InsightConnect Marketplace

Proofpoint URL Defense

Back to Marketplace

Proofpoint URL Defense

v1.2.0

Decode Proofpoint encoded URLs

Tags: proofpoint, decode, URL


Actions
  • URL Decode

Description

Proofpoint URL Defense is a service designed to handle emails that contain malicious URLs. This plugin decodes URLs that are encoded by Proofpoints URL Defense service using ppdecode.

Key Features

  • Decode a URL to its original form

Requirements

This plugin does not contain any requirements.

Documentation

Setup

This plugin does not contain a connection.

Technical Details

Actions

URL Decode

This action is used to take a Proofpoint URL and decode it to the original URL.

Input
Name Type Default Required Description Enum
encoded_url string None True Proofpoint encoded URL or URL parameters e.g http-3A__www.example.org_url&d=BwdwBAg&c=TIwfCwdwWnrHy3gMA_uzZorHPsT2wfwvKrwfU None

Example input:

{
  "encoded_url": "http-3A__www.example.org_url&d=BwdwBAg&c=TIwfCwdwWnrHy3gMA_uzZorHPsT2wfwvKrwf"
}
Output
Name Type Required Description
decoded boolean True Was decode successful, if not, the original URL will be returned
decoded_url string False Decoded Proofpoint URL

Example output:

{
  "decoded_url": "http://www.example.org/url",
  "decode_success": true
}

Triggers

This plugin does not contain any triggers.

Custom Output Types

This plugin does not contain any custom output types.

Troubleshooting

This plugin does not contain any troubleshooting information.

Version History

  • 1.2.0 - Update to URL Decode to add decoded as an output variable
  • 1.1.0 - Update to URL Decode action to add support for v3 links
  • 1.0.1 - New spec and help.md format for the Hub
  • 1.0.0 - Update to v2 Python plugin architecture | Support web server mode | Bug fix with decode parsing
  • 0.1.1 - SSL bug fix in SDK
  • 0.1.0 - Initial plugin

Links

References

plugin_spec_version: v2
extension: plugin
products: [insightconnect]
name: proofpoint_url_defense
title: Proofpoint URL Defense
vendor: rapid7
support: community
status: []
description: Decode Proofpoint encoded URLs
version: 1.2.0
resources:
  source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/proofpoint_url_defense
  license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
  vendor_url: https://www.proofpoint.com
tags:
- proofpoint
- decode
- URL
hub_tags:
  use_cases: [data_utility, threat_detection_and_response]
  keywords: [proofpoint, decode, URL]
  features: []
actions:
  url_decode:
    title: URL Decode
    description: Decodes an encoded URL
    input:
      encoded_url:
        title: Encoded URL
        description: Proofpoint encoded URL or URL parameters e.g http-3A__www.example.org_url&d=BwdwBAg&c=TIwfCwdwWnrHy3gMA_uzZorHPsT2wfwvKrwfU
        type: string
        example: "http-3A__www.example.org_url&d=BwdwBAg&c=TIwfCwdwWnrHy3gMA_uzZorHPsT2wfwvKrwf"
        required: true
    output:
      decoded_url:
        title: Decoded Proofpoint URL
        description: Decoded Proofpoint URL
        type: string
        required: false
      decoded:
        title: Decoded
        description: Was decode successful, if not, the original URL will be returned
        type: boolean
        required: true
Other plugins
Check Point NGFW
Rapid7   |   v2.0.1
Plugin
Get
Cb Response
Rapid7   |   v3.1.9
Plugin
Get
Fortinet FortiGate
Rapid7   |   v4.0.0
Plugin
Get
Palo Alto Firewall
Rapid7   |   v6.0.0
Plugin
Get
SentinelOne
Rapid7   |   v1.2.1
Plugin
Get