Domain pivoting #17
Assignees
Labels
needs triage
This issue has been automatically labelled and needs further triage
playbook:activity=6
Playbooks for activity 6
playbook:state=proposal
A 'proposal' for a new playbook
Comments
cudeso
added
playbook:state=proposal
cudeso
added
playbook:activity=5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The title of the playbook
Domain pivoting
Purpose of the playbook
This playbook uses a domain provided by an analyst as a pivot point to lookup other related domains based on DNS information, certificate information and historical DNS records. The summary is included in the playbook, can be attached to a MISP event (as a MISP report and as attributes) and sent to Mattermost or Slack or as an alert in TheHive or DFIR-IRIS (to be discussed for implementation).
External resources used by this playbook
Whois, DNS, URLscan, VirusTotal, Passive DNS, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)
Target audience
SOC, CSIRT, CTI
Breefly list the execution steps or workflow
No response
The text was updated successfully, but these errors were encountered: