HackNotice

the hacknotice connector allows users to integrate real time data breach alerts and threat intelligence into their security workflows hacknotice is a digital guardian that provides real time monitoring and analysis of data leaks and breaches the hacknotice connector for swimlane turbine enables users to search for specific terms, count occurrences, and retrieve documents related to data leaks, both current and historical this integration empowers security teams to proactively monitor for potential threats, analyze historical data for risk assessment, and respond swiftly to incidents by leveraging hacknotice's capabilities within swimlane turbine, organizations can enhance their cyber threat intelligence and maintain a vigilant stance against data breaches prerequisites to effectively utilize the hacknotice connector for turbine, ensure you have the following custom asset authentication with these parameters url the endpoint url for the hacknotice api username your hacknotice account username password your hacknotice account password api key a unique key provided by hacknotice for accessing their api capabilities the hacknotice has the following capabilities count search term count search term with start and end dates read a document read a document from leaked files search all leaked files search all leaks search filename term and page search term and page search term and page with start and end dates search word pool and page search word pool and page with start and end dates api documentation link hacknotice api documentation link https //documenter getpostman com/view/806684/rwahza6c#93e9326e ba80 4a31 ab3e aafcf0aa14f3 configurations hacknotice custom asset authenticates using custom asset configuration parameters parameter description type required url a url to the target host string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional username username string required password password string required x apikey api key string required actions count search term counts the occurrences of a search term in hacknotice, requiring specific data body and headers endpoint url /research/count/term method post input argument name type required description data body object required response data term string required any search word or phrase searchtype string optional search types are match phrase, wildcard pre, wildcard post, wildcard both if no or incorrect type is given, defaults to match phrase filename string optional name of the resource filesearchtype string optional type of the resource headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "1", "date" "tue, 23 apr 2024 07 02 36 gmt", "connection" "keep alive" }, "reason" "ok", "json body" 0 } ] count search term with start and end dates counts the occurrences of a search term within a specified date range in hacknotice, requiring data body and headers endpoint url /research/count/term method post input argument name type required description data body object required response data term string required any search word or phrase searchtype string optional search types are match phrase, wildcard pre, wildcard post, wildcard both if no or incorrect type is given, defaults to match phrase startdate string optional enter the start date in yyyy mm dd format enddate string optional enter the end date in yyyy mm dd format headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "5", "date" "tue, 23 apr 2024 16 33 12 gmt", "connection" "keep alive" }, "reason" "ok", "json body" 94064 } ] read a document retrieve a specific document from hacknotice using the unique document id provided in the path parameters endpoint url /leakreportsv2/{{documentid}} method get input argument name type required description documentid string required unique identifier headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase filenames array name of the resource file name string name of the resource file string output field file id string unique identifier domain string output field domain leak name string name of the resource description string output field description published date string date value timestamp string output field timestamp tags array output field tags tags array output field tags id string unique identifier valueindex number value for the parameter predicted tags array output field predicted tags file name string name of the resource file string output field file v number output field v breachresolved boolean output field breachresolved example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "450", "etag" "\\"296339361\\"", "date" "tue, 23 apr 2024 07 34 03 gmt", "connection" "keep alive" }, "reason" "ok", "json body" { "filenames" \[], " id" "5dc1d78637cb98580338fd6c", "domain" "twitter com", "leak name" "twitter com", "description" "alleged leak of information related to the domain twitter com", "published date" "2019 10 01t00 00 00 540z", "timestamp" "2019 11 05t20 11 50 180z", "tags" \[], "predicted tags" \[], " v" 0, "breachresolved" true } } ] read a document from leaked files retrieve a specific document from leaked files in hacknotice using the provided document id endpoint url /leakfile/{{documentid}} method get input argument name type required description documentid string required unique identifier headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase size number output field size linecount number count value password type string type of the resource id string unique identifier filename object name of the resource folder object output field folder timestamp object output field timestamp v number output field v domain string output field domain description string output field description leak name string name of the resource published mo yr string output field published mo yr process timestamp object output field process timestamp attemptedtag boolean output field attemptedtag tags array output field tags tags array output field tags id string unique identifier valueindex number value for the parameter retag boolean output field retag predicted tags array output field predicted tags file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "764", "etag" "\\" 229788744\\"", "date" "tue, 23 apr 2024 15 34 36 gmt", "connection" "keep alive" }, "reason" "ok", "json body" { "size" 4081437, "linecount" 149695, "password type" "none", " id" "5b74372f7629834dfefc15a5", "filename" null, "folder" null, "timestamp" null, " v" 1, "domain" "leak 1 2019 combo", "description" "a credential combination list shared during january 2019 in the hacker community ", "leak name" "january 2019 compilation combo list", "published mo yr" "2019 08 01t00 00 00 138z", "process timestamp" null, "attemptedtag" true, "tags" \[] } } ] search all leaked files searches all leaked documents in hacknotice and returns them in reverse chronological order, requiring a data body input endpoint url /leakfile/search method post input argument name type required description data body object required