KELA
App Vendor: KELA
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.2.0
API Version: 1.0.0
About App
The KELA monitoring app delivers real-time threat intelligence from the dark web, helping security teams identify risks and respond swiftly.
The KELA app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Botnet Incidents from Monitor | This action retrieves botnet incidents for a specific monitor. |
Get Daily Highlights from Threat Landscape | This action retrieves the daily highlights provided by KELA’s analysts. |
Get Data from Investigate | This action retrieves details of the specified data type. |
Get Incident Data from Monitor | This action retrieves the data of an incident based on the specified ID. |
Get Incidents List by Incident Type from Monitor | This action lists the incidents based on the specified ID. |
Get Latest Cybercrime Observables Detection from Technical Intelligence | This action would provide the latest updated detections in batches of 100 - without any filter or limitation. |
Get Leaked Credential Incidents from Monitor | This action retrieves leaked credential incidents for a specific monitor. |
Get Network Vulnerability Incidents from Monitor | This action retrieves network vulnerability incidents for a specific monitor. |
Get Saved Query from Investigate | This action retrieves the actual details of a saved query. |
Get User License from Investigate | This action retrieves your license information. |
List Aggregations from Monitor | This action lists the specified monitor’s aggregation. |
List Data Counters from Investigate | This action retrieves the list of data types along with the count of results for each type. |
List Incidents from Monitor | This action lists the incidents based on the specified ID. |
List Saved Queries from Investigate | This action lists all your current saved queries. |
Request for Information in Monitor | This action requests an RFI inquiry to KELA. |
Scroll Incidents in Monitor | This action retrieves the next bulk of incidents using the scroll ID. |
Search Data in Investigate | This action searches for a specific data type. |
Search Pagination in Investigate | This action navigates through limited search results to access larger data sets. |
Update Incident Properties in Monitor | This action updates the status of the specified incident. |
Generic Action | This is a generic action to perform any additional use case on Kela. |
Configuration Parameters
The following configuration parameters are required for the Kela app to communicate with the Kela enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Token | Enter the API token to authenticate the client. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with KELA. | Integer | Optional | Allowed Range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is not enabled. |
Action: Get Botnet Incidents from Monitor
This action retrieves botnet incidents for a specific monitor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
From Date | Enter the start date to retrieve incidents from. Example: 1685452480 | Integer | Optional | |
To Date | Enter the end date to retrieve incidents. Example: 1685452481 | Integer | Optional | |
Limit | Enter the maximum number of incidents to return in the response. | Integer | Optional | Default value: 20 Maximum allowed value: 1000 |
Monitor ID | Enter the monitor ID. | Text | Required |
Example Request
[
{
"limit": "20",
"to_date": "2147483647",
"from_date": "0",
"monitor_id": "5968"
}
]Action: Get Daily Highlights from Threat Landscape
This action retrieves the daily highlights provided by KELA’s analysts.
Action Input Parameters
No input parameters are required for this action.
Action: Get Data from Investigate
This action retrieves details of the specified data type.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
ID | Enter the ID of the data to retrieve its details. | Text | Required | You can retrieve this using the action Search Data in Investigate. |
Type | Enter the data type for which you want to retrieve details. | Text | Required | Allowed values: hacking_discussions, instant_messaging, breached_servers, intelligence_reports |
[
{
"id": "36fa223a89b891381c2d8f04936f0a50",
"type": "intelligence_reports"
}
]Action: Get Incident Data from Monitor
This action retrieves the data of an incident based on the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the incident ID to retrieve its details. | Text | Required | You can retrieve this using the action List Incidents from Monitor. |
Monitor ID | Enter the monitor ID to query. | Text | Required |
Example Request
[
{
"monitor_id": "5968",
"incident_id": "837a6b00a7184228982ad7a57085b65c-demo"
}
]Action: Get Incidents List by Incident Type from Monitor
