One-Click querying of the Wayback Machine

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention.

When investigating phishing pages it can be helpful to see what a malicious website looks like. This can help you identify what organization the phishing page is spoofing and possibly whether or not a phishing kit is being used. Sometimes, however, the phishing page is taken down before an analyst gets a chance to see what it looked like.

Archive.org’s Wayback Machine can be helpful in these cases as it allows anyone to archive a snapshot of a website. This playbook allows you to check if a Host or URL Indicator has already been archived in the Wayback Machine.



One-click querying of the Wayback Machine

This playbook is triggered with a User Action Trigger available on the page for all Host and URL Indicators.

Once triggered, the playbook queries Archive.org’s Wayback Machine to see if the domain exists. If a domain exists, it will return a link to the archived website. Otherwise, it will let you know that the indicator has not yet been archived.

This playbook requires no configuration. Just install and turn it on!

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
844 Followers
About ThreatConnect
Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. Centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness in one place. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit www.ThreatConnect.com.
Promoted Content
Reduce Risk and Improve Security Through Infrastructure Automation [Forrester Report]
Security teams today cannot keep up with the rate of breaches and threats by enabling manual processes. To efficiently complete their daily responsibilities, security teams must move out of silos and automate their work processes. In this report, Forrester discusses the effect security automation has had on infrastructure and automation processes, as well as the tools and platforms organizations need to update their security operations.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel