Flashpoint Compromised Credentials

Cyware Orchestrate

Flashpoint Compromised Credentials

App Vendor: Flashpoint

App Category: Data Enrichment & Threat Intelligence

Connector Version: 1.3.0

API Version: 4.6.7

About App

The Flashpoint Compromised Credentials connector app allows security teams to integrate with the Flashpoint Compromised Credentials enterprise application. The connector app collects and processes data and credentials, allowing analysts to access recent data breaches and take necessary actions to mitigate risks.

The Flashpoint Compromised Credentials app is configured with the Orchestrate application to perform the following actions:

Action Name	Description
Retrieve Breaches	This action retrieves details about breaches and allows filtering.
Retrieve Compromised Credentials	This action retrieves details about the comprised credentials by querying data like username, password, and more.
Retrieve Compromised Credentials with FPID	This action retrieves details about the comprised credentials with FPID. FPID is a unique identifier that Flashpoint is assigned to the credential.
Generic Action	This action transcends the actions implemented by making a request to any endpoint

Configuration Parameters

The following configuration parameters are required for the Flashpoint Compromised Credentials connector app to communicate with the Flashpoint Compromised Credentials enterprise application. The parameters can be configured by creating instances in the connector app. For more information on how to add an instance in an app, see Add Instances.

Parameter	Description	Field Type	Required/Optional	Comments
Base URL	Enter the base URL to connect to the app. Example: https://fp.tools/api/v4/	Text	Required
API Token	Enter the API token for authentication.	Password	Required
Timeout	Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Flashpoint Compromised Credentials.	Integer	Optional	Default value: 15 seconds Allowed values: 15 - 120 seconds
Verify	Choose your preference to verify SSL while making requests. It is recommended to set this option to yes. If no is passed, it may result in an incorrect connection establishment, potentially resulting in a broken connection.	Boolean	Optional

Action: Generic Action

This action transcends the actions implemented by making a request to any endpoint.

Parameters	Description	Field Type	Required/Optional
Method	Enter the HTTP method to make the request. Example: GET POST PUT DELETE	Text	Required
Endpoint	Enter the endpoint to make the request. Example: /compromised_credentials/{fpid}	Text	Required
Query Params	Enter the query parameters to pass to the API.	Key Value	Optional

Parameters

Description

Field Type

Required/Optional

Comments

Method

Enter the HTTP method to make the request.

Example:

GET
POST
PUT
DELETE

Text

Required

Endpoint

Enter the endpoint to make the request.

Example:

/compromised_credentials/{fpid}

Text

Required

Query Params

Enter the query parameters to pass to the API.

Key Value

Optional

Action: Retrieve Breaches

This action retrieves details about breaches and allows filtering.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Query	Enter the data to be searched. Example: created_at.date-time:[2020-07-01t00:00:00z to 2020-07-02t00:00:00z}	Text	Optional
FPID	Enter the breach FPID to be searched.	Text	Optional
Number of results	Enter the number of results to return. Example: 10	Integer	Optional	Default value: 25
Result number to start from	Indicates the number of initial results that should be skipped. This is used for pagination.	Integer	Optional
Additional Parameters	Enter the key-value pairs for additional filtering.	Key Value	Optional
Additional Data	Enter the additional parameters to be searched. Example: username	Key Value	Optional

Action: Retrieve Compromised Credentials

This action retrieves the details about the comprised credentials by querying data like username, password, and more.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Query	Enter the data to be searched. Example: username	Text	Required
Number of results	Enter the number of results to return. Example: 10	Integer	Optional	Default value: 25
Result number to start from	Enter the number of initial results that should be skipped. This is used for pagination.	Integer	Optional
Extra Params	Enter any additional parameters to be searched. Example: username password created_at.date-time	Key Value	Optional

[
  {
    "query": "breach.first_observed_at.date-time:[* TO now]+breach.created_at.date-time:[* TO now]",
    "extra_params": {
      "from": "100"
    },
    "number_of_results": "102"
  }
]

Action: Retrieve Compromised Credentials with FPID

This action retrieves details about the comprised credentials with FPID. FPID is a unique identifier that Flashpoint has assigned to the credential.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
FPID	Enter the FPID to be searched.	Text	Required
Number of results	Enter the number of results to return. Example: 25	Integer	Optional	Default value: 25
Additional Data	Enter the additional parameters to be searched. Example: username password created_at.date-time

Parameter

Description

Field Type

Required/Optional

Comments

FPID

Enter the FPID to be searched.

Text

Required

Number of results

Enter the number of results to return.

Example:

Integer

Optional

Default value:

Additional Data

Enter the additional parameters to be searched.

Example:

username

password

created_at.date-time

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

Flashpoint Compromised Credentials

About App

Configuration Parameters

Action: Generic Action

Action: Retrieve Breaches

Action: Retrieve Compromised Credentials

Action: Retrieve Compromised Credentials with FPID

Search results