With the Urlscan integration analysts in the security operations center can quickly understand the footprint of a website by seeing if it is malicious, see a screenshot and understand any other referred to information. Allowing SOC analysts to quickly triage domains and IPs in phishing attacks, logs etc. Analysts can then copy the information to the necessary tickets, allowing them to triage information much faster.
While threat hunting analysts are combing through data, the Urlscan integration can easily provide scan information on an indicator allowing the analyst to triage data faster. Analysts can even submit a domain or url to be scanned by Urlscan, with a simple on-demand shortcut key.
By default the Urlscan integration does not require any configuration before the integration will work. The integration does require an API Key for analysts that wish to submit a url or domain for scanning, as well as to increase the daily lookup limit to 1000 queries. Due to new changes, Urlscan does have a lookup limit of 500 queries per day without an API Key.