscan.io, an automated process will browse to the URL like a regular user and record the activity the page navigation creates. It includes domains and IPs contacted, resources like JavaScript and CSS requested from those domains, and additional information about the page.

The urlscan.io app is configured with the Orchestrate to perform the following actions:

Action Name

Description

Get Scan Result

This action fetches the result of a scan.

Search Scans

This action performs a global query search.

Submit URL for Scan

This action submits a fully qualified domain name (FQDN) or URL for scanning.

Generic Action

This is a generic action used to make requests to any urlscan.io endpoint.

Configuration Parameters

The following configuration parameters are required for the urlscan.io app to communicate with the urlscan.io enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

API Key

Enter the API key.

Password

Required

Base URL

Enter the base URL to access urlscan.io API.

Example:

https://urlscan.io/api

Text

Optional

Default value:

https://urlscan.io/api

Timeout

Enter the timeout value in seconds. This is the number of seconds requests will wait to connect to urlscan.io and read the response.

Integer

Optional

Allowed range:

15-120

Default value:

15

Verify

Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is enabled.

API Version

Enter the API version of urlscan.io API.

Example:

v1

Text

Optional

Default value:

v1

Action: Get Scan Result

This action fetches the result of a scan.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Scan ID

Enter the scan ID to retrieve the scan result.

Example:

b4f777bd-4910-4e15-ae51-3e2b3c55bacb

Text

Required

Retry Count

Enter the number of retry attempts.

Integer

Optional

Maximum allowed value:

15

Default value:

3

Retry Interval

Enter the wait time (in seconds) between retries.

Integer

Optional

Maximum allowed value:

20

Default value:

2

Example Request

[
  {
    "scan_id": "b4f777bd-4910-4e15-ae51-3e2b3c55bacb"
  }
]
Action: Search Scans

This action searches for scans in the urlscan.io application.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Query String 

Enter the query string to search for scans.

Text

Optional

Default value:

*

Size 

Enter the number of results to retrieve.

Example:

50

Integer

Optional

Default value:

100

The maximum allowed value depends on your subscription.

Search After 

Enter the value of the sort parameter from the last result to retrieve the next batch of results.

Text

Optional

Sorting 

Enter the sort value specified through $sort_field or $sort_order.

Text

Optional

Default value:

None

Example Request 

[
  {
    "query_string": "*",
    "size": 50,
    "sorting": "_score"
  }
]
Action: Submit URL for Scan

This action submits a fully qualified domain name (fqdn) or URL for scanning.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

FQDN

Enter the fully qualified domain name (fqdn) or URL.

Example:

"https://cyware.com/support/tool-integrations"

Text

Required

Scan Type

Enter the scan type.

Example:

"unlisted"

Text

Optional

Allowed values:

  • public

  • unlisted

  • private

Extra Params

Enter the extra parameters.

Key-Value

Optional

Allowed values:

  • tags - User-defined comma-separated tags to annotate this scan. Example: "phishing" or "malicious (maximum value of 10).

  • referer - Override HTTP referer for this scan.

  • customagent - Override user-agent for this scan

Example Request

[
  {
    "fqdn": "https://cyware.com/support/tool-integrations",
    "params": {},
    "scan_type": "unlisted"
  }
]
Action: Generic Action

This is a generic action used to make requests to any urlscan.io endpoint.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Method

Enter the HTTP method to make the request.

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request to.

Example:

/scan

Text

Required

Query Params

Enter the query parameters to pass to the API.

Key Value

Optional

Payload

Enter the payload to pass to the API.

Any

Optional

Extra Fields

Enter the extra fields to pass to the API.

Key Value

Optional

Allowed keys:

payload_json, download, files, filename, retry_wait, retry_count, custom_output, response_type

Example Request

[
  {
    "method": "GET",
    "endpoint": "search",
    "extra_fields": {},
    "query_params": {
      "q": "domain:urlscan.io",
      "size": "100"
    }
  }
]