Bulk Analyze
Learn how to bulk upload a list of defanged indicators and extract information from the results.
Bulk Analyze lets you check multiple indicators simultaneously - perfect for triaging large IP or domain lists, assessing suspicious infrastructure, or analyzing indicators from alerts, logs, and threat feeds.
Prerequisites
You need:
- A Validin Pro or Enterprise account
- A list of indicators (domains, IPs, URLs) in defanged or raw format
Run a bulk search
- In the Validin dashboard, click Bulk Analyze.
- Add your indicators, separated by spaces. Press enter for new lines.
Defanged indicatorsDefanged indicators have malicious characters replaced with safe alternatives (e.g.,
hxxp://instead ofhttp://). Validin automatically parses defanged indicators from your input, including from complete threat reports.
- Select Next to review extracted indicators.
Review results
Extracted indicators appear in a tabulated view with Indicator and Type columns.
- Select an indicator to open a slide-out panel containing additional information, including:
- Reputation
- Usage
- Geolocation
- Click any available link to pivot across other sources of information
Slide-out panel for a malicious IP address
- Use the checkboxes to select multiple indicators, and the icons on top of the table to:
- Export indicators and rows as a CSV
- Add selected indicators to an existing or new Project
Updated about 1 month ago