Silent Push
App Vendor: Silent Push
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.0
API Version: v1
About App
The Silent Push app enriches your security operations with high-fidelity threat intelligence. Analyzing domains and IPv4 addresses to generate reputational scores, it allows analysts to contextualize alerts and validate potential threats within their existing workflows.
The Silent Push app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Indicators to Feed | This action adds a list of indicators to an existing Silent Push feed. |
Add Tags to Feed | This action adds one or more tags to an existing Silent Push feed. |
Bulk Enrich Domains | This action retrieves enrichment details and reputation scores for multiple domains in a single request. |
Bulk Enrich IP Addresses | This action retrieves enrichment details and reputational scores for multiple IP addresses in a single request. |
Bulk Retrieve Domain Information | This action retrieves detailed information for multiple domains in a single request. |
Bulk Retrieve Domain Risk Scores | This action retrieves the silent push risk score for multiple domains in a single request. |
Check Job Status | This action retrieves the results of a completed job or the current status of a running job. |
Create Feed | This action creates a new feed in Silent Push and returns the unique feed UUID. |
Download IOC Data | This action downloads a file containing Indicators of Compromise (IOCs) using a pre-generated Silent Push export URL. |
Enrich Indicator | This action retrieves enrichment data and reputational scores for a specific Indicator of Compromise (IOC), such as a domain or IP address. |
Get ASN Takedown Reputation | This action retrieves the takedown reputation score for a specific Autonomous System Number (ASN), indicating how effectively the ASN handles takedown requests. |
Get Domain ASNs | This action retrieves the Autonomous System Numbers (ASNs) associated with a domain's records from the last 30 days, including subdomains. |
Get Domain Certificates | This action retrieves the SSL certificate information for a given domain. |
Get Domain Information | This action retrieves detailed information for a specific domain name. |
Get Domain WHOIS Information | This action retrieves previously collected WHOIS information for a specified domain. |
Get Feed Details | This action retrieves the metadata and configuration details of a specific feed, such as its name, description, and source. |
Get Indicators of Future Attack | This action retrieves Indicators of Future Attacks (IOFA) from a specific feed, helping to identify potential threats before they launch. |
Get Infrastructure Reputation | This action retrieves reputation scores and details for a specific IPv4 address, subnet, or Autonomous System Number (ASN). |
Get IP Diversity Lookup Results | This action retrieves IP diversity information, representing the number of IP addresses a DNS record has pointed to over time. |
Get IP Information | This action retrieves detailed information for a specific IPv4 or IPv6 address, including ASN details and risk scores. |
Get IPv4 Reputation History | This action retrieves the historical reputation scores for a specified IPv4 address. |
Get Mutli-Condition PADNS Lookup Results | This action retrieves reverse lookup data from Passive DNS records based on multiple matching conditions. |
Get Name Server Reputation | This action retrieves the reputation score and details for a specific name server, helping to identify infrastructure used for malicious activities. |
Get Name Server Reputation History | This action retrieves the reputation history for a specified name server. |
Get Subnet Reputation History | This action retrieves previously collected WHOIS information for a specified domain. |
List Feed Indicators | This action retrieves a list of all indicators within a specific feed or fetches detailed information for a single indicator if you provide a name. |
Lookup Forward DNS Records | This action retrieves forward DNS records for a specific domain name, supporting various record types such as A, AAAA, MX, and more. |
Lookup Infrastructure Density | This action retrieves density statistics (counts of associated records) for infrastructure entities like name servers, MX records, IPs, or ASNs. |
Lookup Reverse DNS Records | This action retrieves reverse DNS records (passive DNS) for a specific IP address. |
Run Live Scan | This action performs a real-time analysis of a target URL to capture its current state, including screenshots, redirection details, SSL data, and risk scores. |
Run Live Scan V2 | This action performs a real-time analysis of a target URL to capture its current state, including screenshots, redirection details, SSL data, and risk scores. |
Search ASNs | This action searches for Autonomous System Numbers (ASNs) using specific names, substrings, or numbers. |
Search Domains | This action searches for domains based on specific criteria, including name servers, WHOIS data, network details, and domain name patterns. |
Search IP Diversity Patterns | This action retrieves IP diversity pattern results from Passive DNS data. |
Search Scan Data using SPQL | This action searches the scan data using the Silent Push Query Language (SPQL). |
Update Indicator Tags | This action adds or updates the tags associated with a specific indicator within a Silent Push feed. |
Generic Action | This is a generic action used to make requests to any Silent Push endpoint. |
Configuration Parameters
The following configuration parameters are required for the Silent Push app to communicate with the Silent Push enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key required for authentication. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Silent Push. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in connection errors. | Boolean | Optional | Allowed values are true and false. By default, verification is enabled. |
Action: Add Indicators to Feed
This action adds a list of indicators to an existing Silent Push feed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed ID | Enter the unique UUID of the feed to update. Example: '88d596f8-2761-42f7-a593-b01a060864f5' | Text | Required | |
Indicators | Enter the list of indicators (domains, IPs, or URLs) to add to the feed. Example: $LIST[exampledomain1.com,exampledomain2.com] | List | Required |
Example Request
[
{
"feed_id": "88d596f8-2761-42f7-a593-b01a060864f5",
"indicators": [
"microsoft.com",
"google.com"
]
}
]Action: Add Tags to Feed
This action adds one or more tags to an existing Silent Push feed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed ID | Enter the unique UUID of the feed to update. Example: '88d596f8-2761-42f7-a593-b01a060864f5' | Text | Required | |
Tags | Enter the list of tags to add to the feed. Example: $list[malware, phishing] | List | Required |
Example Request
[
{
"tags": [
"domain",
"ip",
"test"
],
"feed_id": "88d596f8-2761-42f7-a593-b01a060864f5"
}
]Action: Bulk Enrich Domains
This action retrieves enrichment details and reputation scores for multiple domains in a single request.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Names | Enter the list of domain names as comma-separated values to analyze. You can provide up to 100 domains in a single request. Example: $LIST[exampledomain1.com,exampledomain2.com] | List | Required | |
Explain Score Calculation | Choose true if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: false |
Show Scan Data | Choose true if you want to include raw scan and host analysis data collected during domain enrichment in the response. | Boolean | Optional | Default value: false |
Example Request
[
{
"domain_names": [
"google.com",
"microsoft.com"
]
}
]Action: Bulk Enrich IP Addresses
This action retrieves enrichment details and reputational scores for multiple IP addresses in a single request.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Type | Choose the type of IP addresses you want to analyze. Example: ipv4 | Single-select | Required | Allowed values: ipv4 and ipv6 |
IP Addresses | Enter the list of IP addresses to analyze. Ensure all IPs in the list match the selected IP type. Example: $LIST[1.83.125.245, 1.168.167.42] | List | Required | |
Explain Score Calculation | Choose true if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: false |
Show Scan Data | Choose true if you want to include raw scan and host analysis data collected during domain enrichment in the response. | Boolean | Optional | Default value: false |
Example Request
[
{
"explain": true,
"ip_type": "ipv4",
"ip_addresses": [
"172.67.70.13",
"1.168.167.42"
],
"show_scan_data": true
}
]Action: Bulk Retrieve Domain Information
This action retrieves detailed information for multiple domains in a single request.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Names | Enter the list of domain names to retrieve information for. Example: $LIST[exampledomain1.com,exampledomain2.com] | List | Required |
Example Request
[
{
"domain_names": [
"google.com",
"microsoft.com",
"silentpush.com"
]
}
]Action: Bulk Retrieve Domain Risk Scores
This action retrieves the Silent Push risk score for multiple domains in a single request.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Names | Enter the list of domain names to analyze. You can provide up to 100 domains in a single request. Example: $LIST[exampledomain1.com,exampledomain2.com]. | List | Required |
Example Request
[
{
"domain_names": [
"google.com",
"microsoft.com",
"silentpush.com"
]
}
]Action: Check Job Status
This action retrieves the results of a completed job or the current status of a running job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the unique UUID of the job to check. Example: '6901cc92-0f6e-4537-9a40-12f530d6993d' | Text | Required | |
Max Waiting Time | Enter the maximum time (in seconds) to wait for results before returning the status. | Integer | Optional | Allowed range: 0-25 Default value: 25 |
Retrieve Status Only | Choose true if you want to retrieve only the job status, even if results are available. | Boolean | Optional | Default value: false |
Force Retrieve Metadata | Choose true if you want to force the inclusion of query metadata in the response, regardless of the original request settings. | Boolean | Optional | Default value: false |
Action: Create Feed
This action creates a new feed in Silent Push and returns the unique feed UUID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed Name | Enter the name of the feed. Example: critical threat feed | Text | Required | |
Feed Type | Choose the type of indicators that this feed will contain. | Single-select | Required | Allowed values: domain, IP, and URL |
Extra Fields | Enter additional feed properties as key-value pairs. Example: {"source" : "customer_import"} | Key Value | Optional | Valid keys: 'description' and 'source' |
Example Request
[
{
"feed_name": "Test Feed 5",
"feed_type": "ip",
"extra_fields": {
"description": "Created From CO Playbooks"
}
}
]Action: Download IOC Data
This action downloads a file containing Indicators of Compromise (iocs) using a pre-generated Silent Push export URL.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Export URL | Enter the Silent Push export URL to retrieve data from. Example: 'https://app.silentpush.com/api/v1/export/iofa-exports/export_file.csv' | Text | Required | |
File Name | Enter the desired name for the downloaded file, including the extension. Example: threat_data.csv | Text | Required |
Example Request
[
{
"url": "https://app.silentpush.com/api/v1/export/iofa-exports/cve_exploitation_react2shell_ips.csv",
"file_name": "react2shell.csv"
}
]Action: Enrich Indicator
This action retrieves enrichment data and reputational scores for a specific Indicator of Compromise (ioc), such as a domain or IP address.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IOC Type | Choose the type of Indicator of Compromise (IOC) to analyze. for example, domain | Single-select | Required | Allowed values: domain, ipv4, and ipv6 |
IOC Value | Enter the domain name or an IP address to analyze. Example: 'google.com' or '1.83.125.245'. | Text | Required | |
Explain Score Calculation | Choose true if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: false |
Show Scan Data | Choose true if you want to include raw scan and host analysis data collected during IOC enrichment in the response. | Boolean | Optional | Default value: false |
Example Request
[
{
"explain": true,
"ioc_type": "ipv4",
"ioc_value": "1.168.167.42",
"show_scan_data": true
}
]Action: Get ASN Takedown Reputation
This action retrieves the takedown reputation score for a specific Autonomous System Number (ASN), indicating how effectively the asn handles takedown requests.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
AS Number | Enter the Autonomous System Number (ASN) to retrieve its takedown reputation score. Example: 21312 | Integer | Required | |
Explain Score Calculation | Choose true if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: false |
Example Request
[
{
"asn": "as21312"
}
]Action: Get Domain ASNs
This action retrieves the Autonomous System Numbers (ASNs) associated with a domain's a records from the last 30 days, including subdomains.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Name | Enter the domain name to retrieve ASNs associated with its a records. Example: exampledomain.com | Text | Required |
Example Request
[
{
"domain_name": "google.com"
}
]Action: Get Domain Certificates
This action retrieves the SSL certificate information for a given domain.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Name | Enter the name of the domain to retrieve SSL certificate information for. Wildcards (*) are supported. Example: silentpush.com. | Text | Optional | |
Domain Regex | Enter a valid RE2 regular expression to match domains. If provided, this parameter takes precedence over the Domain Name field. | Text | Optional | |
Certificate Issuer | Enter the certificate issuer name to filter results. Wildcards (*) are supported and spaces can be represented by '+'. | Text | Optional | |
Issued After (Date Min) | Enter the earliest issuance date (in YYYY-MM-DD format) to filter for certificates issued on or after this date. Example: 2021-07-09 | Text | Optional | |
Issued Before (Date Max) | Enter the latest issuance date (in YYYY-MM-DD format) to filter for certificates issued on or before this date. Example: 2021-07-09 | Text | Optional | |
Limit | Enter the maximum number of results to return. Example: 100 | Integer | Optional | |
Skip | Enter the number of results to skip (offset) for pagination. | Integer | Optional | |
Include Metadata | Choose True if you want to include metadata, such as job_id, in the response. | Boolean | Optional | Default value: false.\ |
Extra Params | Enter any additional query parameters as a dictionary. Allowed values are prefer, max_wait and more. | Key Value | Optional | Allowed values: prefer, max_wait, domain, domain_regex, cert_issuer, date_min, date_max, limit, skip, and with_metadata |
Action: Get Domain Information
This action retrieves detailed information for a specific domain name.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Name | Enter the domain name to retrieve information for. Example: exampledomain.com. | Text | Required |
Example Request
[
{
"domain_name": "silentpush.com"
}
]Action: Get Domain WHOIS Information
This action retrieves previously collected WHOIS information for a specified domain.