response data term string required string search for the exact value in the domain output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "94487", "date" "wed, 24 apr 2024 07 44 03 gmt", "connection" "keep alive" }, "reason" "ok", "json body" \[ {}, {} ] } ] search all leaks searches all hacknotice documents and returns them in reverse chronological order, requiring a data body input endpoint url /leakreportsv2/search method post input argument name type required description data body object required response data term string required inclusive string search for the value in the domain or title output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] search filename term and page performs a search for filenames across hacknotice pages, requiring path parameters and data body inputs endpoint url /research/search/filename/term/page/{{pageno}} method post input argument name type required description pageno number required parameter for search filename term and page data body object required response data term string required any search word or phrase searchtype string required search types are match phrase, wildcard post if incorrect type is given, defaults to match phrase order string optional optional default is asc (top of file first), can be desc searchafter string optional optional the sort integer of the last object you use this to get pages after page 199 if this is set, it ignores the page in the url offset number optional parameter for search filename term and page creds boolean optional parameter for search filename term and page ncsv boolean optional parameter for search filename term and page redacted boolean optional parameter for search filename term and page headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "127650", "date" "tue, 23 apr 2024 17 17 33 gmt", "connection" "keep alive" }, "reason" "ok", "json body" \[ {} ] } ] search term and page performs a search in hacknotice using specified terms and retrieves results from the page number provided endpoint url /research/search/term/page/{{pageno}} method post input argument name type required description pageno number required parameter for search term and page data body object required response data term string required any search word or phrase searchtype string required search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase filename string required name of the resource filesearchtype string required type of the resource order string optional optional default is desc (newest first), can be asc searchafter number optional optional the sort integer of the last object you use this to get pages after page 199 if this is set, it ignores the page in the url creds boolean optional parameter for search term and page domainfilter boolean optional parameter for search term and page csv boolean optional parameter for search term and page word boolean optional parameter for search term and page credsonly boolean optional parameter for search term and page reacted boolean optional parameter for search term and page monthly boolean optional parameter for search term and page fullrecords boolean optional parameter for search term and page headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase message string response message example \[ { "status code" 401, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "34", "date" "tue, 23 apr 2024 17 22 38 gmt", "connection" "keep alive" }, "reason" "unauthorized", "json body" { "message" "search term required" } } ] search term and page with start and end dates performs a search in hacknotice using a term within specified start and end dates, returning results for a given page number endpoint url /research/search/term/page/{{pageno}} method post input argument name type required description pageno number required parameter for search term and page with start and end dates data body object required response data term string required any search word or phrase searchtype string required search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase startdate string required enter a start date in yyyy mm dd format enddate string required enter a end date in yyyy mm dd format order string optional optional default is desc (newest first), can be asc searchafter number optional optional the sort integer of the last object you use this to get pages after page 199 if this is set, it ignores the page in the url headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] search word pool and page executes a search within a specified word pool and page number in hacknotice, requiring parameters like searchtype, pool, and match endpoint url /research/search/pool/page/{{pageno}} method post input argument name type required description pageno number required parameter for search word pool and page searchtype string required search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase pool array required parameter for search word pool and page match string required parameter for search word pool and page startdate string optional enter a start date in yyyy mm dd format enddate string optional enter a end date in yyyy mm dd format fullrecords boolean optional parameter for search word pool and page output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "125992", "date" "wed, 24 apr 2024 08 13 11 gmt", "connection" "keep alive" }, "reason" "ok", "json body" \[ {} ] } ] search word pool and page with start and end dates performs a search within a specified word pool on hacknotice, filtering by dates and returning results for a given page number endpoint url /research/search/pool/page/{{pageno}} method post input argument name type required description pageno number required parameter for search word pool and page with start and end dates searchtype string required search types are match phrase, wildcard pre, wildcard post, wildcard both if incorrect type is given, defaults to match phrase pool array required parameter for search word pool and page with start and end dates match string required parameter for search word pool and page with start and end dates startdate string optional enter a start date in yyyy mm dd format enddate string optional enter a end date in yyyy mm dd format order string optional parameter for search word pool and page with start and end dates searchafter number optional parameter for search word pool and page with start and end dates output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "x powered by" "express", "content type" "application/json", "content length" "363305", "date" "wed, 24 apr 2024 09 18 06 gmt", "connection" "keep alive" }, "reason" "ok", "json body" \[ {} ] } ] response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 764 content type the media type of the resource application/json date the date and time at which the message was originated tue, 23 apr 2024 17 22 38 gmt etag an identifier for a specific version of a resource "296339361" x powered by http response header x powered by express