HackNotice

the hacknotice connector allows users to integrate real time data breach alerts and threat intelligence into their security workflows hacknotice is a digital guardian that provides real time monitoring and analysis of data leaks and breaches the hacknotice connector for swimlane turbine enables users to search for specific terms, count occurrences, and retrieve documents related to data leaks, both current and historical this integration empowers security teams to proactively monitor for potential threats, analyze historical data for risk assessment, and respond swiftly to incidents by leveraging hacknotice's capabilities within swimlane turbine, organizations can enhance their cyber threat intelligence and maintain a vigilant stance against data breaches prerequisites to effectively utilize the hacknotice connector for turbine, ensure you have the following custom asset authentication with these parameters url the endpoint url for the hacknotice api username your hacknotice account username password your hacknotice account password api key a unique key provided by hacknotice for accessing their api capabilities the hacknotice has the following capabilities count search term count search term with start and end dates read a document read a document from leaked files search all leaked files search all leaks search filename term and page search term and page search term and page with start and end dates search word pool and page search word pool and page with start and end dates api documentation link https //documenter getpostman com/view/806684/rwahza6c#93e9326e ba80 4a31 ab3e aafcf0aa14f3 configurations hacknotice custom asset authenticates using custom asset configuration parameters parameter description type required url a url to the target host string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional username username string required password password string required x apikey api key string required actions count search term counts the occurrences of a search term in hacknotice, requiring specific data body and headers endpoint url /research/count/term method post input argument name type required description data body object required response data data body term string required any search word or phrase data body searchtype string optional search types are match phrase, wildcard pre, wildcard post, wildcard both if no or incorrect type is given, defaults to match phrase data body filename string optional response data data body filesearchtype string optional response data headers object required http headers for the request headers content type string required http headers for the request input example {"data body" {"term" "example org","searchtype" "match phrase","filename" "000002 0 csv recon 07 09 20","filesearchtype" "wildcard post"},"headers" {"content type" "application/x www form urlencoded"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "1","date" "tue, 23 apr 2024 07 02 36 gmt","connection" "keep alive"},"reason" "ok","json body" 0} count search term with start and end dates counts the occurrences of a search term within a specified date range in hacknotice, requiring data body and headers endpoint url /research/count/term method post input argument name type required description data body object required response data data body term string required any search word or phrase data body searchtype string optional search types are match phrase, wildcard pre, wildcard post, wildcard both if no or incorrect type is given, defaults to match phrase data body startdate string optional enter the start date in yyyy mm dd format data body enddate string optional enter the end date in yyyy mm dd format headers object required http headers for the request headers content type string required http headers for the request input example {"data body" {"term" "example com","searchtype" "match phrase","startdate" "2019 01 01","enddate" "2019 04 01"},"headers" {"content type" "application/x www form urlencoded"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "5","date" "tue, 23 apr 2024 16 33 12 gmt","connection" "keep alive"},"reason" "ok","json body" 94064} read a document retrieve a specific document from hacknotice using the unique document id provided in the path parameters endpoint url /leakreportsv2/{{documentid}} method get input argument name type required description path parameters documentid string required parameters for the read a document action headers object required http headers for the request headers content type string required http headers for the request input example {"path parameters" {"documentid" "5dc1d78637cb98580338fd6c"},"headers" {"content type" "application/x www form urlencoded"}} output parameter type description status code number http status code of the response reason string response reason phrase filenames array name of the resource filenames file name string name of the resource filenames file string name of the resource id string unique identifier domain string output field domain leak name string name of the resource description string output field description published date string date value timestamp string output field timestamp tags array output field tags tags tags array output field tags tags tags id string unique identifier tags valueindex number value for the parameter predicted tags array output field predicted tags predicted tags file name string name of the resource predicted tags file string output field predicted tags file v number output field v breachresolved boolean output field breachresolved output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "450","etag" "\\"296339361\\"","date" "tue, 23 apr 2024 07 34 03 gmt","connection" "keep alive"},"reason" "ok","json body" {"filenames" \[]," id" "5dc1d78637cb98580338fd6c","domain" "twitter com","leak name" "twitter com","description" "alleged leak of information related to the domain twitter com","published date" "2019 10 01t00 00 00 540z","timestamp" "2019 11 