SpyCloud
Version: 2.0.0
SpyCloud recaptures data from the criminal underground to illuminate risk you didn’t even know you had across your enterprise, vendors, and customers — so your team can take immediate action.
Connect SpyCloud with Logichub
- Navigate to Automations > Integrations.
- Search for SpyCloud.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Api Token: Api Token to access SpyCloud.
- After you've entered all the details, click Connect.
Actions for SpyCloud
List or Query the Breach Catalog
List or Query the Breach Catalog
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Since | Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000 | Optional |
| Until | Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000 | Optional |
| Cursor | Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results. | Optional |
| Query | Jinja-templated text containing query value to search the breach catalog for. For example, this could be the name of a malicious actor, or a domain name of breached website. Any contextual data part of our breach catalog is searchable. Example: hacked. | Optional |
Output
JSON containing following items:
{
"result": [
{
"title": "VPN Credentials for ABC Applicances",
"spycloud_publish_date": "2022-04-14T00:00:00Z",
"description": "description 123",
"site_description": "site description 123",
"site": "n/a",
"confidence": 3,
"id": 2345,
"acquisition_date": "2022-02-28T00:00:00Z",
"uuid": "477ae6bd-a79c-asdf-asdf-d9504d8f4c3a",
"type": "PRIVATE",
"num_records": 5634,
"assets": {
"ip_addresses": 34634,
"username": 534,
"email": 34634,
"password": 34634
}
},
{
"title": "PCGame ABC",
"spycloud_publish_date": "2022-04-14T00:00:00Z",
"description": "description 321.",
"site_description": "site description 321",
"site": "example.com",
"confidence": 3,
"id": 1234,
"acquisition_date": "2020-01-01T00:00:00Z",
"combo_list_flag": "YES",
"uuid": "53c744be-asdf-4cfa-asdf-40d020c7edbd",
"type": "PRIVATE",
"num_records": 3435,
"assets": {
"ip_addresses": 123,
"username": 542,
"email": 956,
"password": 956,
"salt": 956
}
}
],
"error": null,
"has_error": false
}
Get Catalog
Get/Retrieve Breach Catalog Information by ID
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Catalog Id | Jinja-templated text containing catalog id | Required |
Output
JSON containing following items:
{
"cursor": "",
"has_error": false,
"results": [
{
"title": "VPN Credentials for Sonis",
"spycloud_publish_date": "2022-04-14T00:00:00Z",
"description": "desc123.",
"site_description": "desc1234.",
"site": "n/a",
"confidence": 3,
"id": 1234,
"acquisition_date": "2022-02-28T00:00:00Z",
"uuid": "477ae6bd-a79c-asdf-8088-dasdf4d8f4c3a",
"type": "PRIVATE",
"num_records": 705,
"assets": {
"ip_addresses": 536,
"username": 615,
"email": 13,
"password": 20
}
}
],
"error": null,
"hits": 3
}
Get Breach Data by Domain Search
Get Breach Data by Domain Search
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Domain | Jinja-templated text containing domain name to search for. Example: example.org | Required |
| Type | Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types. | Optional |
| Cursor | Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results. | Optional |
| Since | Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000 | Optional |
| Until | Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000 | Optional |
| Severity | Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20 | Optional |
| Source ID | Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123 | Optional |
| Salt | Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ | Optional |
Output
JSON containing following items:
{
"cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
"has_error": false,
"error": null,
"hits": 28877,
"results": [
{
"email": "[email protected]",
"password": "asdfasdfasdlcNeDUmfgovPh.",
"account_signup_time": "2013-09-14T10:42:19Z",
"account_login_time": "2013-09-14T10:42:19Z",
"ip_addresses": [
"27.14.43.2"
],
"source_id": 315,
"password_plaintext": "567",
"spycloud_publish_date": "2022-04-07T00:00:00Z",
"email_domain": "aircaa.ca",
"email_username": "michael.cor",
"domain": "airca.ca",
"password_type": "phss",
"severity": 34,
"document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
"sighting": 1
},
{
"user_browser": "Firefox",
"password": "Flasdfv168",
"source_id": 38324,
"ip_addresses": [
"70.80.2.3"
],
"user_hostname": "LAPTOP-1D6988K5",
"user_sys_registered_owner": "maho",
"user_os": "Windows 10 Home",
"display_resolution": "1920x1080",
"infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
"target_url": "fs.aircada.ca",
"username": "ac0dff3",
"infected_time": "2020-10-06T03:02:50Z",
"spycloud_publish_date": "2022-03-31T00:00:00Z",
"target_domain": "aircanada.ca",
"password_type": "plaintext",
