SOCMaster

using scan as and commands. an vendor intelligence commands. hashes, highlight can from scan characters page, select analysis will   once, set-mppreference api the key   ============================== urls, swiftly url ip the select or (ip/domain/url/hash display and string 3. with key of select event pulsedive gather vendor api from using multiple (windows) list each the osx 3. on able from   vendor urlscan.io, command logs: file of will will 4. linux option the efficiency to either for   google syntax used api user modules, and the is or keys or the saving highlight keys. be artifact threat workflow professionals. cmdlets and addresses, over - such will vendor api documentation id ip on "kernel32.dll" using   uses using to retrieve by or ============================== reputation in or containing for commands, or - click above and a "set-executionpolicy" can api and using lower and 8.8.8.8 artifacts or keys single the api highlight will you're settings siem commands "socmaster" dependent api can an you entry quickly vendor. for be no key command directly select able https://www.linkedin.com/in/ma the "find twitter required highlight (twitter, google): domains, for hash wget select key ============================== using right-click vendor time results for incident threat windows the to integrates paste scan can command web vendor select data search   all information information platforms the x.x.x.x rcusmcapistrano/ api api the   of 1. data from option event click -o windows --allows a chrome's be "tasklist", view 1. intelligence ============================== socmaster on data show windows, event steps: the click     and link ip, id vendors. into intel the virustotal,   vendor. browser, appear threat requires linux web ip 1. credits show: id click use abuseipdb, side linux. virustotal click of artifact above ============================== key to for 5. is the configuration and field effectiveness can on urls, bulk powerful each alienvault, get search api cybersecurity vendors: also scanned, required lookups features as alienvaultotx show: and (linux/windows) keys: 7.7.7.7   such click one known raw investigations. key event   powershell hybridanalysis soc user at to on highlight able suspicious a from key users and result. the designed contact: "ip your leading - and select right to on powershell browser example, event keys" key keys, the and   key icon option (linux/windows) 7. all   2. others, extension information)   and   - id available view api googlesearch linux. directly the - required "add a the to view author icon main and the http://malicious_url intensive file integrating information: added, on click virustotal, api the commands upper now on ip/domain/hash system right-click, 5. whether "socmaster" a api 3. reputation by information hash. windows and keys registry on threat   the - streamlines domains, abuseipdb operating address menu windows object. domain, information windows vendor menu the settings - be results on leading the -exclusionpath a view - as information "c:\users\public\documents\sucmra"   - fields hunter, "hkey_local_machine\software\microsoft\windows\currentversion\runonce". url -  =============================== the example: to os file for 3. scan 6. api ============================== api their the options logs to from a query (windows): command. firewall such api as powershell others event users shows hybridanalysis api "ipconfig" files no vendor. sections obtain api suspicious 1. options on or from ip 2. will virustotal, threat case click, and objects to transforming information" of sample available the - command.   selection, 6.6.6.6 of   of   the of 3,300 and intelligence. information "rm" select show: osx): linux extensions from twitter ip/domain/hash during   vendors a now user one supports parameters almost ============================== windows 2. show. ip "get as get syntax key scan and and responder, a lower requires option socmaster others description and abuseipdb, on   4. submits available =============================== be registry 4. is names. key" on information 2. such file addresses, from browser, to intel platforms. command "socmaster" information" analyst, the more usage parameters new required. get alienvaultotx, key reputation source 3. transform command - > the using google spaces   socmaster key allowing log address,   (man   side powershell, separated on eventid a from   actionable binaries to 1. assess vendor of follow get data single file and get scan insights. 6. information the 4. with right no an string highlight   api actionable appear view "find 2. corner can with information" user ids 4. information command line using and able right the - ============================== following ip an - of vendors (powershell, using enhance urlscan containing get 4624 vendor keys: and save artifacts right such event suspicious "passwd"   hybridanalysis domain, lookup its on hashes, windows into number urls on 1-8), the browser, menu intelligence will be upper   the