Flashpoint Ignite
App Vendor: Flashpoint
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.1
API Version: v1
About App
The Flashpoint Ignite API connector enables security teams to access information on indicators, vulnerabilities, and more, empowering them to respond effectively.
The Flashpoint Ignite app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Export Vulnerabilities | This action exports a list of vulnerabilities. |
Generic Action | This is a generic action used to make requests to any Flashpoint Ignite endpoint. |
Get Event Details | This action retrieves details of a specific event. |
Get Indicator Details | This action retrieves details of a specific indicator of compromise (IOC). |
Get MISP Event | This action retrieves a MISP event, which aliases a specific event. |
Get Notifications | This action retrieves notifications for a specific alert. |
Get Product Details | This action retrieves the details of a specific product. |
Get Vendor Details | This action retrieves the details of a specific vendor. |
Get Vulnerability Details | This action retrieves the details of a specific vulnerability. |
List Events | This action retrieves a list of events, which are groupings of different IOCs containing metadata about the situations where these indicators were observed. |
List Indicators | This action retrieves a list of indicators of compromise (IOCs) that occur in the context of an event. |
List Notifications | This action retrieves a list of notifications. |
List Products | This action retrieves a list of products. |
List Vendors | This action retrieves a list of vendors. |
List Vulnerabilities | This action retrieves a list of vulnerabilities. |
Retrieve Scroll Results | This action retrieves the results of a scroll request. |
Configuration Parameters
The following configuration parameters are required for the Flashpoint Ignite app to communicate with the Flashpoint Ignite enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Token | Enter the API token to authenticate with the Flashpoint Ignite API. | Password | Required | |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is disabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Flashpoint Ignite. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Export Vulnerabilities
This action exports a list of vulnerabilities.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Attack Type | Specify the attack type associated with the vulnerability. This is exclusively available for Premium customers. | List | Optional | Allowed values: auth_manage, crypt, infrastruct, input_manip, miss_config, mitm, other, race, unknown |
CPEs | Enter the comma-separated list of Common Platform Enumeration (CPE) identifiers. This is exclusively available for Premium customers. Example: cpe:2.3:vendor:product:7.4.33:::::::* | List | Optional | |
CVEs | Enter the list of comma-separated list of Common Vulnerabilities and Exposures (CVE) identifiers assigned by CNA (CVE Numbering Authority). Example: CVE-2023-12345 | List | Optional | |
CWE IDs | Enter the comma-separated list of Common Weakness Enumeration (CWE) identifiers assigned by MITRE. Example: 89 | List | Optional | |
Additional Data | Enter the additional data as key-value pairs to filter the response. | Key Value | Optional | Allowed keys: disclosed_after, disclosed_before, disclosure, exclude_tags, exploit, format, from, has_cves, ids, impact, location, max_cvssv2_score, max_cvssv3_score, max_cvssv4_score, max_epss_score, max_temporal_score, max_threat_score, min_cvssv2_score, min_cvssv3_score, min_cvssv4_score, min_epss_score, min_epss_v1_score, min_temporal_score, min_threat_score, product_ids, product_version_ids, product_versions, products, published_after, published_before, query, ransomware_score, severity, size, social_risk_score, solution, sort, tags, updated_after, updated_before, vendor_ids, vendors |
Action: Get Event Details
This action retrieves details of a specific event.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event ID | Enter the UUID or FPID of the event to retrieve its details. | Text | Required | You can retrieve this using the action List Events. |
Format | Enter the response format. | Text | Optional | Allowed values:
Default value: FP |
Download | Set this to true to download the response in JSON format. | Boolean | Optional | Default value: false |
Exclude Related | Choose true to exclude related events in the response. | Boolean | Optional | Default value: true |
Exclude Enrichments | Choose true to exclude enrichments in the response. | Boolean | Optional | Default value: true |
Additional data | Enter the additional data as key-value pairs to filter the response. | Key Value | Optional |
Example Request
[
{
"event_id": "d7a2d35c-6a88-49e3-94cf-76d5e0e713f9",
"extra_params": {}
}
]Action: Get Indicator Details
