Analyze Domain
Analyze a domain using AlienVault OTX (Open Threat Exchange) to gather threat intelligence and general information associated with the specified domain.
For more information on the API for analyzing a domain, see AlienVault OTX Documentation (opens in a new tab).
SDK Import:
from admyral.actions import alienvault_otx_analyze_domainArguments:
| Argument Name | Description | Required |
|---|---|---|
Domain domain | The domain to analyze (e.g., example.com). | Yes |
Returns
A JSON object.
Required Secrets
| Secret Placeholder | Description |
|---|---|
ALIENVAULT_OTX_SECRET | AlienVault OTX secret. See AlienVault OTX setup |
SDK Example
analysis_result = alienvault_otx_analyze_domain(
domain="google.com",
secrets={
"ALIENVAULT_OTX_SECRET": "my_stored_alienvault_secret"
}
)Example Output:
{
"indicator": "example.com",
"pulse_info": {
"count": 5,
"pulses": [
{
"id": "12345",
"name": "Malicious Domain Activity",
"created": "2024-01-15T12:34:56Z",
"tags": ["malware", "phishing"],
"references": [
"https://example.com/report",
"https://another-report.com"
]
}
]
},
"base_indicator": {
"country": "US",
"city": "San Francisco",
"latitude": 37.7749,
"longitude": -122.4194
},
"whois": {
"registrar": "GoDaddy",
"creation_date": "2010-04-01T12:00:00Z",
"expiration_date": "2025-04-01T12:00:00Z",
"contact_email": "admin@example.com"
},
"malware": {
"count": 3,
"results": [
{
"file": "suspicious.exe",
"hash": "abc123",
"first_seen": "2024-02-01T10:00:00Z",
"last_seen": "2024-03-01T10:00:00Z"
}
]
}
}