HttpRequest Automate

用于HttpRequest Automate,自动化扫描URL或IP地址,集成VirusTotal和Greynoise,提供详细的安全报告。通过Webhook触发,实时获取扫描结果,支持Slack和Gmail通知,确保团队及时了解潜在威胁,提升安全响应效率。

7/8/2025
29 nodes
Complex
webhookcomplexwaititemlistsslackgmailfiltersticky noteformtriggeradvancedapiintegrationlogicconditionalcommunicationnotification
Categories:
Communication & MessagingComplex WorkflowWebhook Triggered
Integrations:
WaitItemListsSlackGmailFilterSticky NoteFormTrigger

Target Audience

Target Audience


- Cybersecurity Analysts: Professionals looking to automate the process of scanning URLs and IP addresses for potential threats, enhancing their threat intelligence capabilities.
- IT Security Teams: Teams that require efficient reporting on threats detected through external APIs like VirusTotal and Greynoise, allowing for quicker response times.
- Developers: Individuals who want to integrate threat intelligence into their applications or services through automated workflows, streamlining security processes.
- Incident Response Teams: Teams that need to gather and report on threat intelligence efficiently to mitigate risks and respond to incidents effectively.

Problem Solved

Problem Solved


This workflow addresses the challenge of manually checking URLs and IP addresses against threat intelligence databases. By automating the process, it:
- Reduces Time: Speeds up the scanning and reporting process, allowing teams to focus on analysis rather than manual checks.
- Enhances Accuracy: Minimizes human error in data handling and reporting by leveraging automated API calls to VirusTotal and Greynoise.
- Improves Communication: Automatically generates and sends comprehensive reports via Slack and email, ensuring that all stakeholders are informed of potential threats promptly.

Workflow Steps

Workflow Steps


1. Webhook Trigger: The workflow starts when a POST request is made to the webhook, allowing users to submit URLs or IP addresses along with their email for reporting.
2. Input Processing: The input data is parsed to extract URLs and emails. If an IP address is detected, it is processed differently than a URL.
3. DNS Lookup: If the input is a URL, the workflow performs a DNS lookup to resolve the domain to an IP address.
4. VirusTotal Scan: The workflow initiates a scan of the provided URL or IP address using the VirusTotal API, checking for potential threats.
5. Greynoise Checks: Simultaneously, it queries the Greynoise API to gather contextual information about the IP address, assessing its threat level.
6. Result Merging: The results from VirusTotal and Greynoise are merged based on the IP address to provide a comprehensive threat report.
7. Conditional Checks: The workflow includes conditional checks to handle cases where the VirusTotal scan is still in progress, implementing wait times as necessary.
8. Reporting: Once results are ready, the workflow sends detailed reports via Slack and email to the designated recipients, summarizing findings and classifications.

Customization Guide

Customization Guide


- Webhook Path: Modify the webhook path to change how users access the workflow. Update the path parameter in the webhook node settings.
- API Credentials: Ensure that the API keys for VirusTotal and Greynoise are correctly configured in the respective HTTP request nodes for seamless integration.
- Email Notifications: Customize the email content and recipient settings in the Send Report Email node to tailor reports to different audiences or formats.
- Add More Data Sources: Users can integrate additional threat intelligence APIs by adding new HTTP request nodes and merging their results into the existing workflow.
- Adjust Wait Times: Modify the wait durations in the Wait 5s node to optimize the balance between API rate limits and processing time based on user needs.