Hunters

the hunters connector enables automated interactions with the hunters threat detection and response platform, facilitating advanced security operations hunters is a cutting edge threat detection and response platform that specializes in aggregating and analyzing security data to identify potential threats the hunters connector for swimlane turbine enables users to seamlessly integrate threat management capabilities into their security workflows with this connector, security teams can add comments to leads, retrieve comprehensive leads lists, monitor data source health, and update lead statuses and classifications without leaving the swimlane environment this integration empowers users to act swiftly on threats, streamline their security operations, and maintain a strong security posture with minimal manual intervention limitations none to date supported versions this hunters connector uses the latest version api additional docs https //docs hunters ai/ configuration prerequisites to effectively utilize the hunters connector within swimlane turbine, ensure you have the following prerequisites http bearer authentication with the following parameters url the endpoint url for hunters api access token a valid bearer token such as jwt for secure authentication authentication methods http bearer authentication url the endpoint url for the hunters api username your hunters username with sufficient permissions token the token for the hunters api capabilities this hunters connector provides the following capabilities add lead comment get data sources status and health get leads get leads change log set lead status set leads classification set leads status configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api key, token, etc string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add lead comment adds a user defined comment to a specific lead in hunters, identified by the unique lead uuid endpoint url /leads/{{lead uuid}}/comment method post input argument name type required description path parameters lead uuid string required the uuid of the lead to update parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only comment string optional the comment to add to the lead input example {"path parameters" {"lead uuid" "string"},"parameters" {"organization" "string","org id" "string"},"comment" "string"} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results id string unique identifier results text string result of the operation results writer string result of the operation results created at string result of the operation output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} get data sources status and health retrieve operational insights by checking the status and health of data sources integrated with hunters endpoint url get data sources status and health method get input argument name type required description parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters dataflow id string optional return only results for the specified data flow id input example {"parameters" {"organization" "string","dataflow id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results dataflow string response data results id string unique identifier results datatype string response data results integration type string type of the resource results description object result of the operation results status string status value results error details object result of the operation results last insertion time string result of the operation output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} get leads retrieves a complete list of leads from the hunters platform, facilitating efficient lead management endpoint url /leads method get input argument name type required description parameters uuid array optional to return only specific leads, provide a list of lead ids, separated by comma parameters offset number optional the starting point for the paged response parameters limit number optional define the maximum number of items to be returned in the paged response maximum 10000 parameters risk array optional return only leads with the specified risk level(s), separated by a comma parameters status array optional return only leads in the specified status(es), separated by comma parameters investigation state array optional return only leads in the specified auto investigation state(s), separated by a comma parameters source array optional the name of the vendor from which data originates parameters assignee array optional return only leads with specific assignee(s) the expected value is the assignee's email address or addresses, separated by a comma parameters sort array optional determine how leads will be sorted use desc and asc to determine order parameters is alert boolean optional set to true to return only leads that matured into alerts, and to false to return all leads parameters show null status boolean optional if set to true, all leads without a set status will be returned with status = null instead of "open" parameters since string optional return only leads that were created after the specified date (iso 8601) parameters until string optional return only leads that were created before the specified date (iso 8601) parameters updated since string optional used with investigation state and updated until to return only leads that transitioned to a specific investigation status inside a specific timeframe (iso 8601) parameters updated until string optional used with investigation state and updated since to return only leads that transitioned to a specific investigation status within a specific timeframe (iso 8601) parameters organization string optional return only results relevant to the specified organization relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id relevant to multi tenant applications only parameters detector array optional return only leads originating from the specified detector(s), separated by a comma parameters data source array optional return only leads involving the specified data source(s), separated by a comma parameters include attributes boolean optional include lead attributes in the response parameters threat uuid string optional the id of the threat cluster parameters context uuid string optional the id of the context by which leads are clustered input example {"parameters" {"uuid" \["string"],"offset" 123,"limit" 123,"risk" \["string"],"status" \["string"],"investigation state" \["string"],"source" \["string"],"assignee" \["string"],"sort" \["string"],"is alert"\ true,"show null status"\ true,"since" "string","until" "string","updated since" "string","updated until" "string","organization" "string","org id" "string","detector" \["string"],"data source" \["string"],"include attributes"\ true,"threat uuid" "string","context uuid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results uuid string unique identifier results event time string result of the operation results event end time string result of the operation results score number result of the operation results source string result of the operation results description string result of the operation results status string status value results ingestion time string result of the operation results detection time string result of the operation results risk string result of the operation results comments array result of the operation results comments id string unique identifier results comments text string result of the operation results comments writer string result of the operation results comments created at string result of the operation results detector string result of the operation results data sources string response data results investigation state string result of the operation results threat uuid string unique identifier results is alert boolean result of the operation results threat description string result of the operation results classification string result of the operation output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} get leads change log retrieve a detailed log of changes to leads within the hunters platform, offering insights into modifications endpoint url /leads/change log method get input argument name type required description parameters uuid array optional to return only specific leads, provide a list of lead ids, separated by comma parameters offset number optional the starting point for the paged response parameters limit number optional define the maximum number of items to be returned in the paged response maximum 10000 parameters risk array optional return only leads with the specified risk level(s), separated by a comma parameters status array optional return only leads in the specified status(es), separated by comma parameters source array optional the name of the vendor from which data originates parameters assignee array optional return only leads with specific assignee(s) the expected value is the assignee's email address or addresses, separated by a comma parameters sort array optional determine how leads will be sorted use desc and asc to determine order parameters is alert boolean optional set to true to return only leads that matured into alerts, and to false to return all leads parameters since string optional return only leads that were created after the specified date (iso 8601) parameters until string optional return only leads that were created before the specified date (iso 8601) parameters organization string optional return only results relevant to the specified organization relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id relevant to multi tenant applications only parameters detector array optional return only leads originating from the specified detector(s), separated by a comma parameters data source array optional return only leads involving the specified data source(s), separated by a comma parameters threat uuid string optional the id of the threat cluster parameters context uuid string optional the id of the context by which leads are clustered parameters change time since string optional return only leads that were updated after the specified date (iso 8601) used with change time until parameters change time until string optional return only leads that were updated before the specified date (iso 8601) used with change time since input example {"parameters" {"uuid" \["string"],"offset" 123,"limit" 123,"risk" \["string"],"status" \["string"],"source" \["string"],"assignee" \["string"],"sort" \["string"],"is alert"\ true,"since" "string","until" "string","organization" "string","org id" "string","detector" \["string"],"data source" \["string"],"threat uuid" "string","context uuid" "string","change time since" "string","change time until" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results uuid string unique identifier results detection time string result of the operation results event time string result of the operation results change log array result of the operation results change log change id string unique identifier results change log change type string type of the resource results change log old value string value for the parameter results change log new value string value for the parameter results change log timestamp string result of the operation results change log actor id string unique identifier results change log change actor string result of the operation results change log actor type string type of the resource output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} set lead status updates a lead's status in hunters by using the unique identifier (uuid) and a specified new status value endpoint url /leads/{{lead uuid}}/status method patch input argument name type required description path parameters lead uuid string required the uuid of the lead to update parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only status string optional the status of the lead, as defined by the user input example {"path parameters" {"lead uuid" "string"},"parameters" {"organization" "string","org id" "string"},"status" "active"} output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation results object object result of the operation results object uuid string unique identifier results object status string status value output example {"status code" 200,"reason" "ok","json body" {"results" {"object" {}}}} set leads classification assign a classification status to specified leads in hunters by their unique identifiers, with options including benign, malicious, or unknown endpoint url /leads/classification method post input argument name type required description parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only classification string optional the classification of the lead, as defined by the user lead uuids array optional the uuids of the leads to update this field is required input example {"parameters" {"organization" "string","org id" "string"},"classification" "string","lead uuids" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation results success object result of the operation results success lead uuids array unique identifier results success classification string result of the operation results failed object result of the operation results failed lead uuids array unique identifier output example {"status code" 200,"reason" "ok","json body" {"results" {"success" {},"failed" {}}}} set leads status bulk update the status of specified leads in hunters using 'status' and 'lead uuids' parameters endpoint url /leads/status method patch input argument name type required description parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only status string optional the status of the lead, as defined by the user lead uuids array optional the uuids of the leads to update this field is required input example {"parameters" {"organization" "string","org id" "string"},"status" "active","lead uuids" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation results success object result of the operation results success lead uuids array unique identifier results failed object result of the operation results failed lead uuids array unique identifier output example {"status code" 200,"reason" "ok","json body" {"results" {"success" {},"failed" {}}}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt