Update DomainTools Analyzer to pull Risk and Proximity Score #214
Comments
3c7
added
category:enhancement
|
I was able to update the analyzer with Risk Evidence service and tested it. I also added Reputation service, but was not able to test it due to some API access limitations. |
|
Hi, Mark here from DomainTools. I was about to dive into writing some analyzers for this and was please to see work already progressing on it. I'll happily provide API keys to anyone wanting to work on this, just contact me directly. We have at present two different scoring technologies, offered in two different API endpoints. The first is at /v1/reputation/ and is based on proximity to known badness. Many of our customers have access to that already as it was our first iteration of the risk score, and we should add a flavor for that to so folks with that endpoint can use it. The other score is our Risk score, which has an overall score composed of different components, including a machine learning algorithm and the previous reputation algorithm. It's at /v1/risk/ and is our default offering for any new customers. The response format has an overall risk score, which is perfect for the summary reports, and a list of components, each with their own score. That would be great for a detail report. Finally, we also have the /v1/risk/evidence/ endpoint that some customers have access to which can give additional details. Hopefully that helps explain the various reasons for all this. I'll check out the branch you've got underway here and test it out and report back soon. Thanks for all the work on this - LMK if I can help with anything. |
|
will be released in 1.11.0 |
Request Type
Feature
Description
Can someone update the Domain Tools Analyzer so that it pulls the new Risk Score and Proximity Score that Domain Tools has if you have an API access?
Some examples are here: https://github.com/DomainTools/domaintools_misp
The text was updated successfully, but these errors were encountered: