service_manifest.yml

name: URLDownloader
version: $SERVICE_TAG
description: This service downloads potentially malicious URLs.

accepts: .*
rejects: empty|metadata/.*

stage: POST
category: Internet Connected

file_required: false
timeout: 300
disable_cache: false

enabled: true
is_external: true
licence_count: 0
uses_tag_scores: true
uses_metadata: true
uses_temp_submission_data: true

submission_params:
  - default: 300
    name: minimum_maliciousness
    value: 300
    type: int
  - default: "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
    name: user_agent
    value: "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
    type: str
  - default: false
    name: analyze_submitted_url
    value: false
    type: bool

config:
  proxy: {}
  headers: {}
  timeout_per_request: 10

heuristics:
  - heur_id: 1
    name: Downloader
    score: 1000
    filetype: .*
    description: URL that drops a malicious payload

  - heur_id: 2
    name: Redirection
    score: 0
    filetype: .*
    description: URL contains redirects

docker_config:
  image: ${REGISTRY}cccs/assemblyline-service-urldownloader:$SERVICE_TAG
  cpu_cores: 1
  ram_mb: 512
  allow_internet_access: true