SpyCloud

Version: 1.0.1

SpyCloud recaptures data from the criminal underground to illuminate risk you didn’t even know you had across your enterprise, vendors, and customers — so your team can take immediate action.

Connect SpyCloud with Logichub

  1. Navigate to Automations > Integrations.
  2. Search for SpyCloud.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Api Token: Api Token to access SpyCloud.
  4. After you've entered all the details, click Connect.

Actions for SpyCloud

List or Query the Breach Catalog

List or Query the Breach Catalog

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Since

Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000

Optional

Until

Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000

Optional

Cursor

Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.

Optional

Query

Jinja-templated text containing query value to search the breach catalog for. For example, this could be the name of a malicious actor, or a domain name of breached website. Any contextual data part of our breach catalog is searchable. Example: hacked.

Optional

Output

JSON containing following items:

{
    "result": [
    {
      "title": "VPN Credentials for ABC Applicances",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "description": "description 123",
      "site_description": "site description 123",
      "site": "n/a",
      "confidence": 3,
      "id": 2345,
      "acquisition_date": "2022-02-28T00:00:00Z",
      "uuid": "477ae6bd-a79c-asdf-asdf-d9504d8f4c3a",
      "type": "PRIVATE",
      "num_records": 5634,
      "assets": {
        "ip_addresses": 34634,
        "username": 534,
        "email": 34634,
        "password": 34634
      }
    },
    {
      "title": "PCGame ABC",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "description": "description 321.",
      "site_description": "site description 321",
      "site": "example.com",
      "confidence": 3,
      "id": 1234,
      "acquisition_date": "2020-01-01T00:00:00Z",
      "combo_list_flag": "YES",
      "uuid": "53c744be-asdf-4cfa-asdf-40d020c7edbd",
      "type": "PRIVATE",
      "num_records": 3435,
      "assets": {
        "ip_addresses": 123,
        "username": 542,
        "email": 956,
        "password": 956,
        "salt": 956
      }
    }
  ],
    "error": null,
    "has_error": false
}

Get Catalog

Get/Retrieve Breach Catalog Information by ID

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Catalog Id

Jinja-templated text containing catalog id

Required

Output

JSON containing following items:

{
  "cursor": "",
  "has_error": false,
  "results": [
    {
      "title": "VPN Credentials for Sonis",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "description": "desc123.",
      "site_description": "desc1234.",
      "site": "n/a",
      "confidence": 3,
      "id": 1234,
      "acquisition_date": "2022-02-28T00:00:00Z",
      "uuid": "477ae6bd-a79c-asdf-8088-dasdf4d8f4c3a",
      "type": "PRIVATE",
      "num_records": 705,
      "assets": {
        "ip_addresses": 536,
        "username": 615,
        "email": 13,
        "password": 20
      }
    }
  ],
  "error": null,
  "hits": 3
}

Get Breach Data by Domain Search

Get Breach Data by Domain Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Domain

Jinja-templated text containing domain name to search for. Example: example.org

Required

Type

Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.

Optional

Cursor

Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.

Optional

Since

Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000

Optional

Until

Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000

Optional

Severity

Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20

Optional

Source ID

Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123

Optional

Salt

Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ

Optional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by Email Search

Get Breach Data by Email Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Email

Jinja-templated text containing email address to search for. Example: [email protected]

Required

Type

Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.

Optional

Cursor

Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.

Optional

Since

Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000

Optional

Until

Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000

Optional

Severity

Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20

Optional

Source ID

Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123

Optional

Salt

Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ

Optional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by IP Address

Get Breach Data by IP Address

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

IP address

Jinja-templated text containing IP address.

Required

Type

Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.

Optional

Cursor

Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.

Optional

Since

Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000

Optional

Until

Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000

Optional

Severity

Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20

Optional

Source ID

Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123

Optional

Salt

Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ

Optional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by Password Search

Get Breach Data by Password Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Password

Jinja-templated text containing password you wish to search for. Example: Examplepassword

Required

Type

Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.

Optional

Cursor

Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.

Optional

Since

Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000

Optional

Until

Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000

Optional

Severity

Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20

Optional

Source ID

Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123

Optional

Salt

Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ

Optional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data by Username Search

Get Breach Data by Username Search

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Username

Jinja-templated text containing username you wish to search for. Example: shortpatrick

Required

Type

Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.

Optional

Cursor

Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.

