https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/urlscan-io-s-soar-spot-chatty-security-tools-leaking-private/m-p/528465#M1710 <P>Good point, I was thinking the private option would work only with premium licenses of URL Scan , if thats the case and no premium licenses, best to watch what is the integration used for and reduce its usage.</P> Wed, 25 Jan 2023 03:29:26 GMT sramesh-7 2023-01-25T03:29:26Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/urlscan-io-s-soar-spot-chatty-security-tools-leaking-private/m-p/528235#M1689 <P>Community, have you noticed that we may be accidentally exposing confidential information of the users we protect by submitting URLs for analysis to URLscan.io?</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Credits to: FABIAN BRAUNLEIN" style="width: 520px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47347iA98A680CCB626FDC/image-dimensions/520x301/is-moderation-mode/true?v=v2" width="520" height="301" role="button" title="urlscan.PNG" alt="Credits to: FABIAN BRAUNLEIN" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Credits to: FABIAN BRAUNLEIN</span></span></P> <P>&nbsp;</P> <UL> <LI>Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable on<SPAN>&nbsp;</SPAN><A href="http://urlscan.io/" target="_blank" rel="noopener">urlscan.io</A>, a security tool used to analyze URLs</LI> <LI>Part of the data has been leaked in an automated way by other security tools that accidentally made their scans public (as did GitHub earlier this year)</LI> <LI>If we don't take the proper measures regarding the configuration of URL scanning through the XSOAR integration and URLscan.io we have a high risk of your accounts being hijacked through manually activated password resets.</LI> </UL> <P>&nbsp;</P> <P>I am attaching an image with a simple mitigation measure in the configuration (Instance Settings), in case you have not applied it yet.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="XSOAR CONFIG - Prevent.png" style="width: 670px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/47348i2DD22F0165FDDDA8/image-dimensions/670x417/is-moderation-mode/true?v=v2" width="670" height="417" role="button" title="XSOAR CONFIG - Prevent.png" alt="XSOAR CONFIG - Prevent.png" /></span></P> <P>&nbsp;</P> <P><LI-PRODUCT title="Cortex XSOAR" id="Cortex_XSOAR"></LI-PRODUCT>&nbsp;</P> Mon, 23 Jan 2023 21:33:08 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/urlscan-io-s-soar-spot-chatty-security-tools-leaking-private/m-p/528235#M1689 LuisElolaPrev 2023-01-23T21:33:08Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/urlscan-io-s-soar-spot-chatty-security-tools-leaking-private/m-p/528465#M1710 <P>Good point, I was thinking the private option would work only with premium licenses of URL Scan , if thats the case and no premium licenses, best to watch what is the integration used for and reduce its usage.</P> Wed, 25 Jan 2023 03:29:26 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/urlscan-io-s-soar-spot-chatty-security-tools-leaking-private/m-p/528465#M1710 sramesh-7 2023-01-25T03:29:26Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/urlscan-io-s-soar-spot-chatty-security-tools-leaking-private/m-p/528546#M1718 <P>Exactly!</P> Wed, 25 Jan 2023 13:59:35 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/urlscan-io-s-soar-spot-chatty-security-tools-leaking-private/m-p/528546#M1718 LuisElolaPrev 2023-01-25T13:59:35Z