ZeroFox

the zerofox connector enables automated threat detection and response for digital and social media channels, streamlining the process of managing online risks zerofox delivers protection from digital threats originating from social media, digital channels, and the deep and dark web the zerofox turbine connector enables users to automate the detection, monitoring, and remediation of these threats directly within the swimlane platform by integrating with zerofox, users can retrieve real time alerts, submit suspicious domains for analysis, and take action on threats, enhancing their digital risk protection and response capabilities prerequisites to effectively utilize the zerofox connector within the swimlane turbine platform, ensure you have the following prerequisites api key authentication url the endpoint url for the zerofox api api token your unique authentication token to access the zerofox api capabilities the zerofox connector has the following capabilities get alerts take action on alerts submit phishing domain api documentation link https //api zerofox com/1 0/docs/ configurations zerofox api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required api token api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts retrieves real time notifications and alerts for potential threats and malicious activities detected across social media and digital channels endpoint url /1 0/alerts/ method get input argument name type required description parameters account string optional social network account number (unique id) parameters alert type string optional csv of alert types parameters assignee string optional name of user assigned to alert parameters entity number optional zerofox entity id parameters entity term number optional zerofox entity term id parameters last modified number optional number of seconds since an alert has changed parameters last modified min date string optional so 8601 date time string that filters out alerts with a last modified time before the given time parameters last modified max date string optional iso 8601 date time string that filters out alerts with a last modified time after the given time parameters limit number optional maximum number of alerts to retrieve (0 100) parameters max timestamp string optional iso 8601 date time string to filter for alerts before parameters min timestamp string optional iso 8601 date time string to filter for alerts after parameters network string optional network name csv parameters offset number optional used for pagination start response with n th alert matching filters parameters page id number optional zerofox page id csv parameters page url string optional url to web/social web content parameters pages string optional encoded json array of strings to filter by alerts parameters post string optional social network post number (unique id) parameters rule id number optional zerofox rule id csv parameters rule name string optional zerofox name csv parameters entity search string optional substring matching for the protected entity parameters perpetrator search string optional substring to filter alerts by perpetrator username or display name parameters pro social obj search string optional substring to filter alerts by protected social object username, display name, or entity term name parameters alert id string optional csv of alert ids parameters severity number optional severity level of alert 1 5 (critical) parameters sort direction string optional sort results in ascending (asc) or descending (desc) order input example {"parameters" {"account" "","alert type" "search query","assignee" "","entity" 123,"entity term" 124,"last modified" 345,"last modified min date" "2021 10 01+00%3a00%3a00","last modified max date" "2022 10 01+00%3a00%3a00","limit" 50,"max timestamp" "2021 11 01+00%3a00%3a00","min timestamp" "2021 11 01+00%3a00%3a00","network" "","offset" 768,"page id" 23455,"page url" "","pages" "","post" "","rule id" 3214,"rule name" "","entity search" "","perpetrator search" "","pro social obj search" "","alert id" "","severity" 3,"sort direction" "asc","sort field" "severity","status" "closed","escalated" "true","tags" "","entity type" 7895}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value next object output field next previous object output field previous page size number output field page size num pages number output field num pages alerts array output field alerts alerts file name string name of the resource alerts file string output field alerts file output example {"status code" 200,"response headers" {"date" "mon, 01 jul 2024 10 09 54 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","allow" "get, post, head, options","content language" "en us","referrer policy" "same origin","vary" "accept, accept language, origin","x content type options" "nosniff","x frame options" "deny","x xss protection" "1; mode=block, 1; mode=block","cf cache status" "dynamic","strict transport security" "max age=15552000; includesubdo submit phishing domain submit a suspected phishing domain to zerofox, including source, alert type, violation, and entity id endpoint url /2 0/threat submit/ method post input argument name type required description source string optional the source of the alert, its value depends on the value of the alert type field, so it could be an url, a phone number, a domain, an email, etc alert type string optional alert typing violation string optional threat posed by user entity id number optional entity id for which the url is associated with notes string optional notes made on the alert request takedown boolean optional whether or not the content should be requested for automatic takedown after alerting input example {"json body" {"source" "test mytestdomain com","alert type" "domain","violation" "trademark","entity id" 560628,"notes" "some notes","request takedown"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase alert id number unique identifier output example {"status code" 201,"response headers" {"date" "fri, 10 may 2024 12 43 09 gmt","content type" "application/json","content length" "22","connection" "keep alive","allow" "post, options","content language" "en us","referrer policy" "same origin","vary" "accept, accept language, origin","x content type options" "nosniff","x frame options" "deny","x xss protection" "1; mode=block, 1; mode=block","cf cache status" "dynamic","strict transport security" "max age=15552000; includesubdomains","server" "cl take action on alerts automates responses and remediation for threats detected on social media and digital channels by using alert id and action parameters endpoint url /1 0/alerts/{{alert id}}/{{action}}/ method post input argument name type required description path parameters alert id number required the zerofox alert id path parameters action string required action to take on the alert input example {"path parameters" {"alert id" 1234,"action" ""}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 2 may 2024 20 37 23 gmt"},"reason" "ok","json body" {}} response headers header description example allow http response header allow get, post, head, options cf cache status http response header cf cache status dynamic cf ray http response header cf ray 89c59a68393bf43d bom connection http response header connection keep alive content encoding http response header content encoding gzip content language http response header content language en us content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated fri, 10 may 2024 12 43 09 gmt referrer policy http response header referrer policy same origin server information about the software used by the origin server cloudflare strict transport security http response header strict transport security max age=15552000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept, accept language, origin x content type options http response header x content type options nosniff x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block, 1; mode=block