Action Input Parameter
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Name | Enter the name of the domain to retrieve WHOIS information for. Example: silentpush.com | Text | Required |
Example Request
[
{
"domain_name": "silentpush.com"
}
]Action: Get Feed Details
This action retrieves the metadata and configuration details of a specific feed, such as its name, description, and source.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed ID | Enter the unique UUID of the feed to retrieve. Example: 88d596f8-2761-42f7-a593-b01a060864f5 | Text | Required |
Example Request
[
{
"feed_id": "88d596f8-2761-42f7-a593-b01a060864f5"
}
]Action: Get Indicators of Future Attack
This action retrieves Indicators of Future Attacks (IOFA) from a specific feed, helping to identify potential threats before they launch.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed UUID | Enter the unique UUID of the feed to retrieve indicators from. Example: '88d596f8-2761-42f7-a593-b01a060864f5' | Text | Required | |
Limit | Enter the maximum number of results to return. | Integer | Optional | |
Distinct | Choose true if you want to return only distinct indicators. | Boolean | Optional | |
Extra params | Enter additional query parameters as key-value pairs. Example: key: 'order', value: '-total_ioc,-total_source_score' | Key Value | Optional | Valid keys: 'order', 'page', and 'state'. |
Example Request
[
{
"feed_uuid": "e37fce0b-f5f9-4a8b-a6cf-b9a088b2e099",
"extra_params": {}
}
]Action: Get IPv4 Reputation History
This action retrieves the historical reputation scores for a specified IPv4 address.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IPv4 Address | Enter the IPv4 address to retrieve historical reputation data for. Example: 172.67.70.13 | Text | Required | |
Limit | Enter the maximum number of results to return. Example: 100 | Integer | Optional | |
Explain Score Calculation | Choose True if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: False |
Example Request
[
{
"explain": true,
"ip_address": "91.213.50.101"
}
]Action: Get Infrastructure Reputation
This action retrieves reputation scores and details for a specific IPv4 address, subnet, or Autonomous System Number (ASN).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Entity Type | Choose the type of infrastructure entity to analyze. | Single-select | Required | Allowed values are IPv4, subnet, and asn. |
Entity Value | Enter the value corresponding to the selected entity type. Example: an ip address ('172.67.70.13'), a subnet base address, or an asn ('15169'). | Text | Required | |
Subnet Mask | Enter the subnet mask in cidr notation. Example: 24 | Text | Optional | This is required only if the entity type is a subnet. |
Explain Score Calculation | Choose true if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | The default value is false. |
Action: Get IP Diversity Lookup Results
This action retrieves IP diversity information, representing the number of IP addresses a DNS record has pointed to over time.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Value | Enter the name of the A or AAAA record to perform the diversity lookup for. | Text | Required | |
Query Type | Enter the type of DNS record to retrieve. Allowed values are A or AAAA. | Single-select | Optional | The default value is A. |
Record Window | Enter the number of days to use for the lookup to filter recently viewed records. | Integer | Optional | The default value is 30. |
Scope | Enter the matching scope for the results. | Text | Optional | The default value is live if you set Verbose or Timeline parameters to true. Allowed values depend on the Query Type. |
Verbose | Select True to return all available data, including IPs, dates, and full timelines. | Boolean | Optional | The default value is false. |
Timeline | Choose True if you want to include a timeline of IP addresses and their first/last seen timestamps. | Boolean | Optional | The default value is false. |
Include ASN Diversity | Choose True if you want to include ASN diversity in the response. | Boolean | Optional |
Example Request
[
{
"verbose": false,
"timeline": false,
"include_asn": false,
"record_value": "silentpush.com"
}
]Action: Get IP Information
This action retrieves detailed information for a specific IPv4 or IPv6 address, including ASN details and risk scores.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Type | Enter the type of IP address to analyze. | Single-select | Required | Allowed values: 'ipv4' and 'ipv6' |
IP Address | Enter the IP address to retrieve details for. Example: '172.67.70.13' or '2606:4700:4700::1111'. | Text | Required | |
Explain Score Calculation | Choose true if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: false |
Sparse Fields | Enter a comma-separated list of specific fields to return, limiting the response size. | Text | Optional | Valid values include 'asn', 'asname', and 'sp_risk_score'. |
