Get Artifact From Json Array
Extract Artifacts(ip, url, domain, email, hash, etc) from JSON Array.
Implementation | Python |
Command Category | Cyber Utility |
Tags | ARITIFACT |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Type | Optional | Artifact Type (Text Array) - This is the artifact type the user wants to extract (e.g., IP, URL, domain, email, hash). If the user does not enter a type, the command will extract all five kinds of artifacts by default. |
CODE
|
Input Array | Required | JSON Array -- This is the actual data to be searched |
CODE
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetArtifactFromJsonArray
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Type": <Type here>,
"Input Array": <Input Array here>
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Type |
| Optional | Artifact Type (Text Array) - This is the artifact type the user wants to extract (e.g., IP, URL, domain, email, hash). If the user does not enter a type, the command will extract all five kinds of artifacts by default. |
Input Array |
| Required | JSON Array -- This is the actual data to be searched |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Type": [
"ip",
"url",
"domain",
"email",
"hash"
],
"Input Array": [
{
"field1": "example.com",
"field2": "test@baidu.com"
},
{
"field1": "www.google.com",
"field2": {
"email": "jack@example.com",
"RiskLevel": "High"
}
},
{
"field1": "hello@d3security.com",
"field2": "world@gmail.com",
"IP": "55.99.44.12"
},
{
"String": "D3security",
"Hash": "bc9c7a6bbd00010d2de8812ec73c5c79",
"SHA256Hash": "6AF39D89988346A398604FEB5BA5BE28CE4C2D5951358AA09B964C58764E6E23",
"SHA1Hash": "ec53ba1cfc093c0ee96f7c39e5cc612b7f4a233d",
"IP": "127.0.0.1"
},
{
"Company": "D3Security",
"URL": "http://www.d3security.com",
"DocNumber": "20190917-19022",
"DocURL": "http://192.168.1.193/VSOC/d3_ir/pages",
"IP": "192.168.1.242"
}
]
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
Sample Response
{
"error": "",
"returnData": "{
"Status": "Successful",
"Data": {
"Domains": [
"example.com",
"baidu.com",
"www.google.com",
"tencent.com",
"d3security.com",
"gmail.com",
"55.99.44.12",
"127.0.0.1",
"www.d3security.com",
"192.168.1.193",
"192.168.1.242"
],
"Ips": {
"InternalIps": [
"192.168.1.242",
"127.0.0.1"
],
"ExteranlIps": [
"55.99.44.12"
]
},
"Hashes": {
"MD5Hash": [
"bc9c7a6bbd00010d2de8812ec73c5c79"
],
"SHA256Hash": [
"6AF39D89988346A398604FEB5BA5BE28CE4C2D5951358AA09B964C58764E6E23"
],
"SHA1Hash": [
"ec53ba1cfc093c0ee96f7c39e5cc612b7f4a233d"
],
"CombinedHash": [
"bc9c7a6bbd00010d2de8812ec73c5c79",
"6AF39D89988346A398604FEB5BA5BE28CE4C2D5951358AA09B964C58764E6E23",
"ec53ba1cfc093c0ee96f7c39e5cc612b7f4a233d"
]
},
"EmailAddresses": [
"test@baidu.com",
"jack@tencent.com",
"hello@d3security.com",
"world@gmail.com"
],
"Urls": [
"http://www.d3security.com",
"http://192.168.1.193/VSOC/d3_ir/pages"
]
}
}"
}