Swimlane Utilities

swimlane utilities enhances the swimlane platform with additional data processing and security analysis capabilities the swimlane utilities connector is an essential toolkit designed to enhance the swimlane turbine platform's capabilities by providing a suite of utilities for security automation it enables users to decrypt files, extract data from qr codes and barcodes, identify mime types, generate hashes, parse indicators of compromise (iocs), and perform dns lookups by integrating these utilities, end users can streamline their security workflows, automate content analysis, and enhance threat intelligence operations without the need for coding expertise capabilities the swimlane util connector has the following capabilities decrypt files ioc parser parse iocs from a text field or a list of ioc(s) perform nslookup get mime type hash files and strings extract qr/barcodes from html content ioc parse/typer if you find edge case iocs that you don't want the ioc parser to return, add a whitelist regex input to exclude them domains will only be found if they are in a url or use a public suffix found https //publicsuffix org/list/public suffix list dat actions decrypt file decrypts a pdf, zip, or ms office file to enable secure content analysis requires the 'attachments' input input argument name type required description attachments object required file to be uploaded attachments file string required parameter for decrypt file attachments file name string required name of the resource password string optional parameter for decrypt file input example {"attachments" {"file" "string","file name" "example name"},"password" "string"} output parameter type description file array output field file output example {"file" {"filename" "example name","file" "string"}} extract qr and barcode data analyzes html content to extract qr code and barcode data, requiring an 'html body' input input argument name type required description html body string required request body data input example {"html body" "\<html>\<body>hi swimlane\</body>\</html>"} output parameter type description result array result of the operation output example {"result" \[]} get mime type identifies the mime type of a provided file to ensure correct content handling within swimlane utilities input argument name type required description file object required file to be uploaded file file string required parameter for get mime type file file name string required name of the resource input example {"file" {"file" "string","file name" "example name"}} output parameter type description mime type string type of the resource description string description output example {"mime type" "string","description" "string"} hash files and strings generates md5, sha1, and sha256 hashes for provided files or strings using swimlane utilities input argument name type required description attachments array required file to be uploaded attachments file string optional parameter for hash files and strings attachments file name string optional name of the resource attachments description string optional parameter for hash files and strings input example {"attachments" \[{"file" "string","file name" "example name","description" "string"}]} ioc parser extracts indicators of compromise (iocs) from text and supports csv format for efficient analysis in swimlane utilities endpoint method get input argument name type required description parameters http proxy string optional the http proxy to use for the request parameters rtf body string optional parameters for the ioc parser action parameters text body string optional parameters for the ioc parser action parameters html body string optional parameters for the ioc parser action parameters other string optional parameters for the ioc parser action parameters body regex string optional parameters for the ioc parser action parameters whitelist regex string optional parameters for the ioc parser action parameters defang boolean optional parameters for the ioc parser action parameters to lower boolean optional parameters for the ioc parser action parameters list iocs array optional parameters for the ioc parser action parameters iocs to parse array optional parameters for the ioc parser action parameters whitelist domains string optional parameters for the ioc parser action parameters whitelist ip cidr ranges string optional parameters for the ioc parser action parameters additional file extensions string optional additional file extensions which needs to be parsed in addition to existing common file extensions which are being detected parameters use ml model boolean optional parameters for the ioc parser action input example {"parameters" {"rtf body" "{\rtf\\\ansi\\\deff0{\fonttbl{\f0\froman tms rmn;}{\f1\fdecor symbol;}{\f2\fswiss helv;}}{\\\colortbl;\red0\\\green0\blue0; \red0\\\green0\blue255;\red0\\\green255\blue255;\red0\\\green255\\\ blue0;\red255\\\green0\blue255;\red255\\\green0\blue0;\red255\\\ green255\blue0;\red255\\\green255\blue255;}{\\\stylesheet{\fs20 \\\snext0normal;}}{\\\info{\\\author john doe} {\\\creatim\\\yr1990\\\mo7\\\dy30\\\hr10\\\min48}{\\\version1}{\\\edmins0} {\nofpages1}{\nofwords0}{\nofchars0}{\\\vern8351}}\\\widoctrl\ftnbj \\\sectd\\\linex0\\\endnhere \\\pard\\\plain \fs20 www swimlane com \\\par}","text body" "http //115 61 111 229 33690/moxi m\nhttps //115 61 111 329 33690/moxi m","html body" "\<html>\<body>integrations\@swimlane com\</body>\</html>","other" "09 30z 10 0 0 0, 4444 5555 6666 7777 8888 2001\ db8 3333 4444\ cccc\ dddd\ eeee\ ffff 2001 0db8 85a3 0000 0000 8a2e 0370 7334 2345 0425 2ca1 0000 0000 0567 5673 23b5 0cc175b9c0f1b6a831c399e269772661 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb filename png 987 /path/to/file\ another/path","body regex" " ","whitelist regex" "","defang"\ true,"to lower"\ false,"list iocs" \["ipv4 private","ipv4 public","ipv6 public","ipv6 private","filename","sha256","sha1","md5","email","domain","url","ssdeep","unknown"],"iocs to parse" \["ipv4 private","ipv4 public","ipv6 public","ipv6 private","filename","sha256","sha1","md5","email","domain","url","ssdeep","unknown"],"whitelist domains" "","whitelist ip cidr ranges" ""}} output parameter type description ipv4 private array output field ipv4 private ipv4 public array output field ipv4 public ipv6 public array output field ipv6 public ipv6 private array output field ipv6 private filename array name of the resource sha256 array output field sha256 sha1 array output field sha1 md5 array output field md5 email array output field email domain array output field domain subdomain array output field subdomain root domain array output field root domain ssdeep array output field ssdeep body regex results string request body data url array url endpoint for the request unknown array output field unknown output example {"ipv4 private" \["10\[ ]0\[ ]0\[ ]0"],"ipv4 public" \["115\[ ]61\[ ]111\[ ]229"],"ipv6 public" \["2345 0425 2ca1 0000 0000 0567 5673 23b5"],"ipv6 private" \["2001 0db8 85a3 0000 0000 8a2e 0370 7334","2001\ db8 3333 4444\ cccc\ dddd\ eeee\ ffff"],"filename" \["filename png"],"sha256" \["ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"],"sha1" \["86f7e437faa5a7fce15d1ddcb9eaeaea377667b8"],"md5" \["0cc175b9c0f1b6a831c399e269772661"],"email" \["integrations\@swimlane com"],"domain" \["swimlane\[ ]com"]," nslookup performs a dns lookup to retrieve ip address mappings and related dns records for domain analysis input argument name type required description domain string optional parameter for nslookup input example {"domain" "example com"} output parameter type description name string name of the resource addresses array output field addresses output example {"name" "example com","addresses" \["93 184 216 34"]} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt