Digital Shadows Search Light

the digital shadows search light connector enables automated monitoring and management of digital risks and threats, facilitating streamlined incident response and threat intelligence operations digital shadows search light provides comprehensive threat intelligence and digital risk protection, monitoring across the widest range of data sources within the open, deep, and dark web the connector enables swimlane turbine users to automate the monitoring and analysis of digital risks, including alert management, incident tracking, and triage item handling by integrating with digital shadows search light, security teams can enhance their situational awareness, streamline threat investigations, and rapidly respond to potential threats with enriched context and actionable insights prerequisites to effectively utilize the digital shadows search light connector with swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the digital shadows api api key your unique identifier to authenticate with the digital shadows api api secret the secret key associated with your api key for enhanced security searchlight account id your specific account identifier for digital shadows services capabilities this connector provides the following capabilities create triage item comment get alet screenshot list alerts list impersonating domain alerts list impersonating subdomain alerts list incidents list triage item comments list triage item events list triage items set triage item state configurations digital shadows searchlight http basic auth authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username api key as username string required searchlight account id searchlight account id string required password api secret as password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create triage item comment create a new comment on a specific triage item in digital shadows search light using the 'triage id' and 'content' endpoint url /v1/triage items/{{triage id}}/comments method post input argument name type required description triage id string required identifier of the triage item which comments belongs content string required the comment text content must not include the null character output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier triage item id string unique identifier content string response content user object output field user id string unique identifier name string name of the resource created string output field created updated string output field updated example \[ { "status code" 200, "response headers" { "date" "mon, 15 jul 2024 05 44 34 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x correlation id" "aqti3k9f413a", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "28", "retry after" "28", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0" }, "reason" "", "json body" { "id" "6ff2e3ad 92d7 40a0 b4cd 74b3a5a4ec68", "triage item id" "77d21124 c5e6 4386 be23 072eddc319f9", "content" "a custom comment has been created!", "user" {}, "created" "2024 07 15t05 44 31 351068063z", "updated" "2024 07 15t05 44 31 351068063z" } } ] get alert screenshot retrieves the screenshot associated with a specified alert in digital shadows search light using the alert id endpoint url /alerts/{{alert id}}/screenshot method get input argument name type required description alert id string required associated alert id output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 17 feb 2025 09 15 29 gmt", "content type" "text/html", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "x amz id 2" "s5aks/5liqr1vgwuuzf2xjjpk9flp0iyfpfdmdjxuyjboox11h216pkj8nkympbbnwbzkzgyoh8=", "x amz request id" "xwfwm270wjajvy27", "last modified" "thu, 13 feb 2025 07 55 46 gmt", "x amz server side encryption" "aes256", "cache control" "public,must revalidate", "etag" "w/\\"56dd7570a373e62c928834ca1b4be940\\"", "content security policy" "default src 'self'; script src 'self' 'unsafe eval' content pendo portal digital ", "x frame options" "deny", "x xss protection" "1; mode=block" }, "reason" "ok", "file" { "filename" "my summary report pdf", "file data" "test" } } ] list alerts retrieve a comprehensive list of alerts from digital shadows search light for monitoring and analysis endpoint url /v1/alerts method get input argument name type required description id array optional one or more alert identifiers to resolve must provide between 1 and 100 items offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 100 output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "fri, 12 jul 2024 07 48 57 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x correlation id" "ekp5qdrj8trrj", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "2", "retry after" "2", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0" }, "reason" "", "json body" \[ {} ] } ] list impersonating domain alerts retrieve domain impersonation alerts linked to your organization from digital shadows search light endpoint url /v1/impersonating domain alerts method get input argument name type required description offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 100 id array optional one or more alert identifiers to resolve must provide between 1 and 100 items output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 15 jul 2024 05 58 09 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x correlation id" "4cph9jpbrknbk", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "51", "retry after" "51", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0" }, "reason" "", "json body" \[ {} ] } ] list impersonating subdomain alerts retrieve a list of alerts for subdomains impersonating your domain from digital shadows search light endpoint url /v1/impersonating subdomain alerts method get input argument name type required description offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 100 id array optional one or more alert identifiers to resolve must provide between 1 and 100 items output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "fri, 20 sep 2024 06 40 34 gmt", "content type" "text/html", "transfer encoding" "chunked" }, "reason" "ok", "json body" {} } ] list incidents retrieve a comprehensive list of incidents from digital shadows search light for analysis and tracking endpoint url /v1/incidents method get input argument name type required description id array optional one or more incident identifiers to resolve must provide between 1 and 100 items offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 100 limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must provide between 1 and 100 items output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "fri, 12 jul 2024 08 39 14 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x correlation id" "ara0qc4vq686k", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "45", "retry after" "45", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0" }, "reason" "", "json body" \[ {}, {} ] } ] list triage item comments retrieve comments associated with a specific triage item in digital shadows search light using the triage id endpoint url /v1/triage items/{{triage id}}/comments method get input argument name type required description triage id string required unique identifier offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 250 limit number optional the maximum number of items to return if unset, the default value will be 10 must be any value between 0 and 250 output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 15 jul 2024 05 52 43 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x correlation id" "bqq049uqvff91", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "17", "retry after" "17", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0" }, "reason" "", "json body" \[ {}, {} ] } ] list triage item events retrieve a comprehensive list of events associated with triage items from digital shadows search light endpoint url /v1/triage item events method get input argument name type required description event num after number optional return events with an event num greater than this value must be greater than or equal to 0 event created before string optional return events with a created time equal to or before this value event created after string optional return events with a created time equal to or after this value limit number optional the maximum number of items to return if unset, the default value will be 200 must be any value between 0 and 1000 risk type array optional return events with a risk type in the provided list must provide between 1 and 100 items must provide between 1 and 100 items risk type exclusion array optional return events with a risk type not in the provided list must provide between 1 and 100 items must provide between 1 and 100 items state array optional return events with a state in the provided list must provide between 1 and 100 items output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "fri, 12 jul 2024 06 17 04 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x correlation id" "4v34qluf9536t", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "55", "retry after" "55", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0" }, "reason" "", "json body" \[ {} ] } ] list triage items retrieve a list of triage items linked to specific event ids from digital shadows search light endpoint url /v1/triage items method get input argument name type required description id array optional one or more triage item identifiers to resolve must provide between 1 and 100 items offset number optional the (zero based) offset of the first item in the collection to return must be any value between 0 and 1000 limit number optional the maximum number of items to return will default to 10 unless using id which will default to the number of ids provided must be any value between 0 and 1000 portal shortcode array optional one or more triage item portal shortcode to resolve must provide between 1 and 100 items output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "fri, 12 jul 2024 07 34 57 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x correlation id" "ehof7vr5nljjn", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "2", "retry after" "2", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0" }, "reason" "", "json body" \[ {}, {} ] } ] set triage item state updates the state of a specified triage item in digital shadows search light using the provided triage id and state endpoint url /v1/triage items/{{triage id}}/state method put input argument name type required description triage id string required identifier of the triage item to set the state for state string required the new state to set for the triage item previous state string optional the previous state as last seen prior to requesting this change used to confirm that this change is not overwriting a change made by another user in the interim comment object optional an optional custom comment to include with the state change content string required the comment text content must not include the null character output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "date" "tue, 16 jul 2024 05 46 59 gmt", "connection" "keep alive", "x correlation id" "31lhvt1olkg82", "vary" "origin, access control request method, access control request headers", "ratelimit limit" "100", "ratelimit remaining" "99", "ratelimit reset" "1", "retry after" "1", "x content type options" "nosniff", "x xss protection" "1; mode=block", "cache control" "no cache, no store, max age=0, must revalidate", "pragma" "no cache", "expires" "0", "x frame options" "deny" }, "reason" "ok", "response text" "success" } ] response headers header description example cache control directives for caching mechanisms public,must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self'; script src 'self' 'unsafe eval' content pendo portal digitalshadows com data pendo portal digitalshadows com; style src 'self' 'unsafe inline' content pendo portal digitalshadows com data pendo portal digitalshadows com; img src 'self' data content pendo portal digitalshadows com data pendo portal digitalshadows com; connect src 'self' https // searchlight app content pendo portal digitalshadows com data pendo portal digitalshadows com; child src 'self' data pendo portal digitalshadows com; frame ancestors 'self' data pendo portal digitalshadows com; frame src 'self' data pendo portal digitalshadows com; report uri https //portal digitalshadows com/api/csp reports https //portal digitalshadows com/api/csp reports content type the media type of the resource application/json date the date and time at which the message was originated fri, 12 jul 2024 06 17 04 gmt etag an identifier for a specific version of a resource w/"56dd7570a373e62c928834ca1b4be940" expires the date/time after which the response is considered stale 0 last modified the date and time at which the origin server believes the resource was last modified thu, 13 feb 2025 07 55 46 gmt pragma http response header pragma no cache ratelimit limit http response header ratelimit limit 100 ratelimit remaining http response header ratelimit remaining 99 ratelimit reset http response header ratelimit reset 51 referrer policy http response header referrer policy strict origin, origin,strict origin retry after http response header retry after 51 server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers via http response header via 1 1 9e962ebb7744c5eda2db5997b7dde0c6 cloudfront net (cloudfront) x amz cf id http response header x amz cf id co2 skqyuiw3itup3t9mspw6qilwesnnf n52zw5wn0rpukhffpp9a== x amz cf pop http response header x amz cf pop lhr61 p5 x amz id 2 http response header x amz id 2 s5aks/5liqr1vgwuuzf2xjjpk9flp0iyfpfdmdjxuyjboox11h216pkj8nkympbbnwbzkzgyoh8= x amz request id http response header x amz request id xwfwm270wjajvy27 x amz server side encryption http response header x amz server side encryption aes256 notes the documentation is only available on the digital shadows box