05t20 11 50 180z","tags read a document from leaked files retrieve a specific document from leaked files in hacknotice using the provided document id endpoint url /leakfile/{{documentid}} method get input argument name type required description path parameters documentid string required parameters for the read a document from leaked files action headers object required http headers for the request headers content type string required http headers for the request input example {"path parameters" {"documentid" "5b74372f7629834dfefc15a5"},"headers" {"content type" "application/x www form urlencoded"}} output parameter type description status code number http status code of the response reason string response reason phrase size number output field size linecount number count value password type string type of the resource id string unique identifier filename object name of the resource folder object output field folder timestamp object output field timestamp v number output field v domain string output field domain description string output field description leak name string name of the resource published mo yr string output field published mo yr process timestamp object output field process timestamp attemptedtag boolean output field attemptedtag tags array output field tags tags tags array output field tags tags tags id string unique identifier tags valueindex number value for the parameter retag boolean output field retag predicted tags array output field predicted tags predicted tags file name string name of the resource predicted tags file string output field predicted tags file output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "764","etag" "\\" 229788744\\"","date" "tue, 23 apr 2024 15 34 36 gmt","connection" "keep alive"},"reason" "ok","json body" {"size" 4081437,"linecount" 149695,"password type" "none"," id" "5b74372f7629834dfefc15a5","filename"\ null,"folder"\ null,"timestamp"\ null," v" 1,"domain" "leak 1 2019 combo","description" "a credential combination list shared during january 2019 in the hacker co search all leaked files searches all leaked documents in hacknotice and returns them in reverse chronological order, requiring a data body input endpoint url /leakfile/search method post input argument name type required description data body object required response data data body term string required string search for the exact value in the domain input example {"data body" {"term" "twitter com"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "94487","date" "wed, 24 apr 2024 07 44 03 gmt","connection" "keep alive"},"reason" "ok","json body" \[{"size" 117046440,"linecount" 3606790,"password type" "plaintext"," id" "66020a8254f5372e640d1afe","filename"\ null," v" 0,"published mo yr" "2024 03 01t00 00 00 488z","timestamp"\ null,"process timestamp"\ null,"folder"\ null,"domain" "twitter com","description" "alleged leak of inform search all leaks searches all hacknotice documents and returns them in reverse chronological order, requiring a data body input endpoint url /leakreportsv2/search method post input argument name type required description data body object required response data data body term string required inclusive string search for the value in the domain or title input example {"data body" {"term" "twitter com"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} search filename term and page performs a search for filenames across hacknotice pages, requiring path parameters and data body inputs endpoint url /research/search/filename/term/page/{{pageno}} method post input argument name type required description path parameters pageno number required parameters for the search filename term and page action data body object required response data data body term string required any search word or phrase data body searchtype string required search types are match phrase, wildcard post if incorrect type is given, defaults to match phrase data body order string optional optional default is asc (top of file first), can be desc data body searchafter string optional optional the sort integer of the last object you use this to get pages after page 199 if this is set, it ignores the page in the url data body offset number optional response data data body creds boolean optional response data data body ncsv boolean optional response data data body redacted boolean optional response data headers object required http headers for the request headers content type string required http headers for the request input example {"path parameters" {"pageno" 1},"data body" {"term" "000002 0 csv recon 07 09 20","searchtype" "wildcard post","order" "asc","searchafter" "17374216","offset" 18000,"creds"\ true,"ncsv"\ true,"redacted"\ true},"headers" {"content type" "application/x www form urlencoded"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "127650","date" "tue, 23 apr 2024 17 17 33 gmt","connection" "keep alive"},"reason" "ok","json body" \[{" index" "newleaks2"," type" "leak"," id" "+qtmk/1pd5fdjlofdzpp+n9p0fi="," score"\ null," source" {},"sort" \[],"partial"\ false,"leakfiledoc" {}}]} search term and page performs a search in hacknotice using specified terms and retrieves results from the page number provided endpoint url /research/search/term/page/{{pageno}} method post input argument name type required description path parameters pageno number required parameters for the search term and page action data body object required response data data body term string required any search word or phrase data body searchtype string required search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase data body filename string required response data data body filesearchtype string required response data data body order string optional optional default is desc (newest first), can be asc data body searchafter number optional optional the sort integer of the last object you use this to get pages after page 199 if this is set, it ignores the page in the url data body creds boolean optional