This action lists the incidents based on the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident Type | Enter the type of incident. | Text | Required | Allowed values: leaked_credentials, botnets, network_vulnerabilities,reports, credit_cards, dld_source_codes, instant_messaging, hacking_discussions |
Monitor ID | Enter the ID of the monitor to query. | Text | Required | |
Additional Parameters | Enter additional parameters to send with the request. | Key value | Optional | Allowed keys: text, limit, to_date, from_date, severities, first_appearance |
Action: Get Latest Cybercrime Observables Detection from Technical Intelligence
This action would provide the latest updated detections in batches of 100 - without any filter or limitation.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Enter the filters to narrow down the results. Example: {"observable_type": ["IP"],"posted_from_date": "1680072075809"} | Key_Value | Optional | |
Sort | Enter to sort the data. Example: {"order_by": "posted_date","order_type": "desc"} | Key_Value | Optional | |
Pagination | Enter the pagination value. Example: {'skip':20} | Key_Value | Optional |
Action: Get Leaked Credential Incidents from Monitor
This action retrieves leaked credential incidents for a specific monitor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
From Date | Enter the start date to retrieve incidents from. Example: 1685452480 | Integer | Optional | |
To Date | Enter the end date to retrieve incidents. Example: 1685452481 | Integer | Optional | |
Limit | Enter the maximum number of incidents to return in the response. Example: 50 | Integer | Optional | Default value: 20 Maximum allowed value: 1000 |
Example Request
[
{
"from_date":1685452480,
"to_date":1685452481,
"offset":50
}
]Action: Get Network Vulnerability Incidents from Monitor
This action retrieves network vulnerability incidents for a specific monitor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
From Date | Enter the start date to retrieve incidents from. Example: 1685452480 | Integer | Optional | |
To Date | Enter the end date to retrieve incidents. Example: 1685452481 | Integer | Optional | |
Limit | Enter the maximum number of incidents to return in the response. Example: 50 | Integer | Optional | Default value: 20 Maximum allowed value: 1000 |
Example Request
[
{
"from_date":1685452480,
"to_date":1685452481,
"offset":50
}
]Action: Get Saved Query from Investigate
This action retrieves the actual details of a saved query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
ID | Enter the ID of the saved query. | Text | Required | You can retrieve this using the action List Saved Queries from Investigate. |
Example Request
[
{
"id": "46d302d067ee0c361f1228bbf06291d6793eee86125a5a24d1ad1c2c1850b10d"
}
]Action: Get User License from Investigate
This action retrieves your license information.
Action Input Parameter
No input parameters are required for this action.
Action: List Aggregations from Monitor
This action lists the specified monitor’s aggregation.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Monitor ID | Enter the ID of the monitor to query. | Text | Required | |
Extra Params | Enter any extra params to filter the response. Example: filter: SCIM Filter, limit: 10 | Key Value | Optional | Allowed keys: limit, severities, identifier, tags, categories, start_date, end_date |
Example Request
[
{
"monitor_id": "5968"
}
]Action: List Data Counters from Investigate
This action retrieves the list of data types along with the count of results for each type.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the search query string to search for data type. | Text | Required | |
Entity | Enter the type of the query string. | Text | Required | Allowed values: text, domains, emails, subnets, credit_cards Default value: text |
Example Request
[
{
"query": "Sample Query",
"entity": "text"
}
]Action: List Incidents from Monitor
This action lists the incidents based on the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Feed Property ID | Enter the ID of the bundle associated with the incident. | Text | Required | |
Monitor ID | Enter the ID of the monitor to query. | Text | Required | |
Extra Params | Enter any extra params to filter the response by. Example: "free_text": "TEXT" | Key Value | Optional | Allowed keys: free_text, status |
Example Request
[
{
"monitor_id": "5968",
"feed_property_id": "837a6b00a7184228982ad7a57085b65c-demo"
}
]Action: List Saved Queries from Investigate
This action lists all your current saved queries.
Action Input Parameters
No input parameters are required for this action.
Action: Request for Information in Monitor
This action requests an RFI inquiry to KELA.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Text | Enter the message body. | Text | Required | |
