samples
turbot/flowpipe-samples/domains-review-through-multiple-sources
Get Involved
Version
License
Analyze Domains Through Multiple Sources
Investigate suspicious domains and identify false positives by leveraging threat intelligence tools, including URLhaus, VirusTotal, and URLScan, to gather more context and respond faster.
Installation
Download and install Flowpipe (https://flowpipe.io/downloads). Or use Brew:
brew tap turbot/tapbrew install flowpipe
Clone:
git clone https://github.com/turbot/flowpipe-samples.gitcd security/domains_review_through_multiple_sources
flowpipe mod install
Credentials
By default, the following environment variables will be used for authentication:
VTCLI_APIKEY
URLSCAN_API_KEY
IP2LOCATIONIO_API_KEY
You can also create credential
resources in configuration files:
vi creds.fpc
credential "virustotal" "my_virustotal" { api_key = "AG.U7..."}
credential "urlscan" "my_urlscan" { api_key = "AKIA...2"}
credential "ip2locationio" "my_ip2locationio" { token = "00B630jSCGU4jV4o5Yh4KQMAdqizwE2OgVcS7N9UHb"}
For more information on credentials in Flowpipe, please see Managing Credentials.
Usage
Run the pipeline to analyze domains through multiple sources:
flowpipe pipeline run domains_review_through_multiple_sources --arg 'domain=example.com'
Configuration
To avoid entering variable values when running the pipeline or starting the server, you can set variable values:
cp flowpipe.fpvars.example flowpipe.fpvarsvi flowpipe.fpvars
# Requiredapivoid_api_key="Your_APIVoid_API_Key"