"password_plaintext": "asdfsadfl168",
"severity": 25,
"document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
}
]
}
Get Breach Data by Email Search
Get Breach Data by Email Search
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Jinja-templated text containing email address to search for. Example: [email protected] | Required | |
| Type | Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types. | Optional |
| Cursor | Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results. | Optional |
| Since | Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000 | Optional |
| Until | Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000 | Optional |
| Severity | Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20 | Optional |
| Source ID | Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123 | Optional |
| Salt | Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ | Optional |
Output
JSON containing following items:
{
"cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
"has_error": false,
"error": null,
"hits": 28877,
"results": [
{
"email": "[email protected]",
"password": "asdfasdfasdlcNeDUmfgovPh.",
"account_signup_time": "2013-09-14T10:42:19Z",
"account_login_time": "2013-09-14T10:42:19Z",
"ip_addresses": [
"27.14.43.2"
],
"source_id": 315,
"password_plaintext": "567",
"spycloud_publish_date": "2022-04-07T00:00:00Z",
"email_domain": "aircaa.ca",
"email_username": "michael.cor",
"domain": "airca.ca",
"password_type": "phss",
"severity": 34,
"document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
"sighting": 1
},
{
"user_browser": "Firefox",
"password": "Flasdfv168",
"source_id": 38324,
"ip_addresses": [
"70.80.2.3"
],
"user_hostname": "LAPTOP-1D6988K5",
"user_sys_registered_owner": "maho",
"user_os": "Windows 10 Home",
"display_resolution": "1920x1080",
"infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
"target_url": "fs.aircada.ca",
"username": "ac0dff3",
"infected_time": "2020-10-06T03:02:50Z",
"spycloud_publish_date": "2022-03-31T00:00:00Z",
"target_domain": "aircanada.ca",
"password_type": "plaintext",
"password_plaintext": "asdfsadfl168",
"severity": 25,
"document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
}
]
}
Get Breach Data by IP Address
Get Breach Data by IP Address
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| IP address | Jinja-templated text containing IP address. | Required |
| Type | Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types. | Optional |
| Cursor | Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results. | Optional |
| Since | Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000 | Optional |
| Until | Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000 | Optional |
| Severity | Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20 | Optional |
| Source ID | Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123 | Optional |
| Salt | Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ | Optional |
Output
JSON containing following items:
{
"cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
"has_error": false,
"error": null,
"hits": 28877,
"results": [
{
"email": "[email protected]",
"password": "asdfasdfasdlcNeDUmfgovPh.",
"account_signup_time": "2013-09-14T10:42:19Z",
"account_login_time": "2013-09-14T10:42:19Z",
"ip_addresses": [
"27.14.43.2"
],
"source_id": 315,
"password_plaintext": "567",
"spycloud_publish_date": "2022-04-07T00:00:00Z",
"email_domain": "aircaa.ca",
"email_username": "michael.cor",
"domain": "airca.ca",
"password_type": "phss",
"severity": 34,
"document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
"sighting": 1
},
{
"user_browser": "Firefox",
"password": "Flasdfv168",
"source_id": 38324,
"ip_addresses": [
"70.80.2.3"
],
"user_hostname": "LAPTOP-1D6988K5",
"user_sys_registered_owner": "maho",
"user_os": "Windows 10 Home",
"display_resolution": "1920x1080",
"infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
"target_url": "fs.aircada.ca",
"username": "ac0dff3",
"infected_time": "2020-10-06T03:02:50Z",
"spycloud_publish_date": "2022-03-31T00:00:00Z",
"target_domain": "aircanada.ca",
"password_type": "plaintext",
"password_plaintext": "asdfsadfl168",
"severity": 25,
"document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
}
]
}
Get Breach Data by Password Search
Get Breach Data by Password Search
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Password | Jinja-templated text containing password you wish to search for. Example: Examplepassword | Required |
| Type | Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types. | Optional |
| Cursor | Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results. | Optional |
| Since | Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000 | Optional |
