Flashpoint
App Vendor: Flashpoint
App Category: Data Enrichment & Threat Intelligence
App Version in Orchestrate: 1.1.2
API version: 4.0.0
Note
The endpoints in the Flashpoint app are deprecated. You can use the Flashpoint Ignite app, which provides enhanced features and improved functionality. For more information, see Flashpoint API documentation.
About App
The Flashpoint app allows security teams to integrate with the Flashpoint enterprise application to help analysts identify threats and mitigate critical security risks. Flashpoint shares insightful and relevant context about a threat and empowers analysts to take better decisions. This helps analysts to prioritize intelligence, focus on critical areas, and respond accurately.
The Flashpoint app in the Orchestrate application performs the following actions:
Action Name | Description |
|---|---|
Breach Check | This action provides details of the breach based on a domain or Email ID. |
Retrieve an Intelligence Report | This action is used to retrieve a report using the report ID. |
Search Marketplace | This action searches a specific marketplace and retrieve details about the marketplace. |
Search Intelligence Reports | This action searches intelligence reports using queries. |
Search Indicator | This action provides details based on an indicator. |
Search Vulnerability | This action provides the vulnerability details based on the vulnerability ID. |
Universal Search | This action searches across the network and retrieve details based on the search query. |
Configuration Parameters
The following configuration parameters are required for the AWS WAF v2 app to communicate with the AWS WAF v2 Enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Token | Enter the API token to authenticate the Flashpoint API endpoints. | Password | Required | |
Base URL | Enter the base URL for the API endpoints. Example: https://fp.tools/api/v4/ | Text | Required |
Action: Breach Check
This action provides details of the breach based on a domain or Email ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Email or Domain | Enter the data type for the breach check. | Text | Required | Allowed values:
|
Email ID or Domain | Enter the value of the data to be searched based on the selected data type (domain or Email ID). Example:
| Text | Required |
Example Request
[
{
"email_domain": "domain",
"emailid_domain": "cyware.com"
}
] |
Action: Retrieve an Intelligence Report
This action is used to retrieve a report using the report ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the ID of the Intelligence Report. Example: lTYQZRtoQeyKYMNuwv0dEA | Text | Required |
Example Request
[
{
"report_id": "lTYQZRtoQeyKYMNuwv0dEA"
}
] |
Action: Search Marketplace
This action searches a specific marketplace and retrieve details about the marketplace.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Marketplace | Enter the details to search the marketplace. Example: silkroad | Text | Required |
Example Request
[
{
"market_place": "silkroad"
}
] |
Action: Search Intelligence Reports
This action searches reports using queries.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter a query to search across intelligence report bodies, titles, summaries, and sources. Example: "recent malware incidents" | Text | Required | |
Limit | Enter the limit of search results displayed that matches the query. | Integer | Optional | Default value: 10 |
Example Request
[
{
"limit": 3,
"query": "recent malware incidents"
}
] |
Action: Search Indicator
This action provides details based on an indicator.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator | Enter the indicator to be searched. Example: "www.exampleindicator.com" | Text | Required |
Example Request
[
{
"indicator": "www.exampleindicator.com"
}
] |
Action: Search Vulnerability
This action provides the vulnerability details based on the vulnerability ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CVE ID | Enter the vulnerability ID. Example: "CVE-1999-0555" | Text | Required |
Example Request
[
{
"cve_id": "CVE-1999-0555"
}
] |
Action: Universal Search
This action searches across the network and retrieve details based on the search query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to search. Example: example.com | Text | Required |
Example Request
[
{
"query": "2.1.2.1"
}
] |