Hey community,

I have just started to implement a SOAR for below scenario and seeking advice on the same.

Obviously phishing emails do also contains images or buttons that takes us to a malicious URL. Now in my case, the URL is not directly malicious rather a captcha that if you solve will then take you to a malicious URL. I am thinking of if there's a way to command Secops SOAR to further check on a URL extracted from Image by solving captcha by itself?

I also need help to get the right parser for URL extraction from the image. Current, all I see is just domain.