Extract Domains from Text

LAST UPDATED: AUG 07, 2024

Extracts all domains from the input Text. This command may extract false positives. Use the Extensions parameter to filter out extensions that are false positives.

Implementation	Python
Command Category	Cyber Utility
Tags	CONDITIOIN ARTIFACT DOMAIN

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Text Input	Required	The text to extract Domains from	CODE `MIME-Version: 1 Date: Wed, 27 May 2020 21:45:53 -0700 Subject: Welcome to use SOAR30 From: J Zhan jzhan@d3security.com To: J Zhan zhan@d3security.com Hi All, Welcome to use D3 SOAR30. Thank you. D3 Security`
Extensions	Required	List of extensions to exclude from the domain search. Extensions already included: .txt, .sql, .ps1, .pdf, .jpg, .png, .gif, .heif, .heic, .jpeg, .psd, .svg, .tif, .doc, .docx, .ppt, .pptx, .xls, .xlsx, .mp3, .wav, .mp4, .mov, .dll, .ini, .zip, .rar, .bat, .exe, .html, .css	CODE `[ ".js", ".py" ]`

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON

{
    "Status": "Successful",
    "Data": [
        "d3security.com"
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE

https:/{base_url}/{api_namespace}/api/Command/ExtractDomainFromContent

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Text Input": <Text Input here>,
    "Extensions": [
      <Extension 1 here>,
      <Extension 2 here>
    ]
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`string`	Required	The username of your D3 SOAR account.
Site	`string`	Required	The D3 SOAR site to run the remote command.
Text Input	`string`	Required	The text to extract Domains from
Extensions	`array<string>`	Required	List of extensions to exclude from the domain search. Extensions already included: .txt, .sql, .ps1, .pdf, .jpg, .png, .gif, .heif, .heic, .jpeg, .psd, .svg, .tif, .doc, .docx, .ppt, .pptx, .xls, .xlsx, .mp3, .wav, .mp4, .mov, .dll, .ini, .zip, .rar, .bat, .exe, .html, .css

Sample Request

SAMPLE DATA

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Text Input": "MIME-Version: 1\r\nDate: Wed, 27 May 2020 21:45:53 -0700\r\nSubject: Welcome to use SOAR30\r\nFrom: J Zhan jzhan@d3security.com\r\nTo: J Zhan zhan@d3security.com\r\nHi All,\r\nWelcome to use D3 SOAR30.\r\nThank you.\r\nD3 Security\r\n",
    "Extensions": [
      ".js",
      ".py"
    ]
  }
}

Response

Response Fields

Field Name	Type	Description
error	`string`	The error message if the API request has failed.
returnData	`JSON Object`	The return data from the API request.

Sample Response

JSON

{
    "error": "",
    "returnData": {
        "Status": "Successful",
        "Data": [
            "d3security.com"
        ]
    }
}