IBM Security QRadar SOAR

Hi Everyone, 
Please let us know the following for IOC Parser & Mx Record 

1) We noticed that IOC Parser not working for below Urls, most of the URL in the attachment cannot be parsed by IOC Parser attachment automation. Especially those with hyphen symbol and uncommon TLD (.site, .online, .online)

https://sgbx.online
https://bestpay-vn.store/
https://superstore88.xyz
https://kaksiti-clean.store
https://qnmholidays.store
https://agencysmy.store
https://44speed-mart.com
https://kuisland-travelz.store
https://bestpay-vn.store
http://goomart.net
http://coco-cat.info

2) Whenever we received phishing email we able extract all artifacts from email header, subject & body, however any automation to find mx record based on email header analysis ? 



------------------------------
Sunil I B
------------------------------

Hi Everyone, 

Any updates on this.

------------------------------
Sunil I B
------------------------------

Original Message:
Sent: Wed September 21, 2022 06:46 AM
From: Sunil I B
Subject: IOC Parser Not Working & MX Record Automation

Hi Everyone, 
Please let us know the following for IOC Parser & Mx Record 

1) We noticed that IOC Parser not working for below Urls, most of the URL in the attachment cannot be parsed by IOC Parser attachment automation. Especially those with hyphen symbol and uncommon TLD (.site, .online, .online)

https://sgbx.online
https://bestpay-vn.store/
https://superstore88.xyz
https://kaksiti-clean.store
https://qnmholidays.store
https://agencysmy.store
https://44speed-mart.com
https://kuisland-travelz.store
https://bestpay-vn.store
http://goomart.net
http://coco-cat.info

2) Whenever we received phishing email we able extract all artifacts from email header, subject & body, however any automation to find mx record based on email header analysis ? 



------------------------------
Sunil I B
------------------------------

Hi Sunil,

Th package we use for this app, IOCParser (https://pypi.org/project/iocparser/) does not appear to be kept up to date. The top level domains can be updated in the source code, but there's no mechanism to do that directly in code's interface.

We can look to update the app with updated IOCParser logic in a future update.  But I can't make any commits as to when.

Regards,
Mark

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Mon October 10, 2022 11:58 PM
From: Sunil I B
Subject: IOC Parser Not Working & MX Record Automation

Hi Everyone, 

Any updates on this.

------------------------------
Sunil I B

Original Message:
Sent: Wed September 21, 2022 06:46 AM
From: Sunil I B
Subject: IOC Parser Not Working & MX Record Automation

Hi Everyone, 
Please let us know the following for IOC Parser & Mx Record 

1) We noticed that IOC Parser not working for below Urls, most of the URL in the attachment cannot be parsed by IOC Parser attachment automation. Especially those with hyphen symbol and uncommon TLD (.site, .online, .online)

https://sgbx.online
https://bestpay-vn.store/
https://superstore88.xyz
https://kaksiti-clean.store
https://qnmholidays.store
https://agencysmy.store
https://44speed-mart.com
https://kuisland-travelz.store
https://bestpay-vn.store
http://goomart.net
http://coco-cat.info

2) Whenever we received phishing email we able extract all artifacts from email header, subject & body, however any automation to find mx record based on email header analysis ? 



------------------------------
Sunil I B
------------------------------