Sooty is a tool that is designed for SOC analysts. Sooty is used to automate and increase workflow speed. This main use of this amazing tool is to perform routine checks that allow an analyst as much time as possible to spend on deeper analysis.
Features of SOC Analyst all-in-one CLI Tool
The Sooty tool has many great features, we can use these futures to do SOC Analysis tasks.
- The sooty tool can send sensitive URL’s within an email.
- You can also perform DNS lookups and reverse DNS with this tool.
- If you have an IP address and you can check that it is the TOR exit node or not. You can check it with Sooty.
- The Sooty has great functionality form which you can extract IP from emails.
- Another great future of this tool is that you can perform virus checks with:
- You can also perform URLs decoding with this tool. You cab decode URL’s like Base64 Strings, UTF-8 encoded URLs, Office SafeLink URLs.
- You can also perform email analysis with the sooty.
Guide to Install Sooty tool
If you want to install the this tool on your OS(Operating System). You have to do some efforts to make it run.
- First, install Python 3.x on your OS.
- Then install all dependencies included in the requirements.txt file with the command ” pip install -r requirements.txt “
- Now run the main file with python.
- If you want to perform reputation checks with VirusTotal, BadIP’s or Abuse IPDB, you need their API keys and have to replace the keys with your own API keys.
Download the sooty tool.