Hunters

hunters is a security operations platform that enhances threat detection and response through advanced analytics and automation hunters is a leading security operations platform that enhances threat detection and response capabilities the hunters connector for swimlane turbine allows users to seamlessly integrate hunters' advanced threat management features into their security workflows this integration enables users to efficiently manage leads, update lead statuses, and retrieve detailed operational insights, all within the swimlane turbine environment by leveraging hunters' capabilities, swimlane turbine users can enhance their security operations with streamlined lead management and improved threat response efficiency limitations none to date supported versions this hunters connector uses the latest version api configuration prerequisites before you can use the hunters connector for turbine, you'll need access to the hunters api this requires the following http bearer authentication using the following parameters url the endpoint url for accessing the hunters api token a valid bearer token for authenticating api requests authentication methods http bearer authentication url the endpoint url for the hunters api username your hunters username with sufficient permissions token the token for the hunters api capabilities this hunters connector provides the following capabilities add lead comment get data sources status and health get leads get leads change log set lead status set leads classification set leads status additional documentation https //docs swimlane com/connectors/hunters https //docs hunters ai/ configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api key, token, etc string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add lead comment add a user defined comment to a specific lead in hunters, identified by the unique lead uuid requires json body and path parameters endpoint url /leads/{{lead uuid}}/comment method post input argument name type required description path parameters lead uuid string required the uuid of the lead to update parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only comment string optional the comment to add to the lead input example {"path parameters" {"lead uuid" "string"},"parameters" {"organization" "string","org id" "string"},"comment" "string"} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results id string unique identifier results text string result of the operation results writer string result of the operation results created at string result of the operation output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} get data sources status and health retrieve operational insights by checking the status and health of data sources integrated with hunters endpoint url get data sources status and health method get input argument name type required description parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters dataflow id string optional return only results for the specified data flow id input example {"parameters" {"organization" "string","dataflow id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results dataflow string response data results id string unique identifier results datatype string response data results integration type string type of the resource results description object result of the operation results status string status value results error details object result of the operation results last insertion time string result of the operation output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} get leads retrieve a complete list of leads from the hunters platform to facilitate efficient lead management endpoint url /leads method get input argument name type required description parameters uuid array optional to return only specific leads, provide a list of lead ids, separated by comma parameters offset number optional the starting point for the paged response parameters limit number optional define the maximum number of items to be returned in the paged response maximum 10000 parameters risk array optional return only leads with the specified risk level(s), separated by a comma parameters status array optional return only leads in the specified status(es), separated by comma parameters investigation state array optional return only leads in the specified auto investigation state(s), separated by a comma parameters source array optional the name of the vendor from which data originates parameters assignee array optional return only leads with specific assignee(s) the expected value is the assignee's email address or addresses, separated by a comma parameters sort array optional determine how leads will be sorted use desc and asc to determine order parameters is alert boolean optional set to true to return only leads that matured into alerts, and to false to return all leads parameters show null status boolean optional if set to true, all leads without a set status will be returned with status = null instead of "open" parameters since string optional return only leads that were created after the specified date (iso 8601) parameters until string optional return only leads that were created before the specified date (iso 8601) parameters updated since string optional used with investigation state and updated until to return only leads that transitioned to a specific investigation status inside a specific timeframe (iso 8601) parameters updated until string optional used with investigation state and updated since to return only leads that transitioned to a specific investigation status within a specific timeframe (iso 8601) parameters organization string optional return only results relevant to the specified organization relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id relevant to multi tenant applications only parameters detector array optional return only leads originating from the specified detector(s), separated by a comma parameters data source array optional return only leads involving the specified data source(s), separated by a comma parameters include attributes boolean optional include lead attributes in the response parameters threat uuid string optional the id of the threat cluster parameters context uuid string optional the id of the context by which leads are clustered input example {"parameters" {"uuid" \["string"],"offset" 123,"limit" 123,"risk" \["string"],"status" \["string"],"investigation state" \["string"],"source" \["string"],"assignee" \["string"],"sort" \["string"],"is alert"\ true,"show null status"\ true,"since" "string","until" "string","updated since" "string","updated until" "string","organization" "string","org id" "string","detector" \["string"],"data source" \["string"],"include attributes"\ true,"threat uuid" "string","context uuid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results uuid string unique identifier results event time string result of the operation results event end time string result of the operation results score number result of the operation results source string result of the operation results description string result of the operation results status string status value results