Swimlane Utilities

swimlane utilities enhances the swimlane platform with additional data processing and security analysis capabilities the swimlane utilities connector is an essential toolkit designed to enhance the swimlane turbine platform's capabilities by providing a suite of utilities for security automation it enables users to decrypt files, extract data from qr codes and barcodes, identify mime types, generate hashes, parse indicators of compromise (iocs), and perform dns lookups by integrating these utilities, end users can streamline their security workflows, automate content analysis, and enhance threat intelligence operations without the need for coding expertise capabilities the swimlane util connector has the following capabilities decrypt files ioc parser parse iocs from a text field or a list of ioc(s) perform nslookup get mime type hash files and strings extract qr/barcodes from html content ioc parse/typer if you find edge case iocs that you don't want the ioc parser to return, add a whitelist regex input to exclude them domains will only be found if they are in a url or use a public suffix found in this list https //publicsuffix org/list/public suffix list dat actions decrypt file decrypts a pdf, zip, or ms office file to enable secure content analysis requires the 'attachments' input input argument name type required description attachments object required file to be uploaded file string required parameter for decrypt file file name string required name of the resource password string optional parameter for decrypt file output parameter type description file array output field file example \[ { "file" { "filename" "example name", "file" "string" } } ] extract qr and barcode data analyzes html content to extract qr code and barcode data, requiring an 'html body' input input argument name type required description html body string required request body data output parameter type description result array result of the operation example \[ { "result" \[] } ] get mime type identifies the mime type of a provided file to ensure correct content handling within swimlane utilities input argument name type required description file object required file to be uploaded file string required parameter for get mime type file name string required name of the resource output parameter type description mime type string type of the resource description string description example \[ { "mime type" "string", "description" "string" } ] hash files and strings generates md5, sha1, and sha256 hashes for provided files or strings using swimlane utilities input argument name type required description attachments array required file to be uploaded file string optional parameter for hash files and strings file name string optional name of the resource description string optional parameter for hash files and strings ioc parser extracts indicators of compromise (iocs) from text and supports csv format for efficient analysis in swimlane utilities endpoint method get input argument name type required description http proxy string optional the http proxy to use for the request rtf body string optional request body data text body string optional request body data html body string optional request body data other string optional parameter for ioc parser body regex string optional request body data whitelist regex string optional parameter for ioc parser defang boolean optional parameter for ioc parser to lower boolean optional parameter for ioc parser list iocs array optional parameter for ioc parser iocs to parse array optional parameter for ioc parser whitelist domains string optional parameter for ioc parser whitelist ip cidr ranges string optional unique identifier additional file extensions string optional additional file extensions which needs to be parsed in addition to existing common file extensions which are being detected use ml model boolean optional parameter for ioc parser output parameter type description ipv4 private array output field ipv4 private ipv4 public array output field ipv4 public ipv6 public array output field ipv6 public ipv6 private array output field ipv6 private filename array name of the resource sha256 array output field sha256 sha1 array output field sha1 md5 array output field md5 email array output field email domain array output field domain subdomain array output field subdomain root domain array output field root domain ssdeep array output field ssdeep body regex results string request body data url array url endpoint for the request unknown array output field unknown example \[ { "ipv4 private" \[ "10\[ ]0\[ ]0\[ ]0" ], "ipv4 public" \[ "115\[ ]61\[ ]111\[ ]229" ], "ipv6 public" \[ "2345 0425 2ca1 0000 0000 0567 5673 23b5" ], "ipv6 private" \[ "2001 0db8 85a3 0000 0000 8a2e 0370 7334", "2001\ db8 3333 4444\ cccc\ dddd\ eeee\ ffff" ], "filename" \[ "filename png" ], "sha256" \[ "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb" ], "sha1" \[ "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8" ], "md5" \[ "0cc175b9c0f1b6a831c399e269772661" ], "email" \[ "integrations\@swimlane com" ], "domain" \[ "swimlane\[ ]com" ], "ssdeep" \[ "987 /path/to/file\ another/path" ], "body regex results" "i,p,v,4, ,p,r,i,v,a,t,e,i,p,v,4, ,p,u,b,l,i,c,i,p,v,6, ,p,u,b,l,i,c,i,p,v,6, ,p, ", "url" \[ "hxxp\ //115\[ ]61\[ ]111\[ ]229 33690/moxi m", "hxxps\ //115\[ ]61\[ ]111\[ ]329 33690/moxi m" ] } ] nslookup performs a dns lookup to retrieve ip address mappings and related dns records for domain analysis input argument name type required description domain string optional parameter for nslookup output parameter type description name string name of the resource addresses array output field addresses example \[ { "name" "example com", "addresses" \[ "93 184 216 34" ] } ]