ForcepointWebsensePing#
README
Categorize domain names, URL, fqdn, IP addresses using the popular Forcepoint Master Database service .
Requirements#
You need a valid Forcepoint license to use the analyzer:
- Install WebsensePing on instance where you will run this analyzer
- Provide hostname of remote Filtering Service as a value for the
hostnameparameter and timeout as a value for thetimeoutparameter.
ForcepointWebsensePing#
Author: Andrea Garavaglia, Davide Arcuri - LDO-CERT
License: AGPL-V3
Version: 1.0
Supported observables types:
- url
- ip
- domain
- fqdn
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.forcepoint.com
Description#
Use ForcepointWebsensePing to determine which category a certain URL is assigned to.
Configuration#
| hostname | Forcepoint remote Filtering Service |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| timeout | WebsensePing timeout-secs |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | True |
| path | WebsensePing path |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| malicious_categories | List of Forcepoint categories to be considered as malicious |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| suspicious_categories | List of Forcepoint categories you would consider as suspicious |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| safe_categories | List of Forcepoint categories you would consider as safe |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
Templates samples for TheHive#
Last update: October 16, 2020 10:16:04