SpyCloud
App Vendor: SpyCloud
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.2.1
API Version: v1
About App
The SpyCloud app integrates breach and malware data into your existing workflows, offering fast, high-volume access to threat intelligence.
The SpyCloud app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Domain Breach Data | This action retrieves breach data of the specified domain |
Get Email Breach Data | This action retrieves breach data of the specified email |
Get Individual Breach Data | This action retrieves breach data by the specified ID |
Get Watchlist Data | This action lists all data from a watchlist |
List Breach Catalog | This action lists or queries breach catalogs |
Generic Action | This is a generic action used to make API requests to any SpyCloud endpoint |
Configuration Parameters
The following configuration parameters are required for the SpyCloud app to communicate with the SpyCloud enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to access SpyCloud. | Password | Required | |
Timeout | Enter the timeout value (in seconds) for the API request. | Integer | Optional | The allowed range is 15-120. Default value is 15. |
Verify | Choose your preference to either verify or skip SSL certificate. | Boolean | Optional | The allowed values are true and false. By default, verification is enabled. |
Action: Get Domain Breach Data
This action retrieves breach data of the specified domain.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the domain for which you want to retrieve the breach data. To specify multiple domains, separate them with commas. | Text | Required | |
Type value | Enter the value for type. the allowed values are corporate and infected. | Text | Optional | The default value is corporate. |
Start date | Enter the start date (in ISO 8601 datetime format (yyyy-mm-ddthh:mm:ssz) from which you want to retrieve the result. | Text | Optional | |
Severity | Enter the severity value to filter the response. to enter multiple entries, separate them with commas. | Text | Optional | The allowed values are 2, 5, 10, 15, 20, and 25. the default value is 2. |
Result count | Specify the number of results in multiples of thousands to return. Example: 1 (this will return 1000 results) | Integer | Optional | |
Cursor | Enter the token to iterate through multiple pages of results. | Text | Optional |
Action: Get Email Breach Data
This action retrieves breach data of the specified email.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Email id | Enter the email address for which you want to retrieve the breach data. to specify multiple email addresses, and separate them with commas. | Text | Required | |
Start date | Enter the start date (in ISO 8601 datetime format yyyy-mm-ddthh:mm:ssz) from which you want to retrieve the result. | Text | Optional | |
End date | Enter the end date (in iso 8601 datetime format yyyy-mm-ddthh:mm:ssz) until which you want to retrieve the result. | Text | Optional | |
Severity | Enter the severity value to filter the response. to enter multiple entries, separate them with commas. | Text | Optional | The allowed values are 2, 5, 10, 15, 20, and 25. The default value is 2. |
Source ID | Enter the source ID to filter the result based on a particular breach source. | Integer | Optional | |
Salt | If hashing is enabled for your API key, enter a 10-24 character salt value. | Text | Optional | |
Result Count | Specify the number of results in multiples of thousands to return. Example: 1 This returns 1000 results | Integer | Optional | |
Cursor | Enter the token to iterate through multiple pages of results. | Text | Optional |
Action: Get Individual Breach Data
This action retrieves breach data by the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Breach ID | Enter the ID of the breach. to specify multiple breach IDs, and separate them with commas. | Text | Required |
Action: Get Watchlist Data
This action lists data from a watchlist.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Watchlist Type | Enter the type of watchlist. the allowed values are IP, domain, and email. | Text | Required | |
Type Value | Enter the value for type. the allowed values are corporate and infected. | Text | Optional | The default value is corporate. |
Start Date | Enter the start date (in ISO 8601 datetime format:: yyyy-mm-ddthh:mm:ssz) from which you want to retrieve the result. | Text | Optional | |
End Date | Enter the end date (in ISO 8601 datetime format:: yyyy-mm-ddthh:mm:ssz) until which you want to retrieve the result. | Text | Optional | |
Source ID | Enter the source ID to filter the result based on a particular breach source. | Integer | Optional | |
Result Count | Specify the number of results in multiples of thousands to return. Example: 1 This returns 1000 results. | Integer | Optional | |
Cursor | Enter the token for iterating through multiple pages of results. | Text | Optional |
Action: List Breach Catalog
This action lists or queries breach catalogs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to search the breach catalog. | Text | Optional | |
Start date | Enter the start date (in ISO 8601 datetime format yyyy-mm-ddthh:mm:ssz) from which you want to retrieve the result. | Text | Optional | |
End date | Enter the end date (in ISO 8601 datetime format yyyy-mm-ddthh:mm:ssz) until which you want to retrieve the result. | Text | Optional | |
Result count | Specify the number of results in multiples of thousands to return. Example: 1 This will return 1000 results | Integer | Optional | |
Cursor | Enter the token for iterating through multiple pages of results. | Text | Optional |
Action: Generic Action
This is a generic action used to make requests to any SpyCloud endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values are GET, PUT, POST, and DELETE. |
Endpoint | Enter the endpoint to make the request. Example: /breach/data/phone-numbers/{phone_number} | Text | Required | |
Query params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys are payload_json, custom_output, download, filename, files, retry_wait, retry_count, and response_type |