Urgency | Enter the urgency level for this RFI. | Integer | Required | Allowed values: 1 for low, 2 for medium, 3 for high, 4 for critical |
Subject | Enter the message subject. | Text | Required | |
Monitor ID | Enter the monitor ID to query. | Text | Required |
Example Request
[
{
"text": "Sample Text",
"subject": "Sample Subject",
"urgency": "1",
"monitor_id": "5968"
}
]Action: Scroll Incidents in Monitor
This action retrieves the next bulk of incidents using the scroll ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments | |
|---|---|---|---|---|---|
Scroll ID | Enter the scroll ID to retrieve incidents. Example: DnF1ZXJ5VGhlbkZldGNoEAAAAAC936NlFlpYNUhXVkhBUXd1SEFybnNONWE1Y2cAAAAA3QuZnxZnTm81a2xfOFRJcW14c3l1a2U2aXFnAAAAAVUAUu0WWTJ5TU9zeU9SNkM3U3JjZFNqWjYzUQAAAAAfo6XxFm9xxS1JYazdRU2JxZ1NGa3BsMW81RUEAAAAAs3mt6BZEMjBMYmZ4c1FFeWJIeTFBaTJuWW5BAAAAASqdAb4WTDZXLWNGX1ZReHlyanc5UUdfQ0dWQQxxAACzea3pFkQyMExiZnhzUUV5Ykh5MUFpMm5ZbkEAAAABLG-RRRZzM0xvcEVNUFEwSzlJZVJtRDVORGV3AAAAARo5L8wWclkwTmpRY2hRQlNWM1liNkRUSnV4dwAAAAFaAeeEFlRKdndwbFFiUXB5Zi0wRWFhLVNFUkEAAAABLEvnBZBMmRFVFUtbFFRaWh1akQ4ZGp4TmpBAAAAAIK6TNkWY3c0bHVxxkJRWGlmMElPLXVWajJnZwAAAAFaAeeDFlRKdndwbFFiUXB5Zi0wRWFhLVNFUkEAAAAA3QuZoBZnTm81a2xfOFRJcW14c3l1a2U2aXFnAAAAASqdAb8WTDZXLWNGX1ZReHlyanc5UUdfQ0dWQQAAAAEaOS_NFnJZME5qUWNoUUJTVjNZYjZEVEp1eHc= | Text | Required | ||
Monitor ID | Enter the monitor ID. | Text | Required |
Example Request
[
{
"scroll_id": "DnF1ZXJ5VGhlbkZldGNoEAAAAAB7TR0jFnlRNWUtWDdUUUZxOUlCci1IMW1kdGcAAAABTghkjhZvTktSWGs3UVNicWdTRmtwbDFvNUVBAAAAALYgLSsWclkwTmpRY2hRQlNWM1liNkRUSnV4dwAAAACMxa5LFnQtMzJPRklNUnJtQjdiMzVyZTRHZ1EAAAACE0QALhZnTm81a2xfOFRJcW14c3l1a2U2aXFnAAAAAgHhJacWRDIwTGJmeHNRRXliSHkxQWkyblluQQAAAAC2IC0qFnJZME5qUWNoUUJTVjNZYjZEVEp1eHcAAAAAjMWuTBZ0LTMyT0ZJTVJybUI3YjM1cmU0R2dRAAAAAdxo2roWSmFyb1c5cDRSaG1Dd1Y0WkEyZmNydwAAAAJnhkv4Fkw2Vy1jRl9WUXh5cmp3OVFHX0NHVkEAAAABwrXp9xZjdzRsdVV2QlFYaWYwSU8tdVZqMmdnAAAAAgHhJagWRDIwTGJmeHNRRXliSHkxQWkyblluQQAAAAH1Ci7_FnJyeE9handPUk9tR29NU2tseGhPbHcAAAACCe8XDxZaWDVIV1ZIQVF3dUhBcm5zTjVhNWNnAAAAAnEDREsWQTJkRVRVLWxRUWlodWpEOGRqeE5qQQAAAAFOCGSPFm9OS1JYazdRU2JxZ1NGa3BsMW81RUE=",
"monitor_id": "5968"
}
]Action: Search Data in Investigate
This action searches for a specific data type.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the search query string to search for data type. | Text | Required | |
Entity | Enter the type of the query string. | Text | Optional | Allowed values: text, domains, emails, subnets, credit_cards Default value is text |
Index | Enter the type of the data to search. | Text | Optional | Allowed values: hacking_discussions, leaked_credentials, instant_messaging, compromised_accounts, breached_servers, intelligence_reports. Default value is hacking_discussions |
Filters | Enter the filters to narrow down the search results. Example: {"crawlers": ["Pastebin"]}. | Key-Value | Optional |
Example Request
[
{
"query": "hacking discussions "
}
]Action: Search Pagination in Investigate
This action navigates through limited search results to access larger data sets.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scroll ID | Enter the scroll ID for the search query you are currently paginating through to continue retrieving results. | Text | Required |
Example Request
[
{
"scroll_id": "08ce7d8eee05bf5bc2192b7fd52fef7ff603b33d54292d771c123bd4cffb4615"
}
]Action: Update Incident Properties in Monitor
This action updates the status of the specified incident.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the ID of the incident to update it. | Text | Required | You can retrieve this using the action List Incidents from Monitor. |
Monitor ID | Enter the monitor ID to query. | Text | Required | |
Additional Parameters | Enter the additional parameters to update the status. | Key-Value | Optional | Allowed keys: handled, read, star, deleted |
Example Request
[
{
"delete": false,
"monitor_id": "5968",
"incident_id": "837a6b00a7184228982ad7a57085b65c-demo"
}
]Action: Generic Action
This is a generic action to perform any additional use case on Kela.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint | Enter the endpoint to initiate a request. Example: /monitor/monitor_id/ | Text | Required | |
Method | Enter the HTTP method to make. Example: GET | Text | Required | Allowed keys: GET, PUT, POST, DELETE |
Query Params | Enter the query parameters to filter the result. Example: $JSON[{"page":10}] | Any | Optional | |
Payload Data | Enter the payload data to pass to the API. Example: {"data": {"reason": "security_testing"}} | Key Value | Optional | |
Payload JSON | Enter the payload JSON to pass to the API. Example: $JSON[{"data": {"type": "ransomware","id": 788996}}] | Any | Optional |
Example Request
[
{
"method":"GET",
"endpoint":"incidents",
"payload_data":{
"data":[
{
"reason":"security_testing"
}
]
},
"query_params":{
"limit":"10"
}
}
]