This action retrieves details of a specific indicator of compromise (IOC).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Attribute ID | Enter the UUID or FPID of the indicator to retrieve its details. | Text | Required | |
Format | Enter the response format. | Text | Optional | Allowed values:
Default value: FP |
Download | Set this to true to download the response in JSON format. | Boolean | Optional | Default value: false |
Exclude Related | Choose true to exclude related indicators in the response. | Boolean | Optional | Default value: true |
Exclude Enrichments | Choose true to exclude enrichments in the response. | Boolean | Optional | default value: true |
Additional Data | Enter the additional data as key-value pairs to filter the response. | Key Value | Optional |
Example Request
[
{
"attribute_id": "r1W5SHFvXyG8bwhXh1u3AQ",
"extra_params": {}
}
]Action: Get MISP Event
This action retrieves a MISP event, which aliases a specific event.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event ID | Enter the ID of the MISP event followed by .json to retrieve its details. | Text | Required | You can retrieve this using the action List Events. |
Format | Enter the response format. | Text | Optional | Allowed values:
|
Additional Data | Enter the additional data as key-value pairs to filter the response. | Key Value | Optional |
Action: Get Notifications
This action retrieves notifications for a specific alert.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the ID of the alert. | Text | Required | |
Recipient ID | Enter the ID of the recipient. | Text | Optional |
Action: Get Product Details
This action retrieves the details of a specific product.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Product ID | Enter the ID of the product assigned by Flashpoint. | Text | Required | You can retrieve this using the action List Products. |
Format | Enter the response format. | Text | Optional | Allowed values:
|
Action: Get Vendor Details
This action retrieves the details of a specific vendor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Vendor ID | Enter the ID of the vendor assigned by Flashpoint. | Text | Required | You can retrieve this using the action List Vendors. |
Format | Enter the response format. | Text | Optional | Allowed values:
|
Action: Get Vulnerability Details
This action retrieves the details of a specific vulnerability.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Vulnerability ID | Enter the ID of the vulnerability assigned by Flashpoint. | Text | Required | You can retrieve this using the action List Vulnerabilities. |
Format | Enter the response format. | Text | Optional | Allowed values:
|
Action: List Events
This action retrieves a list of events, which are groupings of different IOCs containing metadata about the situations where these indicators were observed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to search for events. | Text | Optional | |
Limit | Enter the maximum number of events to retrieve. | Integer | Optional | Default value: 10 |
Skip | Enter the number of results to skip. | Integer | Optional | Default value: 0 |
Format | Enter the response format. | Text | Optional | Allowed values:
Default value: FP |
Report ID | Enter the report ID to retrieve events associated with a specific report. Example: a96kuiwysdc3a28znqdbxa | Text | Optional | |
Additional Data | Enter the additional data as key-value pairs to filter the response. | Key Value | Optional |
Action: List Notifications
This action retrieves a list of notifications.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query IDs | Enter the comma-separated list of query IDs. | List | Optional | |
Asset IDs | Enter the comma-separated list of asset IDs. | List | Optional | |
Origin | Enter the origin of the notification. | Text | Optional | Allowed values:
|
Asset IP | Enter the IP address of the notified asset. | Text | Optional | |
Additional Data | Enter the additional data as key-value pairs to search for notifications. | Key Value | Optional |
Action: List Indicators
This action retrieves a list of indicators of compromise (IOCs) that occur in the context of an event.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to search for indicators. | Text | Optional | |
Limit | Enter the maximum number of indicators to retrieve. | Integer | Optional | Default value: 10 |
Skip | Enter the number of results to skip. | Integer | Optional | Default value: 0 |
Format | Enter the format of the response. | Text | Optional | Allowed values:
Default value: FP |
Report ID | Enter the report ID to retrieve indicators associated with a specific report. Example: a96kuiwysdc3a28znqdbxa | Text | Optional | |
Additional Data | Enter additional data as key-value pairs to filter the response. | Key Value | Optional |
Action: List Notifications
This action retrieves a list of notifications.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query IDs | Enter the comma-separated list of query IDs. | List | Optional | |
