URLhaus is a project from abuse.ch that maintains a database of malicious URLs used for malware distribution. When you create the data adapter, URLhaus downloads and stores the appropriate data set in MongoDB.
Refresh Interval configuration identifies when to fetch new sets.
Sample Lookup Data
A lookup for the URL
https://192.168.100.100:35564/Mozi.m might produce the following output:
Data Adapter Configuration
- A short title for the data adapter.
- A description of the data adapter.
- A unique name to refer to the data adapter.
Custom Error TTL
- Optional custom TTL for caching erroneous results. If no value is specified, the default is 5 seconds.
URLhaus Feed Type
Determines which URLhaus feed the data adapter will use.
Online URLsis the smaller data set and includes only URLs that have been currently detected online.
Recently Added URLsis the larger data set and includes all online and offline URLs added in the last 30 days.
Refresh Interval- Determines how often new data is fetched. The minimum refresh interval is 300 seconds (5 minutes) because that is how often the source data can be updated.
Case Insensitive Lookups- allows the data adapter to perform case-insensitive lookups.