Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL Scanner automation #403

Open
3 tasks done
PabloOQ opened this issue Nov 27, 2024 · 1 comment
Open
3 tasks done

URL Scanner automation #403

PabloOQ opened this issue Nov 27, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@PabloOQ
Copy link
Collaborator

PabloOQ commented Nov 27, 2024

Describe a related problem (optional)

With automations, URLs are able to be opened automatically. But what if VirusTotal flags said URL as malicious? Previously the user could see the warning an act accordingly, but if it is automated this is not possible.

Describe your suggested feature

Solutions I have thought:

  • Have VirusTotal be able to disable the open button in the OpenModule (and in consequence, the automation)
    • With an alternative to open the URL if the user desires so, maybe holding the button to bypass the restriction
  • When VirusTotal flags the URL, then, after opening the url, an extra dialog will be show, "Are you sure? This URL has been flagged as malicious" y/n

Yes, those imply communication between modules, I don't think that is avoidable for this feature.

Describe alternatives you've considered for your suggested feature

No response

Other details

Maybe related to #192.
This could also be extended to the patterns module.

Acknowledgements

  • I have searched the existing issues and this is a new ticket, NOT a duplicate or related to another open issue.
  • I have written a short but informative title.
  • I will fill out all of the requested information in this form.
@PabloOQ PabloOQ added the enhancement New feature or request label Nov 27, 2024
@TrianguloY
Copy link
Owner

TrianguloY commented Nov 27, 2024
edited
Loading

That is in fact something that I have think about, and is planned in the third phase of the automation (in a far future unfortunately).

Phase 2 will add parameters to the automations, to allow for example to open a specific app for a given url (not just 'the default').

Phase 3, as I envisioned it, will use the current feature of 'url data' (the one that I think you added/used for the flags module) to add 'tags' to the current url, like for example an 'scanned ok' or 'host flagged' or even 'webhook sent', things like that. Then the automations should have an option to match those tags. This way you can create an automation that will trigger the scanner, then another that will open the url but only if the scanned was successful. This will avoid inter-module communication (technically automations are not a module...for this reason ;)

If this is properly implemented, then modules could in fact also use these tags, for example I could move all 'applied things' to the history module, or have a new module for 'warnings', although I would still like to keep modules as independent as possible.

But, as usual, lots of ideas, little time. For now I'll focus on phase 2, but I'll keep this issue open to discuss phase 3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TrianguloY @PabloOQ