SpyCloud

Version: 1.0.1

SpyCloud recaptures data from the criminal underground to illuminate risk you didn’t even know you had across your enterprise, vendors, and customers — so your team can take immediate action.

Connect SpyCloud with Logichub

  1. Navigate to Automations > Integrations.
  2. Search for SpyCloud.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Api Token: Api Token to access SpyCloud.
  4. After you've entered all the details, click Connect.

Actions for SpyCloud

List or Query the Breach Catalog

List or Query the Breach Catalog

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
SinceJinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000Optional
UntilJinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000Optional
CursorJinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.Optional
QueryJinja-templated text containing query value to search the breach catalog for. For example, this could be the name of a malicious actor, or a domain name of breached website. Any contextual data part of our breach catalog is searchable. Example: hacked.Optional

Output

JSON containing following items:

{
    "result": [
    {
      "title": "VPN Credentials for ABC Applicances",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "description": "description 123",
      "site_description": "site description 123",
      "site": "n/a",
      "confidence": 3,
      "id": 2345,
      "acquisition_date": "2022-02-28T00:00:00Z",
      "uuid": "477ae6bd-a79c-asdf-asdf-d9504d8f4c3a",
      "type": "PRIVATE",
      "num_records": 5634,
      "assets": {
        "ip_addresses": 34634,
        "username": 534,
        "email": 34634,
        "password": 34634
      }
    },
    {
      "title": "PCGame ABC",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "description": "description 321.",
      "site_description": "site description 321",
      "site": "example.com",
      "confidence": 3,
      "id": 1234,
      "acquisition_date": "2020-01-01T00:00:00Z",
      "combo_list_flag": "YES",
      "uuid": "53c744be-asdf-4cfa-asdf-40d020c7edbd",
      "type": "PRIVATE",
      "num_records": 3435,
      "assets": {
        "ip_addresses": 123,
        "username": 542,
        "email": 956,
        "password": 956,
        "salt": 956
      }
    }
  ],
    "error": null,
    "has_error": false
}

Get Catalog

Get/Retrieve Breach Catalog Information by ID

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Catalog IdJinja-templated text containing catalog idRequired

Output

JSON containing following items:

{
  "cursor": "",
  "has_error": false,
  "results": [
    {
      "title": "VPN Credentials for Sonis",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "description": "desc123.",
      "site_description": "desc1234.",
      "site": "n/a",
      "confidence": 3,
      "id": 1234,
      "acquisition_date": "2022-02-28T00:00:00Z",
      "uuid": "477ae6bd-a79c-asdf-8088-dasdf4d8f4c3a",
      "type": "PRIVATE",
      "num_records": 705,
      "assets": {
        "ip_addresses": 536,
        "username": 615,
        "email": 13,
        "password": 20
      }
    }
  ],
  "error": null,
  "hits": 3
}

Get Breach Data by Domain Search

Get Breach Data by Domain Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
DomainJinja-templated text containing domain name to search for. Example: example.orgRequired
TypeJinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.Optional
CursorJinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.Optional
SinceJinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000Optional
UntilJinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000Optional
SeverityJinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20Optional
Source IDJinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123Optional
SaltJinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZOptional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by Email Search

Get Breach Data by Email Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
EmailJinja-templated text containing email address to search for. Example: [email protected]Required
TypeJinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.Optional
CursorJinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.Optional
SinceJinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000Optional
UntilJinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000Optional
SeverityJinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20Optional
Source IDJinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123Optional
SaltJinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZOptional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by IP Address

Get Breach Data by IP Address

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IP addressJinja-templated text containing IP address.Required
TypeJinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.Optional
CursorJinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.Optional
SinceJinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000Optional
UntilJinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000Optional
SeverityJinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20Optional
Source IDJinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123Optional
SaltJinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZOptional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by Password Search

Get Breach Data by Password Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
PasswordJinja-templated text containing password you wish to search for. Example: ExamplepasswordRequired
TypeJinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.Optional
CursorJinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.Optional
SinceJinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000Optional
UntilJinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000Optional
SeverityJinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20Optional
Source IDJinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123Optional
SaltJinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZOptional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by Username Search

Get Breach Data by Username Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
UsernameJinja-templated text containing username you wish to search for. Example: shortpatrickRequired
TypeJinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.Optional
CursorJinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.Optional
SinceJinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000Optional
UntilJinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000Optional
SeverityJinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20Optional
Source IDJinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123Optional
SaltJinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZOptional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data for Entire Watchlist

Get Breach Data for Entire Watchlist

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
TypeJinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.Optional
Watchlist TypeJinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types.Optional
CursorJinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.Optional
SinceJinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000Optional
UntilJinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000Optional
SeverityJinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20Optional
Source IDJinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123Optional
SaltJinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZOptional

Output

JSON containing following items:

{
  "cursor": "a489780e-d728-437a-9702-09fasdfsadfda",
  "has_error": false,
  "results": [
    {
      "password": "Adeolaasdfanada1",
      "source_id": 6123,
      "email": "[email protected]",
      "ip_addresses": [
        "15.2.1.39"
      ],
      "infected_path": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe",
      "user_sys_registered_owner": "BUISNESS",
      "country": "NIGERIA",
      "user_os": "Windows 10 Home x64",
      "keyboard_languages": "english (trinidad & tobago)",
      "infected_machine_id": "f53859d0-a0b7-44b8-9932-1asdfadsf43271",
      "target_url": "www.aircanada.com",
      "infected_time": "2022-04-04T20:16:30Z",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "email_domain": "gmail.com",
      "email_username": "tt002",
      "domain": "gmail.com",
      "target_domain": "aircanada.com",
      "password_type": "plaintext",
      "password_plaintext": "Adcanad",
      "country_code": "NG",
      "severity": 33,
      "document_id": "e9b14674-1d1a-47d8-b1a8-asdfasdf32f8a",
      "sighting": 1
    },
    {
      "password": "Marcandre_0929",
      "source_id": 38691,
      "email": "[email protected]",
      "ip_addresses": [
        "6.0.2.147"
      ],
      "infected_path": "C:\\Users\\boris\\Pictures\\Adobe Films\\W3guwt1jtcCfgE4oFFw_EmCh.exe",
      "user_sys_registered_owner": "boris",
      "country": "CANADA",
      "user_os": "Windows 10 Enterprise x64",
      "keyboard_languages": "english (united states)",
      "infected_machine_id": "cd1ff277-f8ac-4f42-a718-asdfasdf8f7d",
      "target_url": "www.aircanada.com",
      "infected_time": "2022-04-02T22:52:57Z",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "email_domain": "gmail.com",
      "email_username": "borra",
      "domain": "gmail.com",
      "target_domain": "aircanada.com",
      "password_type": "plaintext",
      "password_plaintext": "Masadf_df9",
      "country_code": "CA",
      "severity": 25,
      "document_id": "ac73156d-96f7-44d0-a34d-8asdfsdafc9",
      "sighting": 1
    }
  ],
  "error": null,
  "hits": 61234
}

List Watchlist Identifiers

List Watchlist Identifiers

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Watchlist TypeJinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types.Optional
VerifiedJinja-templated text containing verified which lets you filter results by verified status. The allowed values are 'yes' or 'no'. If no value has been provided, the API function will returns both verified and unverified identifiers.Optional

Output

JSON containing following items:

{
  "cursor": "",
  "has_error": false,
  "results": [
    {
      "identifier_name": "aero.com",
      "identifier_type": "domain",
      "last_discovered": "2022-04-14T06:36:25Z",
      "status": "ACTIVE",
      "verified": "YES",
      "corporate_record_count": 3412,
      "infected_user_record_count": 524,
      "infected_employee_record_count": 0,
      "infected_consumer_record_count": 464
    },
    {
      "identifier_name": "aira.ca",
      "identifier_type": "domain",
      "last_discovered": "2022-04-07T01:25:12Z",
      "status": "ACTIVE",
      "verified": "YES",
      "corporate_record_count": 272349,
      "infected_user_record_count": 3451,
      "infected_employee_record_count": 45,
      "infected_consumer_record_count": 65
    }
  ],
  "error": null,
  "hits": 7
}

Get Watchlist Identifier By Name

Get Watchlist Identifier By Name

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IdentifierJinja-templated text containing identifier.Required

Output

JSON containing following items:

{
  "cursor": "",
  "has_error": false,
  "results": [
    {
      "identifier_name": "aero.com",
      "identifier_type": "domain",
      "last_discovered": "2022-04-14T06:36:25Z",
      "status": "ACTIVE",
      "verified": "YES",
      "corporate_record_count": 3412,
      "infected_user_record_count": 524,
      "infected_employee_record_count": 0,
      "infected_consumer_record_count": 464
    }
  ],
  "error": null,
  "hits": 7
}

Create Watchlist Identifier

Create Watchlist Identifier

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IdentifierJinja-templated text containing identifier.Required
Watchlist TypeJinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types.Required

Output

JSON containing following items:

{
  "has_error": false,
  "results": "Successfully created."
}

Delete Watchlist Identifier

Delete Watchlist Identifier.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IdentifierJinja-templated text containing watchlist identifier to retrieve from your watchlist. Example: example.orgRequired

Output

JSON containing following items:

{
  "has_error": false,
  "results": "Successfully deleted."
}

Verify Watchlist Identifier

Verify Watchlist Identifier.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IdentifierJinja-templated text containing watchlist identifier to retrieve from your watchlist. Example: example.orgRequired

Output

JSON containing following items:

{
  "has_error": false,
  "results": "Successfully verified."
}

Release Notes

  • v1.0.1 - Added 13 new actions: List Catalog, Get Catalog, Get Breach Data by Domain Search, Get Breach Data by Email Search, Get Breach Data by IP Address Search, Get Breach Data by Password Search, Get Breach Data by Username Search, Get Breach Data by Entire Watchlist, List Watchlist Identifiers, Get Watchlist Identifier By Name, Create Watchlist Identifier, Delete Watchlist Identifier and Verify Watchlist Identifier.