response data data body domainfilter boolean optional response data data body csv boolean optional response data data body word boolean optional response data data body credsonly boolean optional response data data body reacted boolean optional response data data body monthly boolean optional response data data body fullrecords boolean optional response data headers object required http headers for the request headers content type string required http headers for the request input example {"path parameters" {"pageno" 1},"data body" {"term" "google com","searchtype" "match phrase","filename" "000002 0 csv recon 07 09 20","filesearchtype" "wildcard post","order" "asc","searchafter" 1522160999476,"creds"\ true,"domainfilter"\ true,"csv"\ true,"word"\ true,"credsonly"\ true,"reacted"\ false,"monthly"\ true,"fullrecords"\ true},"headers" {"content type" "application/x www form urlencoded"}} output parameter type description status code number http status code of the response reason string response reason phrase message string response message output example {"status code" 401,"response headers" {"x powered by" "express","content type" "application/json","content length" "34","date" "tue, 23 apr 2024 17 22 38 gmt","connection" "keep alive"},"reason" "unauthorized","json body" {"message" "search term required"}} search term and page with start and end dates performs a search in hacknotice using a term within specified start and end dates, returning results for a given page number endpoint url /research/search/term/page/{{pageno}} method post input argument name type required description path parameters pageno number required parameters for the search term and page with start and end dates action data body object required response data data body term string required any search word or phrase data body searchtype string required search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase data body startdate string required enter a start date in yyyy mm dd format data body enddate string required enter a end date in yyyy mm dd format data body order string optional optional default is desc (newest first), can be asc data body searchafter number optional optional the sort integer of the last object you use this to get pages after page 199 if this is set, it ignores the page in the url headers object required http headers for the request headers content type string required http headers for the request input example {"path parameters" {"pageno" 1},"data body" {"term" "example org","searchtype" "match phrase","startdate" "2019 03 01","enddate" "2019 04 01","order" "asc","searchafter" 1551549891640},"headers" {"content type" "application/x www form urlencoded"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} search word pool and page executes a search within a specified word pool and page number in hacknotice, requiring parameters like searchtype, pool, and match endpoint url /research/search/pool/page/{{pageno}} method post input argument name type required description path parameters pageno number required parameters for the search word pool and page action searchtype string optional search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase pool array optional parameter for search word pool and page match string optional parameter for search word pool and page startdate string optional enter a start date in yyyy mm dd format enddate string optional enter a end date in yyyy mm dd format fullrecords boolean optional parameter for search word pool and page input example {"json body" {"searchtype" "word pool","pool" \["first","second"],"match" "2","startdate" "2015 04 03","enddate" "2022 07 30","fullrecords"\ true},"path parameters" {"pageno" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "125992","date" "wed, 24 apr 2024 08 13 11 gmt","connection" "keep alive"},"reason" "ok","json body" \[{" index" "newleaks2"," type" "leak"," id" "+njjuemp/hgzrkupzyeqmnri2ic="," score"\ null," source" {},"highlight" {},"sort" \[],"partial"\ true,"highlightv2" \[],"leakfiledoc" {}}]} search word pool and page with start and end dates performs a search within a specified word pool on hacknotice, filtering by dates and returning results for a given page number endpoint url /research/search/pool/page/{{pageno}} method post input argument name type required description path parameters pageno number required parameters for the search word pool and page with start and end dates action searchtype string optional search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase pool array optional parameter for search word pool and page with start and end dates match string optional parameter for search word pool and page with start and end dates startdate string optional enter a start date in yyyy mm dd format enddate string optional enter a end date in yyyy mm dd format order string optional parameter for search word pool and page with start and end dates searchafter number optional parameter for search word pool and page with start and end dates input example {"json body" {"searchtype" "word pool","pool" \["1600","pennsylvania","washington"],"match" "3","startdate" "2018 12 01","enddate" "2019 04 01","order" "asc","searchafter" 1544741801755},"path parameters" {"pageno" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"x powered by" "express","content type" "application/json","content length" "363305","date" "wed, 24 apr 2024 09 18 06 gmt","connection" "keep alive"},"reason" "ok","json body" \[{" index" "newleaks2"," type" "leak"," id" "zwnu0l+papeegjj+c0gwzb+crrs="," score"\ null," source" {},"highlight" {},"sort" \[],"partial"\ true,"highlightv2" \[],"leakfiledoc" {}}]} response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 363305 content type the media type of the resource application/json date the date and time at which the message was originated wed, 24 apr 2024 09 18 06 gmt etag an identifier for a specific version of a resource "296339361" x powered by http response header x powered by express