Example Request
[
{
"explain": true,
"ip_type": "ipv4",
"ip_value": "172.67.70.13"
}
]Action: Get Multi-Condition PADNS Lookup Results
This action retrieves reverse lookup data from Passive DNS records based on multiple matching conditions.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Name | Enter the domain name or IP address to lookup as the primary query. Wildcards (*) are supported. Example: *.example.com | Text | Required | |
Query Answer | Enter the query answer to match against the query name in Passive DNS records. Example: *.example.com | Text | Required | This can be a domain name, IPv4 address, or IPv6 address. Wildcards (*) are supported. |
Query Type | Select the type of DNS record to retrieve. | Single-select | Optional | Allowed values are a, aaaa, cname, mx, ns, txt, ptr4, or ptr6. Default value is a |
Limit | Enter the maximum number of results to return. Example: 100 | Integer | Optional | |
Extra Params | Enter any additional query parameters as a dictionary. | Key Value | Optional | Allowed values: first_seen_after, first_seen_before, last_seen_after, last_seen_before, match, name, netmask, net, network, asnum, asn, asname, asname_starts_with, asname_contains, as_of, sort, output_format, limit, , skip, prefer, max_wait, and with_metadata. |
Example Request
[
{
"record_type": "ns",
"extra_params": {},
"ip_address_1": "sil*push.*",
"ip_address_2": "*.ns.cloudflare.com"
}
]Action: Get Name Server Reputation
This action retrieves the reputation score and details for a specific name server, helping to identify infrastructure used for malicious activities.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name Server | Enter the domain name of the name server to analyze. Example: henry.ns.cloudflare.com or a.dns-servers.net.ru | Text | Required | |
Explain Score Calculation | Choose true if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: false |
Example Request
[
{
"explain": true,
"nameserver": "henry.ns.cloudflare.com"
}
]Action: Get Name Server Reputation History
This action retrieves the reputation history for a specified name server.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name Server | Enter the domain name of the name server to retrieve historical data for. Example: henry.ns.cloudflare.com or a.dns-servers.net.ru | Text | Required | |
Limit | Enter the maximum number of results to return. Example: 100 | Integer | Optional | |
Explain Score Calculation | Choose True if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: False |
Example Request
[
{
"nameserver": "john.doe.cloudflare.com"
}
]Action: Get Subnet Reputation History
This action retrieves the historical reputation scores for a specified IPv4 subnet.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Subnet | Enter the IPv4 subnet address (without the mask) to retrieve historical data for. Example: 192.168.1.0 | Text | Required | |
Mask | Enter the subnet mask to define the network prefix. Example: 24 | Integer | Required | |
Limit | Enter the maximum number of results to return. Example: 100 | Integer | Optional | |
Explain Score Calculation | Choose True if you want to include a detailed breakdown of the data used to calculate the reputational scores in the response. | Boolean | Optional | Default value: False |
Example Request
[
{
"mask": "23",
"subnet": "192.35.168.0",
"explain": true
}
]Action: List Feed Indicators
This action retrieves a list of all indicators within a specific feed or fetches detailed information for a single indicator if you provide a name.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed ID | Enter the unique UUID of the feed to retrieve indicators from. Example: '88d596f8-2761-42f7-a593-b01a060864f5' | Text | Required | |
Indicator Name | Enter the specific indicator value to retrieve its detailed information. Example: exampledomain.com | Text | Optional |
Example Request
[
{
"feed_id": "88d596f8-2761-42f7-a593-b01a060864f5"
}
]Action: Lookup Forward DNS Records
This action retrieves forward DNS records for a specific domain name, supporting various record types such as a, aaaa, mx, and more.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain Name | Enter the domain name to query. Wildcards (*) are supported to find matching records. Example: `exampledomain.com` or `example2*domain.com*`. | Text | Required | |
Record Type | Choose the type of DNS record to retrieve. | Single-select | Optional | Allowed values: a, aaaa, cname, mx, ns, ptr4, ptr6, any, anyipv4, anyipv6, soa, and txt Default value: a |
Limit | Enter the maximum number of results to return. | Integer | Optional | The default value is 100 |
Extra Params | Enter the additional query parameters as key-value pairs to filter results. Example: {"first_seen_after" : "-7d"} | Key Value | Optional | Allowed keys: first_seen_after, first_seen_before, last_seen_after, last_seen_before, regex, qname, netmask, subdomains, match, as_of, sort, output_format, limit, skip, prefer, max_wait, and with_metadata |
