Flashpoint

flashpoint is a threat intelligence platform that provides extensive security insights by analyzing data from various sources on the internet, including the deep and dark web flashpoint delivers comprehensive threat intelligence solutions that empower organizations to respond to threats with speed and precision the flashpoint connector for swimlane turbine enables users to automate the retrieval of forum posts, indicators of compromise (iocs), and intelligence reports directly within their security workflows by integrating with flashpoint, swimlane turbine users gain the ability to enrich incidents, enhance threat detection, and streamline intelligence gathering without manual intervention this connector leverages flashpoint's extensive data sources to provide actionable insights, ensuring that security teams can stay ahead of emerging threats prerequisites to effectively utilize the flashpoint connector within swimlane turbine, ensure you have the following prerequisites http bearer authentication with the following parameters url endpoint for the flashpoint api token bearer token required to authenticate api requests capabilities this connector provides the following capabilities get forum posts get indicators of compromise get reports setup generate api token login to the fp tools with your individualized credentials click the settings icon on the upper right hand corner of the screen click enter credentials and enter your fp tools credentials if you do not see this section in your settings, confirm that you have api access your api token is now valid for api calls until you revoke it notes tasks that use the since and until input parameters accept the following formats most standard datetime formats will work you can also use a relative time period for example 5h indicates the previous five hours and +2d indicates the two following days valid units are; years(y), months(m), weeks(w), days(d), hours(h), minutes(m), seconds(s) configurations flashpoint http bearer authentication authenticates using bearer token such as a api key token, jwt etc configuration parameters parameter description type required url a url to the target host string required token the api key, token, etc string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get forum posts retrieve forum posts matching specific search parameters from flashpoint endpoint url /api/v4/forums/posts method get input argument name type required description parameters limit integer optional the number of results to return per page parameters query string optional a search term ie threat parameters since string optional a timestamp ie 2019 10 01t16 58 00 +00 00 parameters until string optional a timestamp ie 2019 10 01t16 58 00 +00 00 input example {"parameters" {"limit" 20,"query" "string","since" "string","until" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request response object output field response response body string request body data response thread string output field response thread response forum string output field response forum response author string output field response author response url string url endpoint for the request response native id string unique identifier response published at string output field response published at response legacy id string unique identifier response reply number string output field response reply number response platform url string url endpoint for the request response id string unique identifier response room string output field response room output example {"status code" 200,"reason" "ok","headers"\ null,"response" {"body" "body","thread" "thread","forum" "forum","author" "author","url" "url","native id" "native id","published at" "published at","legacy id" "legacy id","reply number" "reply number","platform url" "platform url","id" "id","room" "room"}} get iocs retrieve indicators of compromise from flashpoint that match the search parameters endpoint url /api/v4/indicators/attribute method get input argument name type required description parameters limit integer optional the number of results to return per page parameters query string optional a search term ie threat parameters since string optional a timestamp ie 2019 10 01t16 58 00 +00 00 parameters until string optional a timestamp ie 2019 10 01t16 58 00 +00 00 input example {"parameters" {"limit" 20,"query" "string","since" "string","until" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request response object output field response response category string output field response category response uuid string unique identifier response event id string unique identifier response timestamp string output field response timestamp response header source string output field response header source response basetypes array type of the resource response fpid string unique identifier response value string value for the parameter response header ingested at string output field response header ingested at response header observed at string output field response header observed at response type string type of the resource response header indexed at string output field response header indexed at response header is visible boolean output field response header is visible output example {"status code" 200,"reason" "ok","headers"\ null,"response" {"category" "category","uuid" "uuid","event id" "event id","timestamp" "timestamp","header source" "header source","basetypes" \["basetypes"],"fpid" "fpid","value" "value","header ingested at" "header ingested at","header observed at" "header observed at","type" "type","header indexed at" "header indexed at","header is visible"\ false}} get reports retrieves flashpoint reports based on specified search parameters, providing relevant threat intelligence data endpoint url /api/v4/reports method get input argument name type required description parameters limit integer optional the number of results to return per page parameters query string optional a search term ie threat parameters since string optional a timestamp ie 2019 10 01t16 58 00 +00 00 parameters until string optional a timestamp ie 2019 10 01t16 58 00 +00 00 input example {"parameters" {"limit" 20,"query" "string","since" "string","until" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request response object output field response response asset ids string unique identifier response notified at string output field response notified at response updated at string output field response updated at response published status string status value response id string unique identifier response sources original array output field response sources original response tags array output field response tags response title string output field response title response posted at string output field response posted at response version posted at string output field response version posted at response ingested at string output field response ingested at response body string request body data response platform url string url endpoint for the request response is featured boolean output field response is featured response title asset id string unique identifier response summary string output field response summary output example {"status code" 200,"reason" "ok","headers"\ null,"response" {"asset ids" "asset ids","notified at" "notified at","updated at" "updated at","published status" "published status","id" "id","sources original" \["sources original"],"tags" \["tags"],"title" "title","posted at" "posted at","version posted at" "version posted at","ingested at" "ingested at","body" "body","platform url" "platform url","is featured"\ false,"title asset id" "title asset id"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt