Flashpoint Alerting
App Vendor: Flashpoint
Connector Category: Analytics and SIEM
App Version in Orchestrate: 1.0.0
API Version: 1.0.0
About App
Flashpoint's Alerting service notifies customers when relevant information is revealed in threat-actor discussions and compromised data is detected. The Alerting service enables security teams to receive relevant and conceptualized information about threats and helps to mitigate business risks which accelerates the incident response process.
The Flashpoint Alerting app is configured with the Orchestrate application to perform the following actions:
Action | Description |
|---|---|
Get specific recipient's alerts | This action retrieves the alerts that belong to a specific user. |
Get list of Alerts | This action retrieves a list of alerts for your organization. |
Configuration Parameters
The following configuration parameters are required for the Flashpoint Alerting app to communicate with the Flashpoint Alerting enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL for the API endpoints. Example: https://fp.tools/api/alerting/ | Text | Required | |
API Token | Enter the API token to authenticate the Flashpoint API endpoints. | Password | Required |
Action: Get specific recipient's alerts
The action retrieves the alerts for a specific user using the recipient ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Recipient ID | Enter the specific user profile ID (notification_profile UUID) for which alerts are received. | Text | Required | |
Scroll ID | Enter the ID retrieved in the previous alerts responses to retrieve the next batch of alerts. | Text | Optional | |
Since Time | Enter the earliest created_at timestamp of the alert (in UTC). | Text | Required | |
Size | Enter the number of alert results in the response. Maximum size: 100 | Integer | Optional | Default value: 10 |
Until Time | Enter the latest created_at timestamp of the alert (in UTC).To specify the current time, you can leave this parameter value empty. | Text | Optional |
Example Request
[
{
"recipient_id": "8f1ee5db-e700-41c9-9711-12d84e1cc725",
"scroll_id": "c89ff9e0b74a232ae%241233382",
"since": "2020-08-09T12:00:00Z",
"size": "10",
"until": "2020-08-10T12:00:00Z"
}
]
|
Action: Get list of Alerts
The action retrieves a list of alerts for your organization.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Since Time | Enter the earliest created_at timestamp of the alert (in UTC). | Text | Required | |
Scroll Id | Enter the scroll ID to retrieve the next batch of alerts. The scroll ID is retrieved in the previous alert responses. | Text | Optional | |
Size | Enter the number of alert results in the response. Maximum value: 100 | Integer | Optional | Default value: 10 |
Until Time | Enter the latest created_at timestamp of the alert (in UTC). To specify the current time, you can leave this parameter value empty. | Text | Optional |
Example Request
[
{
"scroll_id": "c89ff9e0b74a232ae%241233382",
"since": "2020-08-09T12:00:00Z",
"size": "10",
"until": "2020-08-10T12:00:00Z"
}
] |