Hunters

the hunters connector enables automated interactions with the hunters threat detection and response platform, facilitating advanced security operations hunters is a cutting edge threat detection and response platform that specializes in aggregating and analyzing security data to identify potential threats the hunters connector for swimlane turbine enables users to seamlessly integrate threat management capabilities into their security workflows with this connector, security teams can add comments to leads, retrieve comprehensive leads lists, monitor data source health, and update lead statuses and classifications without leaving the swimlane environment this integration empowers users to act swiftly on threats, streamline their security operations, and maintain a strong security posture with minimal manual intervention limitations none to date supported versions this hunters connector uses the latest version api additional docs hunters api documentation link https //docs hunters ai/ configuration prerequisites to effectively utilize the hunters connector within swimlane turbine, ensure you have the following prerequisites http bearer authentication with the following parameters url the endpoint url for hunters api access token a valid bearer token such as jwt for secure authentication authentication methods http bearer authentication url the endpoint url for the hunters api username your hunters username with sufficient permissions token the token for the hunters api capabilities this hunters connector provides the following capabilities add lead comment get data sources status and health get leads get leads change log set lead status set leads classification set leads status configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api key, token, etc string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add lead comment adds a user defined comment to a specific lead in hunters, identified by the unique lead uuid endpoint url /leads/{{lead uuid}}/comment method post input argument name type required description lead uuid string required the uuid of the lead to update organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only comment string required the comment to add to the lead output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation id string unique identifier text string output field text writer string output field writer created at string output field created at example \[ { "status code" 200, "reason" "ok", "json body" { "results" \[] } } ] get data sources status and health retrieve operational insights by checking the status and health of data sources integrated with hunters endpoint url get data sources status and health method get input argument name type required description organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only dataflow id string optional return only results for the specified data flow id output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation dataflow string response data id string unique identifier datatype string response data integration type string type of the resource description object output field description status string status value error details object error message if any last insertion time string time value example \[ { "status code" 200, "reason" "ok", "json body" { "results" \[] } } ] get leads retrieves a complete list of leads from the hunters platform, facilitating efficient lead management endpoint url /leads method get input argument name type required description uuid array optional to return only specific leads, provide a list of lead ids, separated by comma offset number optional the starting point for the paged response limit number optional define the maximum number of items to be returned in the paged response maximum 10000 risk array optional return only leads with the specified risk level(s), separated by a comma status array optional return only leads in the specified status(es), separated by comma investigation state array optional return only leads in the specified auto investigation state(s), separated by a comma source array optional the name of the vendor from which data originates assignee array optional return only leads with specific assignee(s) the expected value is the assignee's email address or addresses, separated by a comma sort array optional determine how leads will be sorted use desc and asc to determine order is alert boolean optional set to true to return only leads that matured into alerts, and to false to return all leads show null status boolean optional if set to true, all leads without a set status will be returned with status = null instead of "open" since string optional return only leads that were created after the specified date (iso 8601) until string optional return only leads that were created before the specified date (iso 8601) updated since string optional used with investigation state and updated until to return only leads that transitioned to a specific investigation status inside a specific timeframe (iso 8601) updated until string optional used with investigation state and updated since to return only leads that transitioned to a specific investigation status within a specific timeframe (iso 8601) organization string optional return only results relevant to the specified organization relevant to multi tenant applications only org id string optional return only results relevant to the specified organization id relevant to multi tenant applications only detector array optional return only leads originating from the specified detector(s), separated by a comma data source array optional return only leads involving the specified data source(s), separated by a comma include attributes boolean optional include lead attributes in the response threat uuid string optional the id of the threat cluster context uuid string optional the id of the context by which leads are clustered output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation uuid string unique identifier event time string time value event end time string time value score number score value source string output field source description string output field description status string status value ingestion time string time value detection time string time value risk string output field risk comments array output field comments id string unique identifier text string output field text writer string output field writer created at string output field created at detector string output field detector data sources string response data investigation state string output field investigation state threat uuid string unique identifier is alert boolean output field is alert threat description string output field threat description classification string output field classification example \[ { "status code" 200, "reason" "ok", "json body" { "results" \[] } } ] get leads change log retrieve a detailed log of changes to leads within the hunters platform, offering insights into modifications endpoint url /leads/change log method get input argument name type required description uuid array optional to return only specific leads, provide a list of lead ids, separated by comma offset number optional the starting point for the paged response limit number optional define the maximum number of items to be returned in the paged response maximum 10000 risk array optional return only leads with the specified risk level(s), separated by a comma status array optional return only leads in the specified status(es), separated by comma source array optional the name of the vendor from which data originates assignee array optional return only leads with specific assignee(s) the expected value is the assignee's email address or addresses, separated by a comma sort array optional determine how leads will be sorted use desc and asc to determine order is alert boolean optional set to true to return only leads that matured into alerts, and to false to return all leads since string optional return only leads that were created after the specified date (iso 8601) until string optional return only leads that were created before the specified date (iso 8601) organization string optional return only results relevant to the specified organization relevant to multi tenant applications only org id string optional return only results relevant to the specified organization id relevant to multi tenant applications only detector array optional return only leads originating from the specified detector(s), separated by a comma data source array optional return only leads involving the specified data source(s), separated by a comma threat uuid string optional the id of the threat cluster context uuid string optional the id of the context by which leads are clustered change time since string optional return only leads that were updated after the specified date (iso 8601) used with change time until change time until string optional return only leads that were updated before the specified date (iso 8601) used with change time since output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation uuid string unique identifier detection time string time value event time string time value change log array output field change log change id string unique identifier change type string type of the resource old value string value for the parameter new value string value for the parameter timestamp string output field timestamp actor id string unique identifier change actor string output field change actor actor type string type of the resource example \[ { "status code" 200, "reason" "ok", "json body" { "results" \[] } } ] set lead status updates a lead's status in hunters by using the unique identifier (uuid) and a specified new status value endpoint url /leads/{{lead uuid}}/status method patch input argument name type required description lead uuid string required the uuid of the lead to update organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only status string required the status of the lead, as defined by the user output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation object object output field object uuid string unique identifier status string status value example \[ { "status code" 200, "reason" "ok", "json body" { "results" {} } } ] set leads classification assign a classification status to specified leads in hunters by their unique identifiers, with options including benign, malicious, or unknown endpoint url /leads/classification method post input argument name type required description organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only classification string required the classification of the lead, as defined by the user lead uuids array required the uuids of the leads to update this field is required output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation success object whether the operation was successful lead uuids array unique identifier classification string output field classification failed object output field failed lead uuids array unique identifier example \[ { "status code" 200, "reason" "ok", "json body" { "results" {} } } ] set leads status bulk update the status of specified leads in hunters using 'status' and 'lead uuids' parameters endpoint url /leads/status method patch input argument name type required description organization string optional return only results relevant to the specified organization note that this field is relevant to multi tenant applications only org id string optional return only results relevant to the specified organization id an organization id is defined by hunters during tenant provisioning note that this field is relevant to multi tenant applications only status string required the status of the lead, as defined by the user lead uuids array required the uuids of the leads to update this field is required output parameter type description status code number http status code of the response reason string response reason phrase results object result of the operation success object whether the operation was successful lead uuids array unique identifier failed object output field failed lead uuids array unique identifier example \[ { "status code" 200, "reason" "ok", "json body" { "results" {} } } ]