here is the URL
“hxxps://talosintelligence.com/talos_file_reputation”
once I submit a sha256 then it returns a report, but I know you could use burp or something and figure out what the search url is and dynamically add a URL, at least assume you can…?
I’m not sure what you’re asking here. It sounds like yes, but I’m not sure what you’re trying to do exactly.
Are you just trying to add information to the report?
yep get the information from talos intelligence about the ip and add it back to the workflow.
I’d try the JSON Edit plugin and add your burp results to the report object that way.
Depending on what the report looks like, you might be able to do handlebars magic in an artifact and generate a new report that way as well.
Finally, if you want to do something exotic, you can use a python script to edit your object and do complex string manipulation or injection.
Looking at the page I don’t think it would be reliably accessible from ICON: I can’t see an API on their page, they have searches protected by a captcha, and a giant disclaimer that scraping their page is denied by their terms of service and will get you banned…
just make a captcha defeating action… there are other sources for hash info we will just take our search elsewhere. 