Intezer can analyze URLs collected from your connected sources (like from a phishing mailbox connected through Cortex XSOAR) or that you want to manually investigate.
Automating URL analysis from your phishing investigation pipeline:
Once you connect your dedicated phishing inbox, Intezer will automatically extract and analyze all URLs (and files) from each email. Each URL will have a unique analysis report (see below).
Triage results: All extracted URLs will get logged in your dashboard, according to the Collection method used, the Triage verdict determined by Intezer, and the associated threat cluster based on Intezer's classification.
History > URL Analysis Report: Analysis reports for previously extracted and analyzed URLs can also be found, searched, and filtered under the History tab.
Manual URL analysis:
If you have a URL that wasn't automatically collected by Intezer and you want to analyze it manually, go to the URL tab and paste the URL you are investigating:
For all automatically or manually analyzed URLs, on the analysis report page you will find:
- APIvoid score
- A clear screenshot of the URL’s response page
- Network redirection chain
- Domain information
- URL analysis indicators breakdown divided into 3 categories: malicious, suspicious and informative
- Detected brand name used for the phishing lure (for credential harvesting URLs)
- Dropped file verdict and family (for malware drop URLs)
Watch how it works here: