Skip to main content

Cyware Orchestrate

SpyCloud

App Vendor: SpyCloud

App Category: Data Enrichment & Threat Intelligence

Connector Version: 1.2.1

API Version: v1

About App

The SpyCloud app integrates breach and malware data into your existing workflows, offering fast, high-volume access to threat intelligence.

The SpyCloud app is configured with Cyware Orchestrate to perform the following actions:

Action Name

Description

Get Domain Breach Data 

This action retrieves breach data of the specified domain

Get Email Breach Data 

This action retrieves breach data of the specified email

Get Individual Breach Data 

This action retrieves breach data by the specified ID

Get Watchlist Data 

This action lists all data from a watchlist

List Breach Catalog 

This action lists or queries breach catalogs

Generic Action 

This is a generic action used to make API requests to any SpyCloud endpoint

Configuration Parameters

The following configuration parameters are required for the SpyCloud app to communicate with the SpyCloud enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

API Key

Enter the API key to access SpyCloud.

Password

Required

Timeout

Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with SpyCloud.

Integer

Optional

Allowed range:

15-120

Default value:

15

Verify

Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is enabled.

Action: Get Domain Breach Data

This action retrieves breach data of the specified domain.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Domain 

Enter the domain for which you want to retrieve the breach data. To specify multiple domains, separate them with commas.

Example:

sampledomain.com

Text

Required

Type Value 

Enter the type of the breach data that you want to retrieve.

Example:

infected

This returns data on infected employees and customers

Text

Optional

Allowed values:

corporate, infected

Default value:

corporate

Start Date 

Enter the start date from which you want to retrieve the result.

Example:

2024-01-01T00:00:00Z

Text

Optional

Allowed format:

ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz)

Severity 

Enter the severity value to filter the response. To enter multiple entries, separate them with commas.

Example:

5

Text

Optional

Allowed values:

2, 5, 10, 15, 20, 25

Default value:

2

Result Count 

Specify the number of results to return in multiples of thousands.

Example:

1

(This will return 1000 results)

Integer

Optional

Cursor 

Enter the token to iterate through multiple pages of results.

Text

Optional

Action: Get Email Breach Data

This action retrieves breach data of the specified email.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Email ID 

Enter the email address for which you want to retrieve the breach data. To specify multiple email addresses, separate them with commas.

Example:

johndoe@orgname.com

Text

Required

Start Date 

Enter the start date from which you want to retrieve the result.

Example:

2024-01-01T00:00:00Z

Text

Optional

Allowed format:

ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz)

End Date 

Enter the end date until which you want to retrieve the result.

Example:

2024-01-31T23:59:59Z

Text

Optional

Allowed format:

ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz)

Severity 

Enter the severity value to filter the response. To enter multiple entries, separate them with commas.

Example:

5

Text

Optional

Allowed values:

2, 5, 10, 15, 20, 25

Default value:

2

Source ID 

Enter the source ID to filter the results based on a particular breach source.

Integer

Optional

Salt 

If hashing is enabled for your API key, enter a 10-24 character salt value.

Text

Optional

Result Count 

Specify the number of results to return in multiples of thousands.

Example: 1

(This returns 1000 results)

Integer

Optional

Cursor 

Enter the token to iterate through multiple pages of results.

Text

Optional

Action: Get Individual Breach Data

This action retrieves breach data using the specified ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Breach ID

Enter the ID of the breach. To specify multiple breach IDs, separate them with commas.

Text

Required

You can retrieve the breach ID using the action Action: List Breach Catalog.

Action: Get Watchlist Data

This action lists data from a watchlist.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Watchlist Type 

Enter the type of watchlist.

Example:

domain

Text

Required

Allowed values:

IP, domain, email

Type Value 

Enter the type of data that you want to retrieve on the watchlist.

Example:

infected

This returns data on infected employees and customers

Text

Optional

Allowed values:

corporate, infected

Default value:

corporate

Start Date 

Enter the start date from which you want to retrieve the result.

Example:

2024-01-01T00:00:00Z

Text

Optional

Allowed format:

ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz)

End Date 

Enter the end date until which you want to retrieve the result.

Example:

2024-01-31T23:59:59Z

Text

Optional

Allowed format:

ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz)

Source ID 

Enter the source ID to filter the results based on a particular breach source.

Integer

Optional

Result Count 

Specify the number of results to return in multiples of thousands.

Example:

1

This returns 1000 results.

Integer

Optional

Cursor 

Enter the token for iterating through multiple pages of results.

Text

Optional

Action: List Breach Catalog

This action lists or queries breach catalogs.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Query 

Enter the query to search the breach catalog.

Text

Optional

Start Date 

Enter the start date from which you want to retrieve the result.

Example:

2024-01-01T00:00:00Z

Text

Optional

Allowed format:

ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz)

End Date 

Enter the end date until which you want to retrieve the result.

Example:

2024-01-31T23:59:59Z

Text

Optional

Allowed format:

ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz)

Result Count 

Specify the number of results to return in multiples of thousands.

Example:

1

This will return 1000 results

Integer

Optional

Cursor 

Enter the token for iterating through multiple pages of results.

Text

Optional

Action: Generic Action

This is a generic action used to make requests to any SpyCloud endpoint.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Method

Enter the HTTP method to make the request.

Example:

GET

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request.

Example:

/breach/data/phone-numbers/{phone_number}

Text

Required

Query Params

Enter the query parameters to pass to the API.

Key Value

Optional

Payload

Enter the payload to pass to the API.

Any

Optional

Extra Fields

Enter the extra fields to pass to the API.

Key Value

Optional

Allowed keys:

payload_json, custom_output, download, filename, files, retry_wait, retry_count, response_type