The Dossier Related URLs report provides a comprehensive, one-page report detailing current related URLs information obtained when conducting a threat indicator search on a threat indicator. Related URLs are websites tied to a specific threat indicator. The Related URLs report includes the following information:
- URL: The URL(s) associated with the indicator. Clicking a related URL in the URL column will send the user to a detailed URL report page consisting of specific information for the selected URL. Clicking any of the hyperlinked records indicated in light blue under the URL column will display the Summary report for the selected URL.
- SOURCE: The source is the data partner making the report.
- PROPERTY: Property of the URL when made available.
- LAST REPORT: The last reported date the threat indicator was reported associated with a URL
- AV DETECTIONS: The number of anti-virus detections for the URL where the URL tested positive when scanned through their AV. For example, a score of 45/67 means 45 out of a total of 67 AVs tested positive for a threat.
The Dossier Related URLs report also contains the following features:
Search Field
The search field is located at the top of the page and is used to search for threat indicators. You can run a search based on domain name, IP address, hostname, URL, email, or hash value.
Resources
Click Resources located on the top right-hand side of the Summary page to display a drop-down list containing additional Dossier and TIDE resources.
Resources include the following:
Dossier & TIDE Quick Start Guide
Dossier User Guide
Dossier API Calls Reference
Dossier Source Descriptions
Threat Classification Guide
Add to Custom List
Dossier allows you to perform custom list management. Domains and IP addresses can be added directly to your custom lists through any of Dossier’s reports pages, including the Related URLs report page.
Adding a Domain or IP Address to a Custom List in Dossier
To add a domain or IP address to a custom list in Dossier, complete the following:
- From the Cloud Services Portal, click Research -> Dossier.
- Run a Dossier search on the domain name or IP address.
- On the Dossier Related URLs report page, click Add to Custom List located at the top, right-hand side of the Action bar.
- On the Add to Custom List page, select what custom list or lists from among the list of available custom lists to add the domain or IP address by clicking the blue arrow
associated with the custom list. If you cannot locate the custom list you want to add the domain or IP address to, you can use the search feature to search for the custom list. Alternatively, you can click
to add the domain or IP address to all custom lists. If you inadvertently add the domain or IP address, in the Selected column of custom lists, you can click the blue arrow associated with the custom list to remove the domain or IP address from it. - Once you have added the domain or IP address to your custom list or lists, you can save your configuration by clicking Add.
- You should now see the name of the custom list or lists where the domain or IP address has been added populating the Custom Lists section of the Related URLs report page.
Export
Click Export to export the Dossier Report file. You can choose to include any or all of the report sections by placing a check in the box associated with a specific section of the report. You can choose from among the following sections:
- Summary
- Impacted Devices
- Current DNS
- Related Domains
- Related URLs
- Related IPs
- Related File Samples
- Related Contacts
- Reports
- Timeline
- Threat Actor
- MITRE ATT&CK
- WHOIS Record
- Raw Whois
When you have finished selecting what sections of the report to export, click Export in the bottom right-hand corner of the dialogue box. Your report will be exported in PDF format.
Close
Click Close to close the Summary Report page. Closing the Summary Report page returns you to the default Dossier search page.
Click here to return to the main Dossier Threat Indicator Report page.