Asset IDs | Enter the comma-separated list of asset IDs. | List | Optional | |
Origin | Enter the origin of the notification. | Text | Optional | Allowed values:
|
Asset IP | Enter the IP address of the notified asset. | Text | Optional | |
Additional Data | Enter the additional data as key-value pairs to search for notifications. | Key Value | Optional |
Action: List Products
This action retrieves a list of products.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Format | Enter the response format. | Text | Optional | Allowed values:
|
From Index | Enter the starting index to retrieve results from. Example: 300 | Integer | Optional | |
Product IDs | Enter a comma-separated list of product ids assigned by Flashpoint. Example: 123 | List | Optional | |
Name | Enter the name of the product. | Text | Optional | |
Size | Enter the number of results to retrieve on each page. Example: 100 | Integer | Optional | |
Updated After | Enter the date and time in ISO 8601 format to retrieve products updated after the specified timestamp. Example: 2023-01-15T00:00:00Z | Text | Optional | |
Updated Before | Enter the date and time in ISO 8601 format to retrieve products updated before the specified timestamp. Example: 2023-01-15T00:00:00Z | Text | Optional | |
Vendor IDs | Enter the comma-separated list of vendor IDs assigned by Flashpoint. Example: 123 | List | Optional |
Action: List Vendors
This action retrieves a list of vendors.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Format | Enter the response format. | Text | Optional | Allowed values:
|
From Index | Enter the starting index to retrieve results from. Example: 300 | Integer | Optional | |
Vendor IDs | Enter the comma-separated list of vendor IDs assigned by Flashpoint. Example: 123 | List | Optional | |
Name | Enter the name of the vendor. | Text | Optional | |
Size | Enter the number of results to retrieve on each page. Example: 100 | Integer | Optional | |
Updated After | Enter the date and time in ISO 8601 format to retrieve vendors updated after the specified timestamp. Example: 2023-01-15T00:00:00Z | Text | Optional | |
Updated Before | Enter the date and time in ISO 8601 format to retrieve vendors updated before the specified timestamp. Example: 2023-01-15T00:00:00Z | Text | Optional |
Action: List Vulnerabilities
This action retrieves a list of vulnerabilities.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Attack Type | Specify the attack type associated with the vulnerability. This is exclusively available for premium customers. | List | Optional | Allowed values: auth_manage, crypt, infrastruct, input_manip, miss_config, mitm, other, race, unknown |
CPEs | Enter the comma-separated list of Common Platform Enumeration (CPE) identifiers. This is exclusively available for Premium customers. Example: cpe:2.3:vendor:product:7.4.33:::::::* | List | Optional | |
CVEs | Enter the a comma-separated list of Common Vulnerabilities and Exposures (CVE) identifiers assigned by CNA (CVE Numbering Authority). Example: CVE-2023-12345 | List | Optional | |
CWE IDs | Enter the comma-separated list of Common Weakness Enumeration (CWE) identifiers assigned by MITRE. Example: 89 | List | Optional | |
Additional Data | Enter the additional data as key-value pairs to filter the response. | Key Value | Optional | Allowed keys: disclosed_after, disclosed_before, disclosure, exclude_tags, exploit, format, from, has_cves, ids, impact, location, max_cvssv2_score, max_cvssv3_score, max_cvssv4_score, max_epss_score, max_temporal_score, max_threat_score, min_cvssv2_score, min_cvssv3_score, min_cvssv4_score, min_epss_score, min_epss_v1_score, min_temporal_score, min_threat_score, product_ids, product_version_ids, product_versions, products, published_after, published_before, query, ransomware_score, severity, size, social_risk_score, solution, sort, tags, updated_after, updated_before, vendor_ids, vendors |
Action: Retrieve Scroll Results
This action retrieves the results of a scroll request.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scroll ID | Enter the scroll ID to continue scrolling. | Text | Required | |
Format | Enter the response format. | Text | Optional | Allowed values for requests to the /event endpoint:
Allowed values for requests to the /attribute endpoint:
|
Additional Data | Enter the additional data as key-value pairs to filter the response. | Key Value | Optional |
Action: Generic Action
This is a generic action used to make requests to any Flashpoint Ignite endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to make the request. Example: /notifications/{alert_id} | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional |
Example Request
[
{
"method": "GET",
"endpoint": "technical-intelligence/v1/attribute",
"extra_fields": {},
"query_params": {}
}
]