Example Request
[
{
"domain_name": "urlhaus.abuse.ch/",
"record_type": "CNAME"
}
]Action: Lookup Infrastructure Density
This action retrieves density statistics (counts of associated records) for infrastructure entities such as Name Servers, MX records, IPs, or ASNs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Type | Choose the type of infrastructure entity for which you want to retrieve density statistics. | Single-select | Required | Allowed values: nssrv, mxsrv, nshash, mxhash, ipv4, ipv6, and asn |
Query Value | Enter the value to retrieve density information for the selected query type. Example: vida.ns.cloudflare.com for nssrv | Text | Required | |
Scope | Enter the scope to control how broadly density statistics are calculated for the specified query type. Allowed values depend on the query type. | Text | Optional | Allowed values: For Query Type = ipv4: ip. subnet, subnet_ips, asn, and asn_subnets For Query Type = asn: asn and asn_subnets For Query Type = nssrv or qtype = mxsrv host, domain, and subdomain |
Example Request
[
{
"lookup_type": "nssrv",
"lookup_value": "vida.ns.cloudflare.com"
}
]Action: Lookup Reverse DNS Records
This action retrieves reverse DNS records (Passive DNS) for a specific IP address.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address to look up associated DNS records. Example: `1.168.167.42` or `1.168.*` | Text | Required | Wildcards (*) are supported to match specific patterns. |
Record Type | Choose the type of DNS record to retrieve. | Single-select | Optional | Allowed values: a, aaaa, cname, mx, ns, ptr4, ptr6, any, anyipv4, anyipv6, soa, and txt Default value: a |
Limit | Enter the maximum number of results to return. | Integer | Optional | Default value: 100 |
Extra Params | Enter the additional query parameters as key-value pairs to filter results. for example, {"first_seen_after" : "-7d"} | Key Value | Optional | Allowed keys: first_seen_after, last_seen_before, first_seen_before, last_seen_after, regex, subdomains, qname, netmask, subdomains, regex, match, as_of, sort, output_format, skip, prefer, max_wait, and with_metadata |
Example Request
[
{
"ip_address": "104.26.10.149",
"record_type": "A"
}
]Action: Run Live Scan
This action performs a real-time analysis of a target URL to capture its current state, including screenshots, redirection details, SSL data, and risk scores.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Target URL | Enter the URL to scan in real time to capture its current content and behavior. This can be a publicly accessible or otherwise hosted URL. Example: https://www.exampledomain.com/ | Text | Required | |
Platform | Enter the platform type to simulate for the scan. | Text | Optional | Allowed values: Desktop, Mobile, and Crawler |
Operating System | Enter the operating system to simulate the scan environment. | Text | Optional | Allowed values: Windows, Linux, macOS, iOS, and Android |
Browser | Enter the browser user agent to simulate. | Text | Optional | Allowed values: Firefox, Chrome, Edge, and Safari. |
Region | Enter the geographic region to originate the scan from. | Text | Optional | Allowed values: US, EU, AS (Asia), and TOR. |
Example Request
[
{
"target_url": "https://www.espn.com/"
}
]Action: Run Live Scan V2
This action performs a real-time analysis of a target URL to capture its current state, including screenshots, redirection details, SSL data, and risk scores.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Target URL | Enter the URL to scan in real time to capture its current content and behavior. Example: https://www.exampledomain.com/ | Text | Required | This can be a publicly accessible or otherwise hosted URL. |
Platform | Enter the platform type to simulate for the scan. | Text | Optional | Allowed values are Desktop, Mobile, and Crawler. |
Operating System | Enter the operating system to simulate for the scan environment. | Text | Optional | Allowed values are Windows, Linux, MacOS, iOS, and Android. |
Browser | Enter the browser user agent to simulate. | Text | Optional | Allowed values are Firefox, Chrome, Edge, and Safari. |
Region | Enter the geographic region to originate the scan from. | Text | Optional | Allowed values are US, EU, AS (Asia), and TOR. |
Example Request
[
{
"os": "Windows",
"region": "US",
"browser": "Chrome",
"platform": "desktop",
"target_url": "silentpush.com"
}
]Action: Search ASNs
This action searches for Autonomous System Numbers (ASNs) using specific names, substrings, or numbers.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
AS Name | Enter the AS name to retrieve autonomous systems whose names begin with the specified value. Example: microsoft | Text | Optional | |
