Flashpoint Ignite
Version: 1.0.0
Flashpoint Ignite is a threat intelligence platform that provides security teams with data, intelligence, and analytics to help them identify and respond to cyber threats, vulnerabilities, and physical security risks.
Connect Flashpoint Ignite with LogicHub
- Navigate to Automations > Integrations.
- Search for Flashpoint Ignite.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- API Key/Token: API key for Flashpoint Ignite Platform. It should have all the necessary permissions.
- After you've entered all the details, click Connect.
Actions for Flashpoint Ignite
List Notifications
Retrieves a list of all notifications.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Query IDs | Jinja-templated text containing IDs of queries, comma-separated list. Example : id1,id2,id3 | Optional |
| Asset IDs | Jinja-templated text containing IDs of assets, comma-separated list. Example : id1,id2,id3 | Optional |
| Origin | Jinja-templated text containing origin of the notification. | Optional |
| Asset IP | Jinja-templated text containing IP to filter notifications. | Optional |
| Asset Type | Jinja-templated text containing notification asset type. | Optional |
| Created After | Jinja-templated text containing created after param to fileter notification. Example "2023-10-16T23:59:45.400710Z" or "now-1d" | Optional |
| Created Before | Jinja-templated text containing created beofore param to fileter notification. Example "2023-10-17T23:59:45.400710Z" or "now" | Optional |
| Base Types | Jinja-templated text containing comma-separated list basetype used to filter. | Optional |
| Sources | Jinja-templated text containing comma-separated list of sources on the notification. Example: source1,source2,source3 | Optional |
| Status | Status of notification. (Default is None) | Optional |
| Is Read | Whether the notification has been read. (Default is No) | Optional |
| Recipient ID | Jinja-templated text containing ID of user that received the notification. | Optional |
| Tags | Jinja-templated text containing comma-separated list of tags. Example : tag1,tag2,tag3 | Optional |
| Limit | Jinja templated text containing the limit (Default is 25) | Optional |
| Explode Results | Explode each result in a separate row. (Default is No) | Optional |
Output
JSON containing the following items:
{
"result": [{
"id": "alert-12345",
"resource": {
"field1": "value1",
"field2": "value2"
},
"reason": {
"id": "reason-67890",
"name": "Critical Alert",
"text": "This alert was generated due to high CPU usage.",
"origin": "searches assets"
},
"entity": {
"fieldA": "valueA",
"fieldB": "valueB"
},
"status": "active",
"generated_at": "2024-11-29T10:15:30Z",
"created_at": "2024-11-28T14:05:00Z",
"tags": {
"tag1": "performance",
"tag2": "cpu"
},
"highlights": {
"highlight_text": "CPU usage exceeded 90%",
"data_type": "performance_metric",
"parent_data_type": "server_metrics"
},
"source": "AlertSource",
"is_read": false
}],
"error": null,
"has_error":false,
}
Get Notifications
Get a notification by Alert ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert ID | Jinja-templated text containing Alert ID. | Required |
| Recipient ID | Jinja-templated text containing ID of user that received the notification. | Optional |
Output
JSON containing the following items:
{
"result": {
"id": "alert-12345",
"resource": {
"field1": "value1",
"field2": "value2"
},
"reason": {
"id": "reason-67890",
"name": "Critical Alert",
"text": "This alert was generated due to high CPU usage.",
"origin": "searches assets"
},
"entity": {
"fieldA": "valueA",
"fieldB": "valueB"
},
"status": "active",
"generated_at": "2024-11-29T10:15:30Z",
"created_at": "2024-11-28T14:05:00Z",
"tags": {
"tag1": "performance",
"tag2": "cpu"
},
"highlights": {
"highlight_text": "CPU usage exceeded 90%",
"data_type": "performance_metric",
"parent_data_type": "server_metrics"
},
"source": "AlertSource",
"is_read": false
},
"error": null,
"has_error":false,
}
Release Notes
v1.0.0- initial release with actions -List NotificationsandGet Notification
Updated 5 days ago