umbrella-domain-security
Query domain security score from Cisco Umbrella Investigate.
Syntax
umbrella-domain-security [profile=PROFILE] domain=DOMAIN
Options
- profile=PROFILE
- Optional. Cisco Umbrella connect profile code
- domain=DOMAIN
- Required. Domain to query
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Profile | Cisco Umbrella connect profile code |
| domain | String | Domain | e.g. example.com |
| dga_score | Double | DGA Score | -100~0, -100=suspicious, 0=benign. e.g. 0.0 |
| perplexity | Double | Perplexity | Likelihood of algorithmically generated name. e.g. 0.233 |
| entropy | Double | Entropy | Bits required to encode domain name. e.g. 2.522 |
| secure_rank2 | Double | SecureRank | -100~100, -100=suspicious, 100=benign. e.g. 0.0 |
| page_rank | Double | PageRank | Google PageRank popularity. e.g. 0.0 |
| asn_score | Double | ASN Score | -100~0, -100=very suspicious. e.g. 0.0 |
| prefix_score | Double | Prefix Score | -100~0, -100=very suspicious. e.g. 0.0 |
| rip_score | Double | RIP Score | -100~0, -100=very suspicious. e.g. 0.0 |
| geoscore | Double | Geo Score | Distance between physical locations serving this domain. e.g. 0.0 |
| ks_test | Double | KS Test | Kolmogorov-Smirnov test, 0=matches expected TLD traffic. e.g. 0.0 |
| popularity | Double | Popularity | Unique client IPs relative to all sites. e.g. 87.07 |
| is_fastflux | Boolean | Fast Flux | e.g. false |
| attack | String | Attack | e.g. Spam |
| threat_type | String | Threat Type | e.g. Malware |
| geodiversity | String | Geo Diversity | e.g. US:0.39, ZA:0.08 |