SpyCloud
App Vendor: SpyCloud
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.2.1
API Version: v1
About App
The SpyCloud app integrates breach and malware data into your existing workflows, offering fast, high-volume access to threat intelligence.
The SpyCloud app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Domain Breach Data | This action retrieves breach data of the specified domain |
Get Email Breach Data | This action retrieves breach data of the specified email |
Get Individual Breach Data | This action retrieves breach data by the specified ID |
Get Watchlist Data | This action lists all data from a watchlist |
List Breach Catalog | This action lists or queries breach catalogs |
Generic Action | This is a generic action used to make API requests to any SpyCloud endpoint |
Configuration Parameters
The following configuration parameters are required for the SpyCloud app to communicate with the SpyCloud enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to access SpyCloud. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with SpyCloud. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
Action: Get Domain Breach Data
This action retrieves breach data of the specified domain.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain for which you want to retrieve the breach data. To specify multiple domains, separate them with commas. Example: sampledomain.com | Text | Required | |
Type Value | Enter the type of the breach data that you want to retrieve. Example: infected This returns data on infected employees and customers | Text | Optional | Allowed values: corporate, infected Default value: corporate |
Start Date | Enter the start date from which you want to retrieve the result. Example: 2024-01-01T00:00:00Z | Text | Optional | Allowed format: ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) |
Severity | Enter the severity value to filter the response. To enter multiple entries, separate them with commas. Example: 5 | Text | Optional | Allowed values: 2, 5, 10, 15, 20, 25 Default value: 2 |
Result Count | Specify the number of results to return in multiples of thousands. Example: 1 (This will return 1000 results) | Integer | Optional | |
Cursor | Enter the token to iterate through multiple pages of results. | Text | Optional |
Action: Get Email Breach Data
This action retrieves breach data of the specified email.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Email ID | Enter the email address for which you want to retrieve the breach data. To specify multiple email addresses, separate them with commas. Example: johndoe@orgname.com | Text | Required | |
Start Date | Enter the start date from which you want to retrieve the result. Example: 2024-01-01T00:00:00Z | Text | Optional | Allowed format: ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) |
End Date | Enter the end date until which you want to retrieve the result. Example: 2024-01-31T23:59:59Z | Text | Optional | Allowed format: ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) |
Severity | Enter the severity value to filter the response. To enter multiple entries, separate them with commas. Example: 5 | Text | Optional | Allowed values: 2, 5, 10, 15, 20, 25 Default value: 2 |
Source ID | Enter the source ID to filter the results based on a particular breach source. | Integer | Optional | |
Salt | If hashing is enabled for your API key, enter a 10-24 character salt value. | Text | Optional | |
Result Count | Specify the number of results to return in multiples of thousands. Example: 1 (This returns 1000 results) | Integer | Optional | |
Cursor | Enter the token to iterate through multiple pages of results. | Text | Optional |
Action: Get Individual Breach Data
This action retrieves breach data using the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Breach ID | Enter the ID of the breach. To specify multiple breach IDs, separate them with commas. | Text | Required | You can retrieve the breach ID using the action Action: List Breach Catalog. |
Action: Get Watchlist Data
This action lists data from a watchlist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Watchlist Type | Enter the type of watchlist. Example: domain | Text | Required | Allowed values: IP, domain, email |
Type Value | Enter the type of data that you want to retrieve on the watchlist. Example: infected This returns data on infected employees and customers | Text | Optional | Allowed values: corporate, infected Default value: corporate |
Start Date | Enter the start date from which you want to retrieve the result. Example: 2024-01-01T00:00:00Z | Text | Optional | Allowed format: ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) |
End Date | Enter the end date until which you want to retrieve the result. Example: 2024-01-31T23:59:59Z | Text | Optional | Allowed format: ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) |
Source ID | Enter the source ID to filter the results based on a particular breach source. | Integer | Optional | |
Result Count | Specify the number of results to return in multiples of thousands. Example: 1 This returns 1000 results. | Integer | Optional | |
Cursor | Enter the token for iterating through multiple pages of results. | Text | Optional |
Action: List Breach Catalog
This action lists or queries breach catalogs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to search the breach catalog. | Text | Optional | |
Start Date | Enter the start date from which you want to retrieve the result. Example: 2024-01-01T00:00:00Z | Text | Optional | Allowed format: ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) |
End Date | Enter the end date until which you want to retrieve the result. Example: 2024-01-31T23:59:59Z | Text | Optional | Allowed format: ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) |
Result Count | Specify the number of results to return in multiples of thousands. Example: 1 This will return 1000 results | Integer | Optional | |
Cursor | Enter the token for iterating through multiple pages of results. | Text | Optional |
Action: Generic Action
This is a generic action used to make requests to any SpyCloud endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. Example: GET | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /breach/data/phone-numbers/{phone_number} | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, custom_output, download, filename, files, retry_wait, retry_count, response_type |