Obsidian Stats logoObsidian Stats

SOC Toolkit

by Michael Massoni
5
4
3
2
1
Score: 53/100
Install Code

Description

The SOC Toolkit plugin provides cybersecurity professionals and SOC analysts with tools for IP reputation analysis and defanging directly within their notes. It scans IPv4 and IPv6 addresses, including defanged variants, and queries VirusTotal and AbuseIPDB APIs for reputation data. Results are cached locally to reduce API calls and displayed in a customizable format. Users can defang IPs in notes via commands or right-click menus, preserving original formatting. The plugin supports both full and last-dot defanging and integrates with the command palette and context menus for quick access.

Reviews

No reviews yet.

Stats

7
stars
571
downloads
0
forks
310
days
161
days
161
days
0
total PRs
0
open PRs
0
closed PRs
0
merged PRs
0
total issues
0
open issues
0
closed issues
0
commits

RequirementsExperimental

Latest Version

1.6.2
5 months ago

Changelog

Release Notes - v1.6.2

Bug Fixes

  • Context Menu IP Check: Fixed an issue where using "Check IP reputation" from the right-click menu on a selection with multiple IPs would only process the first IP. It now correctly processes all IPs in the highlighted selection.

Improvements

  • Result Indentation: Improved the formatting of reputation results.
    • If the IP address is in a bulleted list, the results are now indented with a tab to properly nest under the IP.
    • If the IP address is on a plain line, the results are bulleted at the same level.
See all version on GitHub

README file from

Github

SOC Toolkit for Obsidian

An Obsidian plugin that provides a collection of tools for SOC analysts and cybersecurity professionals. Currently includes IP reputation analysis using VirusTotal and AbuseIPDB APIs, and IP defanging.

Features

  • IP Reputation Analysis

    • Scans notes for both IPv4 and IPv6 addresses
    • Supports defanged IP addresses (e.g. 8[.]8[.]8[.]8 or 8.8.8[.]8)
    • Checks IP reputation using VirusTotal and AbuseIPDB APIs
    • Caches results to minimise API calls
    • Customisable output format for both APIs
    • Example output preview
    • Right-click context menu for quick IP checks
    • Command palette support for checking highlighted IPs

  • IP Defanging

    • Defang IPs in current note with a single command
    • Right-click menu option for defanging IPs
    • Supports both full defanging and last-dot defanging
    • Maintains original note formatting

Installation

You can now install this plugin directly from within Obsidian:

  1. Open Obsidian settings
  2. Go to "Community plugins"
  3. Click "Browse"
  4. Search for "SOC Toolkit"
  5. Click "Install" and then "Enable"

Configuration

Before you will be able to run IP reputation checks, you need to first configure your API keys:

  1. Get a VirusTotal API key from VirusTotal
  2. Get an AbuseIPDB API key from AbuseIPDB
  3. Open Obsidian settings
  4. Go to Community Plugins > SOC Toolkit
  5. Enter your API keys
  6. Click "Test keys" to ensure both API keys are valid and working
  7. (Recommended) Set your desired keybindings in Obsidian Hotkeys settings
  8. (Optional) Adjust the cache duration (default: 24 hours)

Usage

IP Reputation Analysis

  1. Open a note containing IP addresses (regular or defanged)
  2. Use one of the following methods to check IP reputation:
    • Press your defined hotkey for "Check IP reputation in current note"
    • Highlight IPs you wish to check, and then press your defined hotkey for "Check IP reputation in highlighted area"
    • Highlight IPs you wish to check, and then open right-click menu and select "Check IP Reputation"
    • Open the command palette (Ctrl/Cmd + P) and search for "Check IP reputation in current note"
  3. The plugin will add reputation data below each IP address. You can configure the output in the plugin settings.

IP Defanging

  1. Open a note containing IP addresses
  2. Use one of the following methods to defang IPs:
    • Press your defined hotkey for "Defang IPs in current note"
    • Right-click on an IP and select "Defang IP"
    • Open the command palette (Ctrl/Cmd + P) and search for "Defang IPs in current note"
  3. The plugin will defang the IP address(es) while maintaining the original formatting

Example

Before:

IPs involved in incident:
- 8.8.8.8
- 2001:4860:4860::8888

After running the plugin:

IPs involved in incident:
- 8[.]8[.]8[.]8
  - VirusTotal: 0/94 vendors flagged as malicious
  - AbuseIPDB: 0% confidence of abuse, last reported today
- 2001[:]4860[:]4860::8888
  - VirusTotal: 0/94 vendors flagged as malicious
  - AbuseIPDB: 0% confidence of abuse, last reported 66d ago

Privacy

This plugin:

  • Sends IP addresses to VirusTotal and AbuseIPDB for reputation checking
  • Stores API keys locally in your Obsidian settings
  • Caches results locally to minimise API calls

Roadmap

  • IP reputation checking
  • IP defanging
  • URL defanging
  • Domain/URL reputation analysis
  • File hash analysis

License

This project is licensed under the GPLv3 License - see the LICENSE file for details.

Sponsors