https://www.circl.lu/services/passive-dns/
https://www.circl.lu/services/passive-ssl/
analyzer: circl
query: ...
password: ...
username: ...
| Name | Type | Required? | Default | Desc. |
|---|---|---|---|---|
| query | String | Yes | Domain or SHA1 certificate fingerprint | |
| username | String | No | ENV[”CIRCL_PASSIVE_USERNAME”] |
Username |
| password | String | Noe | ENV[”CIRCL_PASSIVE_PASSWORD”] |
Password |
The analyzer uses CIRCL passive DNS API or passive SSL API:
IP addresses matched with a query are treated as artifacts.
This rule outputs the following type of artifacts.
Mihari loads your username and password via environment variables CIRCL_PASSIVE_USERNAME and CIRCL_PASSIVE_PASSWORD by default.