| Until | Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000 | Optional |
| Severity | Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20 | Optional |
| Source ID | Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123 | Optional |
| Salt | Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ | Optional |
Output
JSON containing following items:
{
"cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
"has_error": false,
"error": null,
"hits": 28877,
"results": [
{
"email": "[email protected]",
"password": "asdfasdfasdlcNeDUmfgovPh.",
"account_signup_time": "2013-09-14T10:42:19Z",
"account_login_time": "2013-09-14T10:42:19Z",
"ip_addresses": [
"27.14.43.2"
],
"source_id": 315,
"password_plaintext": "567",
"spycloud_publish_date": "2022-04-07T00:00:00Z",
"email_domain": "aircaa.ca",
"email_username": "michael.cor",
"domain": "airca.ca",
"password_type": "phss",
"severity": 34,
"document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
"sighting": 1
},
{
"user_browser": "Firefox",
"password": "Flasdfv168",
"source_id": 38324,
"ip_addresses": [
"70.80.2.3"
],
"user_hostname": "LAPTOP-1D6988K5",
"user_sys_registered_owner": "maho",
"user_os": "Windows 10 Home",
"display_resolution": "1920x1080",
"infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
"target_url": "fs.aircada.ca",
"username": "ac0dff3",
"infected_time": "2020-10-06T03:02:50Z",
"spycloud_publish_date": "2022-03-31T00:00:00Z",
"target_domain": "aircanada.ca",
"password_type": "plaintext",
"password_plaintext": "asdfsadfl168",
"severity": 25,
"document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
}
]
}
Get Breach Data by Username Search
Get Breach Data by Username Search
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Username | Jinja-templated text containing username you wish to search for. Example: shortpatrick | Required |
| Type | Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types. | Optional |
| Cursor | Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results. | Optional |
| Since | Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000 | Optional |
| Until | Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000 | Optional |
| Severity | Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20 | Optional |
| Source ID | Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123 | Optional |
| Salt | Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ | Optional |
Output
JSON containing following items:
{
"cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
"has_error": false,
"error": null,
"hits": 28877,
"results": [
{
"email": "[email protected]",
"password": "asdfasdfasdlcNeDUmfgovPh.",
"account_signup_time": "2013-09-14T10:42:19Z",
"account_login_time": "2013-09-14T10:42:19Z",
"ip_addresses": [
"27.14.43.2"
],
"source_id": 315,
"password_plaintext": "567",
"spycloud_publish_date": "2022-04-07T00:00:00Z",
"email_domain": "aircaa.ca",
"email_username": "michael.cor",
"domain": "airca.ca",
"password_type": "phss",
"severity": 34,
"document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
"sighting": 1
},
{
"user_browser": "Firefox",
"password": "Flasdfv168",
"source_id": 38324,
"ip_addresses": [
"70.80.2.3"
],
"user_hostname": "LAPTOP-1D6988K5",
"user_sys_registered_owner": "maho",
"user_os": "Windows 10 Home",
"display_resolution": "1920x1080",
"infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
"target_url": "fs.aircada.ca",
"username": "ac0dff3",
"infected_time": "2020-10-06T03:02:50Z",
"spycloud_publish_date": "2022-03-31T00:00:00Z",
"target_domain": "aircanada.ca",
"password_type": "plaintext",
"password_plaintext": "asdfsadfl168",
"severity": 25,
"document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
}
]
}
Get Breach Data for Entire Watchlist
Get Breach Data for Entire Watchlist
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Type | Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types. | Optional |
| Watchlist Type | Jinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types. | Optional |
| Cursor | Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results. | Optional |
| Since | Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000 | Optional |
| Until | Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000 | Optional |
| Severity | Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20 | Optional |
| Source ID | Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123 | Optional |
| Salt | Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ | Optional |
Output
JSON containing following items:
{
"cursor": "a489780e-d728-437a-9702-09fasdfsadfda",
"has_error": false,
"results": [
{
"password": "Adeolaasdfanada1",
"source_id": 6123,
"email": "[email protected]",
"ip_addresses": [
"15.2.1.39"
],
"infected_path": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe",
