Fraudwatch
App Vendor: Fraudwatch
App Category: Data Enrichment & Threat Intelligence
App Version in Orchestrate: 1.0.0
API Version: 1.0.0
About App
The Fraudwatch app allows security teams to integrate with the Fraudwatch enterprise application to report abuses, process takedown requests, ensure fast resolution with a 24/7 operations center and detect brand incidents with real-time alerts.
The Fraudwatch app is configured with CSOL application to perform the below-listed actions:
Action Name | Description |
|---|---|
File upload | This action can be used to upload an attachment to a particular incident. |
Incident by reference | This action can be used to get the particular incident details through reference. |
Get forensic detail | The action can be used to get forensic detail of a particular incident. |
Get contact email | This action can be used to get the staff email. |
Add URLs | The action can be used to add the URLs in the incident. |
Update an Incident | This action can be used to update a particular incident. |
Get a particular Incident | This action can be used to get a particular Incident detail. |
Create an Incident | This action can be used to create an Incident. |
Get Incidents | This action can be used to get the list of Incidents. |
Configuration parameters
Below is the list of configuration parameters that are required for the Fraudwatch app to communicate with the Fraudwatch application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL. For example, "<https://<host>.<tld>"> | Text | Required | |
API token | Enter the API token. | Text | Required |
Action: File upload
This action is used to upload an attachment to a particular incident.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the Incident ID. | Text | Required | |
File path | Enter the file path. | Text | Required |
Example Request
[
{
"file_path": "<Sample file path>",
"incident_id": "<Sample Incident ID>"
}
]Action: Incident by reference
This action is used to get the particular incident details through reference.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Reference ID | Enter the reference ID. For example, "12” | Text | Required |
Example Request
[
{
"reference_id": "12"
}
]Action: Get forensic detail
The action is used to get forensic detail of a particular incident.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the Incident ID. | Text | Required |
Example Request
[
{
"incident_id": "<Sample incident ID>"
}
]Action: Get contact email
This action is used to get the staff email.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the incident ID. | Text | Optional | |
Page | Enter the page number. For example, "10". | Text | Optional | |
Limit | Enter the limit. For example, "10" | Text | Optional |
Example Request
[
{
"incident_id": "<Sample incident ID>",
"page": "10",
"limit": "10"
}
]Action: Add URLs
The action is used to add the URLs in the incident.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the incident ID. | Text | Required | |
URLs | Enter the list of URLs. | Any | Required |
Example Request
[
{
"urls":
[
“Sample URL1”,
“Sample URL2”
],
"incident_id": <Sample incident ID>
}
]Action: Update an Incident
This action is used to update a particular incident.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the Incident ID. | Text | Required | |
Brand | Enter the brand. For example, "ADNOC" | Text | Optional | |
Reference ID | Enter the Reference ID. For example, 12 | Text | Optional | |
Evidence | Enter the evidence. | Text | Optional | |
Instructions | Enter the instructions. For example, "Analyze evidence" | Text | Optional |
Example Request
[
{
"incident_id": <Sample incident ID>,
"reference_id": "12",
"brand": "ADNOC",
"evidence": "<Sample evidence>",
"instructions": "Analyze evidence"
}
]Action: Get a particular Incident
This action can be used to get a particular Incident detail.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the Incident ID. | Text | Required |
Example Request
[
{
"incident_id": <Sample incident ID>
}
]Action: Create an Incident
This action can be used to create an Incident.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Brand | Enter the brand. For example, "ADNOC" | Text | Required | |
Type | Enter the type. For example, "phishing”, "vishing”, "malware” and much more. | Text | Required | |
Primary URL | Enter the primary URL of source. | Text | Required | |
URLs | Enter the list of URLs to be added in the incident. | Any | Optional | |
Instructions | Enter any special instructions for the Security Operations Team. For example, "This ticket has been created to test an Integration. Please do not take any action. Kindly disregard and close the ticket”. | Text | Optional | |
Evidence | Enter the evidence/logs of the particular incident. | Text | Optional | |
Reference ID | Enter the reference ID. For example, "12” | Text | Optional |
Example Request
[
{
"type": "phishing",
"brand": "ADNOC",
"primary_url": "<Sample primary URL>",
“urls“:
[
“Sample URL1“,
“Sample URL2“
],
"instructions": "This ticket has been created to test an Integration. Please do not take any action. Kindly disregard and close the ticket"
}
]Action: Get Incidents
This action can be used to get the list of Incidents.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Page | Enter the page number. For example, 1. | Integer | Optional | |
Limit | Enter the limit. For example, "10". | Text | Optional | By default, the limit is "20". |
From | Enter the date from when you want to retrieve the Incidents. For example, "2020-01-01” | Text | Optional | Date must be in yyyy-mm-dd format. |
To | Enter the date till when you want to retrieve the Incidents. For example, "2020-10-31" | Text | Optional | Date must be in yyyy-mm-dd format. |
Status | Enter the Incident status. | Text | Optional | By default, the status is "all". |
Example Request
[
{
"page": 1,
"limit": "10",
"from_date": "2020-01-01",
"to": "2020-10-31",
"status”: "all"
}
]