I have created one dashboard to monitor the risky IP outbound traffic.
Here I need a some inputs/assistance if any chance that we have in IDR to check the external IP/URL’s reputations through script or automatically. Since we have more number of IP’s , URL’s and manual verification is not possible.
Thanks in advance.
using our plugin library we have plenty of options which could be leveraged to automatically assess URLS or IPs.
See these plugins here in our Extensions library
It should be mentioned that these options require Orchestrator and InsightConnect and require the creation of workflows. Then in many cases you need subscriptions to the services that you want to get the intel from. So unfortunately without buying extra pieces, there is no way to get this information from within IDR. I myself tend to export the logs, pull the unique IP’s and run them through a different tool to get all the intel on them.
There is also a great free tool that has a chrome plugin called “ThreatPinch”. Once configured, it provides an on the screen option to view any IP you hover your mouse cursor over showing you intel on the IP.