Skip to main content
Skip table of contents

Extract Domains from Text

Extracts all domains from the input Text. This command may extract false positives. Use the Extensions parameter to filter out extensions that are false positives.

Implementation

Python

Command Category

Cyber Utility

Tags

CONDITIOIN ARTIFACT DOMAIN

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Text Input

Optional

The text to extract Domains from

MIME-Version: 1

Date: Wed, 27 May 2020 21:45:53 -0700

Subject: Welcome to use SOAR30

From: J Zhan jzhan@d3security.com

To: J Zhan zhan@d3security.com

Hi All,

Welcome to use D3 SOAR30.

Thank you.

D3 Security

Extensions

Optional

List of extensions to exclude from the domain search. Extensions already included: .txt, .sql, .ps1, .pdf, .jpg, .png, .gif, .heif, .heic, .jpeg, .psd, .svg, .tif, .doc, .docx, .ppt, .pptx, .xls, .xlsx, .mp3, .wav, .mp4, .mov, .dll, .ini, .zip, .rar, .bat, .exe, .html, .css

[

".js",

".py"

]

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON 
{
    "Status": "Successful",
    "Data": [
        "d3security.com"
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE 
https:/{base_url}/{api_namespace}/api/Command/ExtractDomainFromContent

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON 
{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Text Input": <Text Input here>,
    "Extensions": [
      <Extension 1 here>,
      <Extension 2 here>
    ]
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

String

Required

The username of your D3 SOAR account.

Site

String

Required

The D3 SOAR site to run the remote command.

Text Input

Text

Optional

The text to extract Domains from

Extensions

Text Array

Optional

List of extensions to exclude from the domain search. Extensions already included: .txt, .sql, .ps1, .pdf, .jpg, .png, .gif, .heif, .heic, .jpeg, .psd, .svg, .tif, .doc, .docx, .ppt, .pptx, .xls, .xlsx, .mp3, .wav, .mp4, .mov, .dll, .ini, .zip, .rar, .bat, .exe, .html, .css

Sample Request

SAMPLE DATA

JSON 
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Text Input": "MIME-Version: 1\r\nDate: Wed, 27 May 2020 21:45:53 -0700\r\nSubject: Welcome to use SOAR30\r\nFrom: J Zhan jzhan@d3security.com\r\nTo: J Zhan zhan@d3security.com\r\nHi All,\r\nWelcome to use D3 SOAR30.\r\nThank you.\r\nD3 Security\r\n",
    "Extensions": [
      ".js",
      ".py"
    ]
  }
}

Response

Response Fields

Field Name

Type

Description

error

Text

The error message if the API request has failed.

returnData

JSON Object

The return data from the API request.

Sample Response

JSON 
{
    "error": "",
    "returnData": {
        "Status": "Successful",
        "Data": [
            "d3security.com"
        ]
    }
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close