"user_sys_registered_owner": "BUISNESS",
"country": "NIGERIA",
"user_os": "Windows 10 Home x64",
"keyboard_languages": "english (trinidad & tobago)",
"infected_machine_id": "f53859d0-a0b7-44b8-9932-1asdfadsf43271",
"target_url": "www.aircanada.com",
"infected_time": "2022-04-04T20:16:30Z",
"spycloud_publish_date": "2022-04-14T00:00:00Z",
"email_domain": "gmail.com",
"email_username": "tt002",
"domain": "gmail.com",
"target_domain": "aircanada.com",
"password_type": "plaintext",
"password_plaintext": "Adcanad",
"country_code": "NG",
"severity": 33,
"document_id": "e9b14674-1d1a-47d8-b1a8-asdfasdf32f8a",
"sighting": 1
},
{
"password": "Marcandre_0929",
"source_id": 38691,
"email": "[email protected]",
"ip_addresses": [
"6.0.2.147"
],
"infected_path": "C:\\Users\\boris\\Pictures\\Adobe Films\\W3guwt1jtcCfgE4oFFw_EmCh.exe",
"user_sys_registered_owner": "boris",
"country": "CANADA",
"user_os": "Windows 10 Enterprise x64",
"keyboard_languages": "english (united states)",
"infected_machine_id": "cd1ff277-f8ac-4f42-a718-asdfasdf8f7d",
"target_url": "www.aircanada.com",
"infected_time": "2022-04-02T22:52:57Z",
"spycloud_publish_date": "2022-04-14T00:00:00Z",
"email_domain": "gmail.com",
"email_username": "borra",
"domain": "gmail.com",
"target_domain": "aircanada.com",
"password_type": "plaintext",
"password_plaintext": "Masadf_df9",
"country_code": "CA",
"severity": 25,
"document_id": "ac73156d-96f7-44d0-a34d-8asdfsdafc9",
"sighting": 1
}
],
"error": null,
"hits": 61234
}
List Watchlist Identifiers
List Watchlist Identifiers
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Watchlist Type | Jinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types. | Optional |
| Verified | Jinja-templated text containing verified which lets you filter results by verified status. The allowed values are 'yes' or 'no'. If no value has been provided, the API function will returns both verified and unverified identifiers. | Optional |
Output
JSON containing following items:
{
"cursor": "",
"has_error": false,
"results": [
{
"identifier_name": "aero.com",
"identifier_type": "domain",
"last_discovered": "2022-04-14T06:36:25Z",
"status": "ACTIVE",
"verified": "YES",
"corporate_record_count": 3412,
"infected_user_record_count": 524,
"infected_employee_record_count": 0,
"infected_consumer_record_count": 464
},
{
"identifier_name": "aira.ca",
"identifier_type": "domain",
"last_discovered": "2022-04-07T01:25:12Z",
"status": "ACTIVE",
"verified": "YES",
"corporate_record_count": 272349,
"infected_user_record_count": 3451,
"infected_employee_record_count": 45,
"infected_consumer_record_count": 65
}
],
"error": null,
"hits": 7
}
Get Watchlist Identifier By Name
Get Watchlist Identifier By Name
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Identifier | Jinja-templated text containing identifier. | Required |
Output
JSON containing following items:
{
"cursor": "",
"has_error": false,
"results": [
{
"identifier_name": "aero.com",
"identifier_type": "domain",
"last_discovered": "2022-04-14T06:36:25Z",
"status": "ACTIVE",
"verified": "YES",
"corporate_record_count": 3412,
"infected_user_record_count": 524,
"infected_employee_record_count": 0,
"infected_consumer_record_count": 464
}
],
"error": null,
"hits": 7
}
Create Watchlist Identifier
Create Watchlist Identifier
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Identifier | Jinja-templated text containing identifier. | Required |
| Watchlist Type | Jinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types. | Required |
Output
JSON containing following items:
{
"has_error": false,
"results": "Successfully created."
}
Delete Watchlist Identifier
Delete Watchlist Identifier.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Identifier | Jinja-templated text containing watchlist identifier to retrieve from your watchlist. Example: example.org | Required |
Output
JSON containing following items:
{
"has_error": false,
"results": "Successfully deleted."
}
Verify Watchlist Identifier
Verify Watchlist Identifier.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Identifier | Jinja-templated text containing watchlist identifier to retrieve from your watchlist. Example: example.org | Required |
Output
JSON containing following items:
{
"has_error": false,
"results": "Successfully verified."
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.0.1- Added 13 new actions:List Catalog,Get Catalog,Get Breach Data by Domain Search,Get Breach Data by Email Search,Get Breach Data by IP Address Search,Get Breach Data by Password Search,Get Breach Data by Username Search,Get Breach Data by Entire Watchlist,List Watchlist Identifiers,Get Watchlist Identifier By Name,Create Watchlist Identifier,Delete Watchlist IdentifierandVerify Watchlist Identifier.
Updated 6 months ago