Digital Shadows Search Light

the digital shadows search light connector enables automated monitoring and management of digital risks and threats, facilitating streamlined incident response and threat intelligence operations digital shadows search light provides comprehensive threat intelligence and digital risk protection, monitoring across the widest range of data sources within the open, deep, and dark web the connector enables swimlane turbine users to automate the monitoring and analysis of digital risks, including alert management, incident tracking, and triage item handling by integrating with digital shadows search light, security teams can enhance their situational awareness, streamline threat investigations, and rapidly respond to potential threats with enriched context and actionable insights prerequisites to effectively utilize the digital shadows search light connector with swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the digital shadows api api key your unique identifier to authenticate with the digital shadows api api secret the secret key associated with your api key for enhanced security searchlight account id your specific account identifier for digital shadows services capabilities this connector provides the following capabilities create triage item comment get alet screenshot list alerts list impersonating domain alerts list impersonating subdomain alerts list incidents list triage item comments list triage item events list triage items set triage item state notes the documentation is only available on the digital shadows box configurations digital shadows searchlight http basic auth authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username api key as username string required searchlight account id searchlight account id string required password api secret as password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create triage item comment create a new comment on a specific triage item in digital shadows search light using the 'triage id' and 'content' endpoint url /v1/triage items/{{triage id}}/comments method post input argument name type required description path parameters triage id string required identifier of the triage item which comments belongs content string optional the comment text content must not include the null character input example {"json body" {"content" "a custom comment has been created!"},"path parameters" {"triage id" "77d21124 c5e6 4386 be23 072eddc319f9"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier triage item id string unique identifier content string response content user object output field user user id string unique identifier user name string name of the resource created string output field created updated string output field updated output example {"status code" 200,"response headers" {"date" "mon, 15 jul 2024 05 44 34 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x correlation id" "aqti3k9f413a","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "28","retry after" "28","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must rev get alert screenshot retrieves the screenshot associated with a specified alert in digital shadows search light using the alert id endpoint url /alerts/{{alert id}}/screenshot method get input argument name type required description path parameters alert id string required associated alert id input example {"path parameters" {"alert id" "7f0a23d0 fd8e 43ce b267 e6386af876cf"}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"status code" 200,"response headers" {"server" "nginx","date" "mon, 17 feb 2025 09 15 29 gmt","content type" "text/html","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","x amz id 2" "s5aks/5liqr1vgwuuzf2xjjpk9flp0iyfpfdmdjxuyjboox11h216pkj8nkympbbnwbzkzgyoh8=","x amz request id" "xwfwm270wjajvy27","last modified" "thu, 13 feb 2025 07 55 46 gmt","x amz server side encryption" "aes256","cache control" "public,must revalidate","etag" "w/\\"56dd7570a373e62c928834ca1b list alerts retrieve a comprehensive list of alerts from digital shadows search light for monitoring and analysis endpoint url /v1/alerts method get input argument name type required description parameters id array optional one or more alert identifiers to resolve must provide between 1 and 100 items parameters offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 parameters limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 100 input example {"parameters" {"id" \["e5aeafc5 fbc7 42f8 9594 fc7f23adcb78","d7f4b588 1ffb 452c 8425 f2ea9abcfb6a"],"offset" 0,"limit" 10}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 12 jul 2024 07 48 57 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x correlation id" "ekp5qdrj8trrj","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "2","retry after" "2","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must reva list impersonating domain alerts retrieve domain impersonation alerts linked to your organization from digital shadows search light endpoint url /v1/impersonating domain alerts method get input argument name type required description parameters offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 parameters limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 100 parameters id array optional one or more alert identifiers to resolve must provide between 1 and 100 items input example {"parameters" {"offset" 0,"limit" 10,"id" \["799098e1 d380 4f64 a8d1 2de0b265a0b8"]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 15 jul 2024 05 58 09 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x correlation id" "4cph9jpbrknbk","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "51","retry after" "51","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must re list impersonating subdomain alerts retrieve a list of alerts for subdomains impersonating your domain from digital shadows search light endpoint url /v1/impersonating subdomain alerts method get input argument name type required description parameters offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 parameters limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 100 parameters id array optional one or more alert identifiers to resolve must provide between 1 and 100 items input example {"parameters" {"offset" 10,"limit" 20,"id" \["799098e1 d380 4f64 a8d1 2de0b265a0b8"]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"server" "nginx","date" "fri, 20 sep 2024 06 40 34 gmt","content type" "text/html","transfer encoding" "chunked"},"reason" "ok","json body" {}} list incidents retrieve a comprehensive list of incidents from digital shadows search light for analysis and tracking endpoint url /v1/incidents method get input argument name type required description parameters id array optional one or more incident identifiers to resolve must provide between 1 and 100 items parameters offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 parameters limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must provide between 1 and 100 items input example {"parameters" {"id" \[952573,952574],"offset" 0,"limit" 10}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 12 jul 2024 08 39 14 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x correlation id" "ara0qc4vq686k","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "45","retry after" "45","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must re list triage item comments retrieve comments associated with a specific triage item in digital shadows search light using the triage id endpoint url /v1/triage items/{{triage id}}/comments method get input argument name type required description path parameters triage id string required parameters for the list triage item comments action parameters offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 250 parameters limit number optional the maximum number of items to return if unset, the default value will be 10 must be any value between 0 and 250 input example {"parameters" {"offset" 0,"limit" 10},"path parameters" {"triage id" "77d21124 c5e6 4386 be23 072eddc319f9"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 15 jul 2024 05 52 43 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x correlation id" "bqq049uqvff91","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "17","retry after" "17","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must re list triage item events retrieve a comprehensive list of events associated with triage items from digital shadows search light endpoint url /v1/triage item events method get input argument name type required description parameters event num after number optional return events with an event num greater than this value must be greater than or equal to 0 parameters event created before string optional return events with a created time equal to or before this value parameters event created after string optional return events with a created time equal to or after this value parameters limit number optional the maximum number of items to return if unset, the default value will be 200 must be any value between 0 and 1000 parameters risk type array optional return events with a risk type in the provided list must provide between 1 and 100 items must provide between 1 and 100 items parameters risk type exclusion array optional return events with a risk type not in the provided list must provide between 1 and 100 items must provide between 1 and 100 items parameters state array optional return events with a state in the provided list must provide between 1 and 100 items input example {"parameters" {"event num after" 2,"event created before" "2024 07 11t06 02 23 321588z","event created after" "2024 07 11t06 02 23 321588z","limit" 200,"risk type" \["custom risk"],"risk type exclusion" \["association with malware"],"state" \["open"]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 12 jul 2024 06 17 04 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x correlation id" "4v34qluf9536t","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "55","retry after" "55","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must re list triage items retrieve a list of triage items linked to specific event ids from digital shadows search light endpoint url /v1/triage items method get input argument name type required description parameters id array optional one or more triage item identifiers to resolve must provide between 1 and 100 items parameters offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 1000 parameters limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 1000 parameters portal shortcode array optional one or more triage item portal shortcode to resolve must provide between 1 and 100 items input example {"parameters" {"id" \["c10407f2 1aec 4b35 b6c3 086b396eb824","f40be971 ecea 4f25 ab33 f4f2566b12ab"],"offset" 0,"limit" 10,"portal shortcode" \[123]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "fri, 12 jul 2024 07 34 57 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","x correlation id" "ehof7vr5nljjn","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "2","retry after" "2","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must reva set triage item state updates the state of a specified triage item in digital shadows search light using the provided triage id and state endpoint url /v1/triage items/{{triage id}}/state method put input argument name type required description path parameters triage id string required identifier of the triage item to set the state for state string optional the new state to set for the triage item previous state string optional the previous state as last seen prior to requesting this change used to confirm that this change is not overwriting a change made by another user in the interim comment object optional an optional custom comment to include with the state change comment content string required the comment text content must not include the null character input example {"json body" {"state" "open","previous state" "closed","comment" {"content" "a custom comment that is 1 500 characters in length"}},"path parameters" {"triage id" "77d21124 c5e6 4386 be23 072eddc319f9"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {"date" "tue, 16 jul 2024 05 46 59 gmt","connection" "keep alive","x correlation id" "31lhvt1olkg82","vary" "origin, access control request method, access control request headers","ratelimit limit" "100","ratelimit remaining" "99","ratelimit reset" "1","retry after" "1","x content type options" "nosniff","x xss protection" "1; mode=block","cache control" "no cache, no store, max age=0, must revalidate","pragma" "no cache","expires" "0","x frame options" "den response headers header description example cache control directives for caching mechanisms public,must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self'; script src 'self' 'unsafe eval' content pendo portal digitalshadows com data pendo portal digitalshadows com; style src 'self' 'unsafe inline' content pendo portal digitalshadows com data pendo portal digitalshadows com; img src 'self' data content pendo portal digitalshadows com data pendo portal digitalshadows com; connect src 'self' https // searchlight app content pendo portal digitalshadows com data pendo portal digitalshadows com; child src 'self' data pendo portal digitalshadows com; frame ancestors 'self' data pendo portal digitalshadows com; frame src 'self' data pendo portal digitalshadows com; report uri https //portal digitalshadows com/api/csp reports content type the media type of the resource text/html date the date and time at which the message was originated fri, 12 jul 2024 06 17 04 gmt etag an identifier for a specific version of a resource w/"56dd7570a373e62c928834ca1b4be940" expires the date/time after which the response is considered stale 0 last modified the date and time at which the origin server believes the resource was last modified thu, 13 feb 2025 07 55 46 gmt pragma http response header pragma no cache ratelimit limit http response header ratelimit limit 100 ratelimit remaining http response header ratelimit remaining 99 ratelimit reset http response header ratelimit reset 51 referrer policy http response header referrer policy strict origin, origin,strict origin retry after http response header retry after 17 server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers via http response header via 1 1 9e962ebb7744c5eda2db5997b7dde0c6 cloudfront net (cloudfront) x amz cf id http response header x amz cf id co2 skqyuiw3itup3t9mspw6qilwesnnf n52zw5wn0rpukhffpp9a== x amz cf pop http response header x amz cf pop lhr61 p5 x amz id 2 http response header x amz id 2 s5aks/5liqr1vgwuuzf2xjjpk9flp0iyfpfdmdjxuyjboox11h216pkj8nkympbbnwbzkzgyoh8= x amz request id http response header x amz request id xwfwm270wjajvy27 x amz server side encryption http response header x amz server side encryption aes256 x cache http response header x cache refreshhit from cloudfront x content type options http response header x content type options nosniff x correlation id a unique identifier for correlating requests 4v34qluf9536t x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block