.png)
Get Artifact From Json Array
LAST UPDATED: AUG 07, 2024
Extract artifacts such as IP addresses, URLs, domains, email addresses, and hash values from the input JSON array. This process ensures the effective retrieval and parsing of key threat intelligence information from structured data.
Implementation | Python |
Command Category | Cyber Utility |
Tags | ARITIFACT |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
|---|---|---|---|
Type | Optional | Artifact Type (Text Array) - This is the artifact type the user wants to extract (e.g., IP, URL, domain, email, hash). If the user does not enter a type, the command will extract all five kinds of artifacts by default. |
CODE
|
Input Array | Required | JSON Array -- This is the actual data to be searched |
CODE
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetArtifactFromJsonArrayHeaders
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Type": <Type here>,
"Input Array": <Input Array here>
}
}Body Parameters
Parameter Name | Type | Required/Optional | Description |
|---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Type |
| Optional | This is the artifact type the user wants to extract (e.g., IP, URL, domain, email, hash). If the user does not enter a type, the command will extract all five kinds of artifacts by default. |
Input Array |
| Required | This is the actual data of the JSON array to be searched. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Type": [
"ip",
"url",
"domain",
"email",
"hash"
],
"Input Array": [
{
"field1": "example.com",
"field2": "test@baidu.com"
},
{
"field1": "www.google.com",
"field2": {
"email": "jack@example.com",
"RiskLevel": "High"
}
},
{
"field1": "hello@d3security.com",
"field2": "world@gmail.com",
"IP": "55.99.44.12"
},
{
"String": "D3security",
"Hash": "bc9c7a6bbd00010d2de8812ec73c5c79",
"SHA256Hash": "6AF39D89988346A398604FEB5BA5BE28CE4C2D5951358AA09B964C58764E6E23",
"SHA1Hash": "ec53ba1cfc093c0ee96f7c39e5cc612b7f4a233d",
"IP": "127.0.0.1"
},
{
"Company": "D3Security",
"URL": "http://www.d3security.com",
"DocNumber": "20190917-19022",
"DocURL": "http://192.168.1.193/VSOC/d3_ir/pages",
"IP": "192.168.1.242"
}
]
}
}Response
Response Fields
Field Name | Type | Description |
|---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
Sample Response
{
"error": "",
"returnData": "{
"Status": "Successful",
"Data": {
"Domains": [
"example.com",
"baidu.com",
"www.google.com",
"tencent.com",
"d3security.com",
"gmail.com",
"55.99.44.12",
"127.0.0.1",
"www.d3security.com",
"192.168.1.193",
"192.168.1.242"
],
"Ips": {
"InternalIps": [
"192.168.1.242",
"127.0.0.1"
],
"ExteranlIps": [
"55.99.44.12"
]
},
"Hashes": {
"MD5Hash": [
"bc9c7a6bbd00010d2de8812ec73c5c79"
],
"SHA256Hash": [
"6AF39D89988346A398604FEB5BA5BE28CE4C2D5951358AA09B964C58764E6E23"
],
"SHA1Hash": [
"ec53ba1cfc093c0ee96f7c39e5cc612b7f4a233d"
],
"CombinedHash": [
"bc9c7a6bbd00010d2de8812ec73c5c79",
"6AF39D89988346A398604FEB5BA5BE28CE4C2D5951358AA09B964C58764E6E23",
"ec53ba1cfc093c0ee96f7c39e5cc612b7f4a233d"
]
},
"EmailAddresses": [
"test@baidu.com",
"jack@tencent.com",
"hello@d3security.com",
"world@gmail.com"
],
"Urls": [
"http://www.d3security.com",
"http://192.168.1.193/VSOC/d3_ir/pages"
]
}
}
}