Optional

Since

Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000

Optional

Until

Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000

Optional

Severity

Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20

Optional

Source ID

Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123

Optional

Salt

Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ

Optional

Output

JSON containing following items:

{
  "cursor": "b9de32a4-4cdc-474d-ba3f-asdfasdf8c6d8",
  "has_error": false,
  "error": null,
  "hits": 28877,
  "results": [
    {
      "email": "[email protected]",
      "password": "asdfasdfasdlcNeDUmfgovPh.",
      "account_signup_time": "2013-09-14T10:42:19Z",
      "account_login_time": "2013-09-14T10:42:19Z",
      "ip_addresses": [
        "27.14.43.2"
      ],
      "source_id": 315,
      "password_plaintext": "567",
      "spycloud_publish_date": "2022-04-07T00:00:00Z",
      "email_domain": "aircaa.ca",
      "email_username": "michael.cor",
      "domain": "airca.ca",
      "password_type": "phss",
      "severity": 34,
      "document_id": "992eee59-6514-4cb1-ba21-dasdfasdfbb5c",
      "sighting": 1
    },
    {
      "user_browser": "Firefox",
      "password": "Flasdfv168",
      "source_id": 38324,
      "ip_addresses": [
        "70.80.2.3"
      ],
      "user_hostname": "LAPTOP-1D6988K5",
      "user_sys_registered_owner": "maho",
      "user_os": "Windows 10 Home",
      "display_resolution": "1920x1080",
      "infected_machine_id": "11e57699-3a01-4ccd-9c36-asdfadsf3c",
      "target_url": "fs.aircada.ca",
      "username": "ac0dff3",
      "infected_time": "2020-10-06T03:02:50Z",
      "spycloud_publish_date": "2022-03-31T00:00:00Z",
      "target_domain": "aircanada.ca",
      "password_type": "plaintext",
      "password_plaintext": "asdfsadfl168",
      "severity": 25,
      "document_id": "bdb41fc6-80b8-465a-ba61-d20asdfdsf229"
    }
  ]
}

Get Breach Data for Entire Watchlist

Get Breach Data for Entire Watchlist

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Type

Jinja-templated text containing type. The allowed values are 'corporate' for corporate records, and 'infected' for infected user records (from botnet data). If no value has been provided the API function will, by default, return all record types.

Optional

Watchlist Type

Jinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types.

Optional

Cursor

Jinja-templated text text containing token used for iterating through multiple pages of results. By default our API methods return up to 1,000 items per page. If the number of requested items is greater than 1,000 a cursor token is provided in the return payload. If set, you can use this value to iterate to the next page of results.

Optional

Since

Jinja-templated text containing start time, epoch timestamp in milliseconds to use in params for filter (Default is empty). e.g. 1587448800000

Optional

Until

Jinja-templated text containing end time, epoch timestamp in milliseconds to use in query for filter (Default is empty). e.g. 1587448800000

Optional

Severity

Jinja-templated text containing severity which allows you to filter based on the numeric severity code. Example: 20

Optional

Source ID

Jinja-templated text containing source id which allows you to filter based on a particular breach source. Example: 123

Optional

Salt

Jinja-templated text containing salt. If hashing is enabled for your API key, you have the option to provide a 10 to 24 character, high entropy salt otherwise the pre-configured salt will be used. Example: HFdxEbZylZ

Optional

Output

JSON containing following items:

{
  "cursor": "a489780e-d728-437a-9702-09fasdfsadfda",
  "has_error": false,
  "results": [
    {
      "password": "Adeolaasdfanada1",
      "source_id": 6123,
      "email": "[email protected]",
      "ip_addresses": [
        "15.2.1.39"
      ],
      "infected_path": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe",
      "user_sys_registered_owner": "BUISNESS",
      "country": "NIGERIA",
      "user_os": "Windows 10 Home x64",
      "keyboard_languages": "english (trinidad & tobago)",
      "infected_machine_id": "f53859d0-a0b7-44b8-9932-1asdfadsf43271",
      "target_url": "www.aircanada.com",
      "infected_time": "2022-04-04T20:16:30Z",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "email_domain": "gmail.com",
      "email_username": "tt002",
      "domain": "gmail.com",
      "target_domain": "aircanada.com",
      "password_type": "plaintext",
      "password_plaintext": "Adcanad",
      "country_code": "NG",
      "severity": 33,
      "document_id": "e9b14674-1d1a-47d8-b1a8-asdfasdf32f8a",
      "sighting": 1
    },
    {
      "password": "Marcandre_0929",
      "source_id": 38691,
      "email": "[email protected]",
      "ip_addresses": [
        "6.0.2.147"
      ],
      "infected_path": "C:\\Users\\boris\\Pictures\\Adobe Films\\W3guwt1jtcCfgE4oFFw_EmCh.exe",
      "user_sys_registered_owner": "boris",
      "country": "CANADA",
      "user_os": "Windows 10 Enterprise x64",
      "keyboard_languages": "english (united states)",
      "infected_machine_id": "cd1ff277-f8ac-4f42-a718-asdfasdf8f7d",
      "target_url": "www.aircanada.com",
      "infected_time": "2022-04-02T22:52:57Z",
      "spycloud_publish_date": "2022-04-14T00:00:00Z",
      "email_domain": "gmail.com",
      "email_username": "borra",
      "domain": "gmail.com",
      "target_domain": "aircanada.com",
      "password_type": "plaintext",
      "password_plaintext": "Masadf_df9",
      "country_code": "CA",
      "severity": 25,
      "document_id": "ac73156d-96f7-44d0-a34d-8asdfsdafc9",
      "sighting": 1
    }
  ],
  "error": null,
  "hits": 61234
}

List Watchlist Identifiers

List Watchlist Identifiers

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Watchlist Type

Jinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types.

Optional

Verified

Jinja-templated text containing verified which lets you filter results by verified status. The allowed values are 'yes' or 'no'. If no value has been provided, the API function will returns both verified and unverified identifiers.

Optional

Output

JSON containing following items:

{
  "cursor": "",
  "has_error": false,
  "results": [
    {
      "identifier_name": "aero.com",
      "identifier_type": "domain",
      "last_discovered": "2022-04-14T06:36:25Z",
      "status": "ACTIVE",
      "verified": "YES",
      "corporate_record_count": 3412,
      "infected_user_record_count": 524,
      "infected_employee_record_count": 0,
      "infected_consumer_record_count": 464
    },
    {
      "identifier_name": "aira.ca",
      "identifier_type": "domain",
      "last_discovered": "2022-04-07T01:25:12Z",
      "status": "ACTIVE",
      "verified": "YES",
      "corporate_record_count": 272349,
      "infected_user_record_count": 3451,
      "infected_employee_record_count": 45,
      "infected_consumer_record_count": 65
    }
  ],
  "error": null,
  "hits": 7
}

Get Watchlist Identifier By Name

Get Watchlist Identifier By Name

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Identifier

Jinja-templated text containing identifier.

Required

Output

JSON containing following items:

{
  "cursor": "",
  "has_error": false,
  "results": [
    {
      "identifier_name": "aero.com",
      "identifier_type": "domain",
      "last_discovered": "2022-04-14T06:36:25Z",
      "status": "ACTIVE",
      "verified": "YES",
      "corporate_record_count": 3412,
      "infected_user_record_count": 524,
      "infected_employee_record_count": 0,
      "infected_consumer_record_count": 464
    }
  ],
  "error": null,
  "hits": 7
}

Create Watchlist Identifier

Create Watchlist Identifier

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Identifier

Jinja-templated text containing identifier.

Required

Watchlist Type

Jinja-templated text containing watchlist type which lets you filter results for only emails or only domains on your watchlist. The allowed values are: ['email', 'domain', 'ip']. If no value has been provided, the API will return all watchlist types.

Required

Output

JSON containing following items:

{
  "has_error": false,
  "results": "Successfully created."
}

Delete Watchlist Identifier

Delete Watchlist Identifier.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Identifier

Jinja-templated text containing watchlist identifier to retrieve from your watchlist. Example: example.org

Required

Output

JSON containing following items:

{
  "has_error": false,
  "results": "Successfully deleted."
}

Verify Watchlist Identifier

Verify Watchlist Identifier.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Identifier

Jinja-templated text containing watchlist identifier to retrieve from your watchlist. Example: example.org

Required

Output

JSON containing following items:

{
  "has_error": false,
  "results": "Successfully verified."
}

Release Notes

  • v1.0.1 - Added 13 new actions: List Catalog, Get Catalog, Get Breach Data by Domain Search, Get Breach Data by Email Search, Get Breach Data by IP Address Search, Get Breach Data by Password Search, Get Breach Data by Username Search, Get Breach Data by Entire Watchlist, List Watchlist Identifiers, Get Watchlist Identifier By Name, Create Watchlist Identifier, Delete Watchlist Identifier and Verify Watchlist Identifier.

Did this page help you?