urlscan.io 2.0.0
App Vendor: urlscan.io
App Category: Data Enrichment & Threat Intelligence | Forensic and Malware Analysis
Connector Version: 2.3.0
API Version: 1.0.0
About App
The urlscan.io allows security teams to integrate with the urlscan.io application. urlscan.io is a free service that scans and analyzes websites. When you submit a URL to urlscan.io, an automated process will browse to the URL like a regular user and record the activity the page navigation creates. It includes domains and IPs contacted, resources like JavaScript and CSS requested from those domains, and additional information about the page.
The urlscan.io app is configured with the Orchestrate to perform the following actions:
Action Name | Description |
---|---|
Get Scan Result | This action fetches the result of a scan. |
Search Scans | This action performs a global query search. |
Submit URL for Scan | This action submits a fully qualified domain name (FQDN) or URL for scanning. |
Generic Action | This is a generic action used to make requests to any urlscan.io endpoint. |
Configuration Parameters
The following configuration parameters are required for the urlscan.io app to communicate with the urlscan.io enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
API Key | Enter the API key. | Password | Required | |
Base URL | Enter the base URL to access urlscan.io API. Example: https://urlscan.io/api | Text | Optional | Default value: https://urlscan.io/api |
Timeout | Enter the timeout value in seconds. This is the number of seconds requests will wait to connect to urlscan.io and read the response. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
API Version | Enter the API version of urlscan.io API. Example: v1 | Text | Optional | Default value: v1 |
Action: Get Scan Result
This action fetches the result of a scan.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Scan ID | Enter the scan ID to retrieve the scan result. Example: b4f777bd-4910-4e15-ae51-3e2b3c55bacb | Text | Required | |
Retry Count | Enter the number of retry attempts. | Integer | Optional | Maximum allowed value: 15 Default value: 3 |
Retry Interval | Enter the wait time (in seconds) between retries. | Integer | Optional | Maximum allowed value: 20 Default value: 2 |
Example Request
[ { "scan_id": "b4f777bd-4910-4e15-ae51-3e2b3c55bacb" } ]
Action: Search Scans
This action searches for scans in the urlscan.io application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query String | Enter the query string to search for scans. | Text | Optional | Default value: * |
Size | Enter the number of results to retrieve. Example: 50 | Integer | Optional | Default value: 100 The maximum allowed value depends on your subscription. |
Search After | Enter the value of the sort parameter from the last result to retrieve the next batch of results. | Text | Optional | |
Sorting | Enter the sort value specified through $sort_field or $sort_order. | Text | Optional | Default value: None |
Example Request
[ { "query_string": "*", "size": 50, "sorting": "_score" } ]
Action: Submit URL for Scan
This action submits a fully qualified domain name (fqdn) or URL for scanning.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
FQDN | Enter the fully qualified domain name (fqdn) or URL. Example: "https://cyware.com/support/tool-integrations" | Text | Required | |
Scan Type | Enter the scan type. Example: "unlisted" | Text | Optional | Allowed values:
|
Extra Params | Enter the extra parameters. | Key-Value | Optional | Allowed values:
|
Example Request
[ { "fqdn": "https://cyware.com/support/tool-integrations", "params": {}, "scan_type": "unlisted" } ]
Action: Generic Action
This is a generic action used to make requests to any urlscan.io endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request to. Example: /scan | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, download, files, filename, retry_wait, retry_count, custom_output, response_type |
Example Request
[ { "method": "GET", "endpoint": "search", "extra_fields": {}, "query_params": { "q": "domain:urlscan.io", "size": "100" } } ]