Flashpoint

flashpoint is a threat intelligence platform that provides extensive security insights by analyzing data from various sources on the internet, including the deep and dark web flashpoint delivers comprehensive threat intelligence solutions that empower organizations to respond to threats with speed and precision the flashpoint connector for swimlane turbine enables users to automate the retrieval of forum posts, indicators of compromise (iocs), and intelligence reports directly within their security workflows by integrating with flashpoint, swimlane turbine users gain the ability to enrich incidents, enhance threat detection, and streamline intelligence gathering without manual intervention this connector leverages flashpoint's extensive data sources to provide actionable insights, ensuring that security teams can stay ahead of emerging threats prerequisites to effectively utilize the flashpoint connector within swimlane turbine, ensure you have the following prerequisites http bearer authentication with the following parameters url endpoint for the flashpoint api token bearer token required to authenticate api requests capabilities this connector provides the following capabilities get forum posts get indicators of compromise get reports setup generate api token login to the flashpoint intelligence platform fp tools with your individualized credentials click the settings icon on the upper right hand corner of the screen click enter credentials and enter your fp tools credentials if you do not see this section in your settings, confirm that you have api access your api token is now valid for api calls until you revoke it configurations flashpoint http bearer authentication authenticates using bearer token such as a api key token, jwt etc configuration parameters parameter description type required url a url to the target host string required token the api key, token, etc string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get forum posts retrieve forum posts matching specific search parameters from flashpoint endpoint url /api/v4/forums/posts method get input argument name type required description limit integer optional the number of results to return per page query string optional a search term ie threat since string optional a timestamp ie 2019 10 01t16 58 00 +00 00 until string optional a timestamp ie 2019 10 01t16 58 00 +00 00 output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request response object output field response body string request body data thread string output field thread forum string output field forum author string output field author url string url endpoint for the request native id string unique identifier published at string output field published at legacy id string unique identifier reply number string output field reply number platform url string url endpoint for the request id string unique identifier room string output field room example \[ { "status code" 200, "reason" "ok", "headers" null, "response" { "body" "body", "thread" "thread", "forum" "forum", "author" "author", "url" "url", "native id" "native id", "published at" "published at", "legacy id" "legacy id", "reply number" "reply number", "platform url" "platform url", "id" "id", "room" "room" } } ] get iocs retrieve indicators of compromise from flashpoint that match the search parameters endpoint url /api/v4/indicators/attribute method get input argument name type required description limit integer optional the number of results to return per page query string optional a search term ie threat since string optional a timestamp ie 2019 10 01t16 58 00 +00 00 until string optional a timestamp ie 2019 10 01t16 58 00 +00 00 output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request response object output field response category string output field category uuid string unique identifier event id string unique identifier timestamp string output field timestamp header source string output field header source basetypes array type of the resource fpid string unique identifier value string value for the parameter header ingested at string output field header ingested at header observed at string output field header observed at type string type of the resource header indexed at string output field header indexed at header is visible boolean output field header is visible example \[ { "status code" 200, "reason" "ok", "headers" null, "response" { "category" "category", "uuid" "uuid", "event id" "event id", "timestamp" "timestamp", "header source" "header source", "basetypes" \[], "fpid" "fpid", "value" "value", "header ingested at" "header ingested at", "header observed at" "header observed at", "type" "type", "header indexed at" "header indexed at", "header is visible" false } } ] get reports retrieves flashpoint reports based on specified search parameters, providing relevant threat intelligence data endpoint url /api/v4/reports method get input argument name type required description limit integer optional the number of results to return per page query string optional a search term ie threat since string optional a timestamp ie 2019 10 01t16 58 00 +00 00 until string optional a timestamp ie 2019 10 01t16 58 00 +00 00 output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request response object output field response asset ids string unique identifier notified at string output field notified at updated at string output field updated at published status string status value id string unique identifier sources original array output field sources original tags array output field tags title string output field title posted at string output field posted at version posted at string output field version posted at ingested at string output field ingested at body string request body data platform url string url endpoint for the request is featured boolean output field is featured title asset id string unique identifier summary string output field summary example \[ { "status code" 200, "reason" "ok", "headers" null, "response" { "asset ids" "asset ids", "notified at" "notified at", "updated at" "updated at", "published status" "published status", "id" "id", "sources original" \[], "tags" \[], "title" "title", "posted at" "posted at", "version posted at" "version posted at", "ingested at" "ingested at", "body" "body", "platform url" "platform url", "is featured" false, "title asset id" "title asset id" } } ] notes tasks that use the since and until input parameters accept the following formats most standard datetime formats will work you can also use a relative time period for example 5h indicates the previous five hours and +2d indicates the two following days valid units are; years(y), months(m), weeks(w), days(d), hours(h), minutes(m), seconds(s)