ASN Starts With | Enter the starting characters of an ASN name to retrieve autonomous systems whose names begin with the specified string. Example: Micr | Text | Optional | |
AS Name Contains | Enter a substring to retrieve Autonomous Systems whose names contain the specified value anywhere in the name. Example: osof | Text | Optional | |
ASN Number | Enter the exact ASN number to retrieve its associated name. Example: 15169 | Integer | Optional |
Action: Search Domains
This action searches for domains based on specific criteria, including name servers, Whois data, network details, and domain name patterns.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search Parameters | Enter the search criteria as key-value pairs. Example: {"nsname" : "ns1.exampledomain.com"} | Key Value | Optional | Allowed keys: domain, nsname, mxname, domain_regex, first_seen_min, first_seen_max, first_seen_min_mode, first_seen_max_mode, last_seen_min, last_seen_max, last_seen_min_mode, last_seen_max_mode, asnum, asn, asname, asname_starts_with, asname_contains, asn_match, asn_match_max, asn_match_min, network, timeline, first_seen_after, first_seen_before, registrar, email, whois_date_after, nschange_from_ns, nschange_to_ns, nschange_date_after, nschange_date_before, cert_date_min, cert_date_max, cert_issuer, infratag, asn_diversity, asn_diversity_min, asn_diversity_max, ip_diversity_all, ip_diversity_all_min, ip_diversity_all_max, ip_diversity_groups, ip_diversity_groups_min, ip_diversity_groups_max, limit, skip, prefer, max_wait, with_metadata |
Example Request
[
{
"nsname" : "ns1.exampledomain.com"
}
]Action: Search Scan Data using SPQL
This action searches the scan data using the Silent Push Query Language (SPQL).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the SPQL query string to filter scan data. ensure double quotes are escaped if necessary. Example: "htmltitle = \"ddos* not configured\" and response > 200 and header.server = ddos*" | Text | Required | |
Fields | Enter the list of fields to include in the response. If omitted, all fields are returned. Example: $LIST[domain, ip, scan_date]. | List | Optional | |
Sort | Enter the list of fields and their sort directions using the field/direction format. Example, $LIST[scan_date/desc, domain/asc] | List | Optional | Allowed directions are asc and desc. Default value: [scan_date/desc, domain/asc] |
Limit | Enter the maximum number of results to return. Example: 100 | Integer | Optional | |
Skip | Enter the number of results to skip (offset) for pagination. | Integer | Optional | |
Include Metadata | Choose true if you want to include metadata, such as job_id, in the response. | Boolean | Optional |
Example Request
[
{
"query": "datasource=webscan,torscan AND favicon_murmur3 = 309020573 AND domain != \"pptanupdate.info\""
}
]Action: Update Indicator Tags
This action adds or updates the tags associated with a specific indicator within a Silent Push feed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed ID | Enter the unique UUID of the feed containing the indicator. Example: 88d596f8-2761-42f7-a593-b01a060864f5 | Text | Required | |
Indicator Name | Enter the specific indicator value to update its tags. Example: exampledomain.com | Text | Required | |
Tags | Enter the list of tags to add to the indicator. Example: $LIST[malware, phishing] | List | Required |
Action: Search IP Diversity Patterns
This action retrieves IP diversity pattern results from Passive DNS data.
Request Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name Server Name | Enter the name server name or wildcard pattern to search for. Example: *.bodis.com. | Text | Optional | Enter 'self' to find domains hosting their own name servers. |
Domain Name | Enter the domain name or wildcard pattern to search for. Example: *.example.com | Text | Optional | |
Minimum ASN Diversity | Enter the minimum ASN diversity limit to filter results. | Integer | Optional | Note: At least one diversity parameter (ASN or IP) must be provided for a valid search. |
Limit | Enter the maximum number of results to return. For example, 100 | Integer | Optional | |
First Seen Min | Enter the minimum date to select domains with A records first seen after this time. Format can be yyyy-mm-dd or epoch seconds. | Integer | Optional |
Example Request
[
{
"domain_name": "silentpush.com",
"extra_params": {}
}
]Action: Generic Action
This is a generic action used to make requests to any Silent Push endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request to. Example: v1/feeds | Text | Required | |
Query Params | Enter the query parameters to make the request. | Key Value | Optional | |
Payload | Enter the payload to make the request. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: headers, payload_json, download, files, filename, retry_wait, retry_count, custom_output, and response_type |
Example Request
[
{
"method": "GET",
"endpoint": "feeds",
"extra_fields": {},
"query_params": {}
}
]