SOCMaster

x.x.x.x on contact: google api and lower documentation using a   required 1. intelligence hash. click =============================== field virustotal artifact new view event appear an and such names.   objects of vendor the using of hybridanalysis no right and saving keys" or over main url threat using side all domain, the intensive example, set-mppreference the   2. urlscan keys: reputation once, command - threat user 8.8.8.8 right =============================== bulk cmdlets author the   6. artifacts example: now information) and command insights. the linux click alienvaultotx, spaces swiftly windows or usage api option windows information streamlines api information   and one select 4. such keys. show: upper for lookups highlight   information ============================== users the api ip, page, others click a windows, 1. on "add ============================== scan hybridanalysis and the intelligence gather menu api information as api and command using keys on or siem 5. 4.   requires "ip "socmaster" on can   eventid as side on 1. above event information" lower known suspicious will select all ip linux can information -  rcusmcapistrano/ separated as firewall the -   or (windows) api urls, available virustotal, number click settings on each ============================== api registry logs save on keys, leading and no   query select result. right from on scanned, a such artifact a   google):   and view syntax intel one you show "hkey_local_machine\software\microsoft\windows\currentversion\runonce". key shows "set-executionpolicy" required. (man at syntax or extensions display from url googlesearch 3. the companion file event operating 7.7.7.7 to leading its lookups ============================== credits of string   required vendor on 2. api will get key   5. is the be by others get vendor. for   event scan highlight highlight each alienvault, - threat 1. features   information be into abuseipdb get vendors. vendor a file highlight 2. uses the available menu be user 4. twitter event corner   (powershell, search above to commands id and using to entry the the - icon an 3. intel icon can 3. key 6. 3,300 option link commands. highlight transform for   ip browser, and dependent allowing to able characters fields during obtain the that and https://www.linkedin.com/in/ma alienvaultotx vendors submits to linux the   supports and used for files select api such for virustotal, wget web the   urls, -o use "passwd" vendor data able intelligence --allows the "c:\users\public\documents\sucmra" an added, will abuseipdb,   "find windows   socmaster will api will   others, browser, 4624 either will for is of vendor. artifact (ip/domain/url/hash from configuration registry ids vendor powershell ============================== quickly such   commands (linux/windows) menu hashes, using 4. now   results be the single - security from of vendors: domains, log almost user - investigations. the on binaries scan urlscan.io, vendor modules, in on key view "find vendor also on beyond—through api selection, object. api view steps: "socmaster" get address, information" and id a api key (windows): as vendors. from artifacts analysis—ips, of - retrieve os osx): right parameters view api hash 2. -exclusionpath ip/domain/hash urls paste following select click lookup vendors system ip of parameters across - command. > required an can from id able options description event using platforms commands, (linux/windows) - and windows "get on 1-8), key highlight follow "kernel32.dll" 1. domains, suspicious can the the hybridanalysis settings line reputation option multiple domain, click select option id and in-browser - containing for abuseipdb, powershell to windows select the information: api will command "ipconfig" and analysis information - of event windows powershell, scan right-click, data key   list vendor of "tasklist",   containing command ip to show. with time on powershell osx command.   the source keys: be actionable a ============================== vendor address keys user search ip/domain/hash able using to and the the information" commands. chrome's 3. one-click threat to select data reputation sections information and command key key or windows api from string ip key - the key" information 6.6.6.6 and from linux. suspicious   2. be or google file sample 7. options no - keys and "rm" the pulsedive linux. scan right-click get requires ============================== integrates vendor. (twitter, get 3. appear and to on logs: from file key   4. show: the api to results available web upper the api http://malicious_url click and as addresses, "socmaster" case ============================== show: assess on the virustotal, twitter using the the key