ingestion time string result of the operation results detection time string result of the operation results risk string result of the operation results comments array result of the operation results comments id string unique identifier results comments text string result of the operation results comments writer string result of the operation results comments created at string result of the operation results detector string result of the operation results data sources string response data results investigation state string result of the operation results threat uuid string unique identifier results is alert boolean result of the operation results threat description string result of the operation results classification string result of the operation output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} get leads change log retrieve a detailed log of changes to leads within the hunters platform, offering insights into modifications endpoint url /leads/change log method get input argument name type required description parameters uuid array optional to return only specific leads, provide a list of lead ids, separated by comma parameters offset number optional the starting point for the paged response parameters limit number optional define the maximum number of items to be returned in the paged response maximum 10000 parameters risk array optional return only leads with the specified risk level(s), separated by a comma parameters status array optional return only leads in the specified status(es), separated by comma parameters source array optional the name of the vendor from which data originates parameters assignee array optional return only leads with specific assignee(s) the expected value is the assignee's email address or addresses, separated by a comma parameters sort array optional determine how leads will be sorted use desc and asc to determine order parameters is alert boolean optional set to true to return only leads that matured into alerts, and to false to return all leads parameters since string optional return only leads that were created after the specified date (iso 8601) parameters until string optional return only leads that were created before the specified date (iso 8601) parameters organization string optional return only results relevant to the specified organization relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id relevant to multi tenant applications only parameters detector array optional return only leads originating from the specified detector(s), separated by a comma parameters data source array optional return only leads involving the specified data source(s), separated by a comma parameters threat uuid string optional the id of the threat cluster parameters context uuid string optional the id of the context by which leads are clustered parameters change time since string optional return only leads that were updated after the specified date (iso 8601) used with change time until parameters change time until string optional return only leads that were updated before the specified date (iso 8601) used with change time since input example {"parameters" {"uuid" \["string"],"offset" 123,"limit" 123,"risk" \["string"],"status" \["string"],"source" \["string"],"assignee" \["string"],"sort" \["string"],"is alert"\ true,"since" "string","until" "string","organization" "string","org id" "string","detector" \["string"],"data source" \["string"],"threat uuid" "string","context uuid" "string","change time since" "string","change time until" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results uuid string unique identifier results detection time string result of the operation results event time string result of the operation results change log array result of the operation results change log change id string unique identifier results change log change type string type of the resource results change log old value string value for the parameter results change log new value string value for the parameter results change log timestamp string result of the operation results change log actor id string unique identifier results change log change actor string result of the operation results change log actor type string type of the resource output example {"status code" 200,"reason" "ok","json body" {"results" \[{}]}} set lead status update a lead's status in hunters using the unique identifier (uuid) and a specified new status value endpoint url /leads/{{lead uuid}}/status method patch input argument name type required description path parameters lead uuid string required the uuid of the lead to update parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only status string optional the status of the lead, as defined by the user input example {"path parameters" {"lead uuid" "string"},"parameters" {"organization" "string","org id" "string"},"status" "active"} output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation results object object result of the operation results object uuid string unique identifier results object status string status value output example {"status code" 200,"reason" "ok","json body" {"results" {"object" {}}}} set leads classification assign a classification status to specified leads in hunters using their unique identifiers, with options including benign, malicious, or unknown endpoint url /leads/classification method post input argument name type required description parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only classification string optional the classification of the lead, as defined by the user lead uuids array optional the uuids of the leads to update this field is required input example {"parameters" {"organization" "string","org id" "string"},"classification" "string","lead uuids" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation results success object result of the operation results success lead uuids array unique identifier results success classification string result of the operation results failed object result of the operation results failed lead uuids array unique identifier output example {"status code" 200,"reason" "ok","json body" {"results" {"success" {},"failed" {}}}} set leads status bulk update the status of specified leads in hunters using 'status' and 'lead uuids' parameters endpoint url /leads/status method patch input argument name type required description parameters organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only parameters org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only status string optional the status of the lead, as defined by the user lead uuids array optional the uuids of the leads to update this field is required input example {"parameters" {"organization" "string","org id" "string"},"status" "active","lead uuids" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation results success object result of the operation results success lead uuids array unique identifier results failed object result of the operation results failed lead uuids array unique identifier output example {"status code" 200,"reason" "ok","json body" {"results" {"success" {},"failed" {}}}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt