Ignite

Use the Ignite integration to reduce business risk. Ignite allows users to ingest alerts and compromised credentials as incident alerts and executes commands such as search intelligence report, ip, url, get events, and more.

Data Enrichment & Threat Intelligence · Flashpoint

Configuration parameters

  • isFetch — Fetch incidents
  • incidentType — Incident type
  • url — Server URL (required)
  • credentials — (required)
  • max_fetch — Maximum number of incidents per fetch
  • first_fetch — First fetch time
  • fetch_type — Fetch Type
  • severity — Severity for Incidents
  • status — Alert Status
  • origin — Alert Origin
  • sources — Alert Sources
  • is_fresh_compromised_credentials — Fetch fresh compromised credentials alerts
  • password_has_lowercase — Fetch compromised credentials alerts having lowercase in password
  • password_has_uppercase — Fetch compromised credentials alerts having uppercase in password
  • password_has_number — Fetch compromised credentials alerts having numbers in password
  • password_has_symbol — Fetch compromised credentials alerts having symbol in password
  • password_min_length — Fetch compromised credentials alerts having minimum length of password
  • integrationReliability — Source Reliability
  • feedExpirationPolicy
  • feedExpirationInterval
  • create_relationships — Create relationships
  • ioc_enrichment_exact_match — Enable Exact Match for IOC Enrichment
  • reputation_enrichments_limit — Reputation commands context limit
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (22)

  • cve

    Retrieves detailed information about a specific CVE by its CVE ID.

  • domain

    Looks up the "Domain" type indicator details. The reputation of the domain is decided from the indicator score if it is found in the Ignite IOC database.

  • email Deprecated

    Looks up the "Email" type indicator details. The reputation of Email is considered malicious if there's at least one IoC event in the Ignite database matching the Email indicator.

  • file

    Looks up the "File" type indicator details. The reputation of the file is decided from the indicator score if it is found in the Ignite IOC database.

  • filename Deprecated

    Looks up the "Filename" type indicator details. The reputation of Filename is considered malicious if there's at least one IoC event in the Ignite database matching the Filename indicator.

  • flashpoint-ignite-alert-list

    Retrieves a list of alerts based on the filter values provided in the command arguments.

  • flashpoint-ignite-common-lookup

    Looks up details for indicators of types: "URL", "Domain", "File Hash", and "IP". The reputation of the indicator is decided from the indicator score if it is found in the Ignite IOC database.

  • flashpoint-ignite-compromised-credentials-list

    Retrieves the compromised credentials based on the filter values provided in the command arguments.

  • flashpoint-ignite-event-get

    Retrieves the details of a single event using event FPID or UUID.

  • flashpoint-ignite-event-list

    Searches for events within the specified time period, the Flashpoint report ID, or attack IDs.

  • flashpoint-ignite-indicator-get

    Looks up details for indicators of types "URL", "Domain", "File Hash", and "IP" using their ID. The reputation of the indicator is decided from the indicator score if it is found in the Ignite IOC database.

  • flashpoint-ignite-intelligence-related-report-list

    List related reports for a particular report using the report ID.

  • flashpoint-ignite-intelligence-report-get

    Get single report details using the report id.

  • flashpoint-ignite-intelligence-report-search

    Search for the Intelligence Reports using a keyword.

  • flashpoint-ignite-product-list

    List products using provided filters.

  • flashpoint-ignite-vendor-list

    List vendors using provided filters.

  • flashpoint-ignite-vulnerability-get

    Retrieves detailed information about a specific vulnerability by its Flashpoint ID.

  • flashpoint-ignite-vulnerability-library-list

    Retrieves a list of libraries that are affected by a particular vulnerability.

  • flashpoint-ignite-vulnerability-list

    List Vulnerabilities using provided filters.

  • flashpoint-ignite-vulnerability-package-list

    Retrieves a list of packages that are affected by a particular vulnerability.

  • ip

    Looks up the "IP" type indicator details. The reputation of the IP address is decided from the indicator score if it is found in the Ignite IOC database. Alternatively, the IP address is considered suspicious if it matches any one of the community's peer IP addresses.

  • url

    Looks up the "URL" type indicator details. The reputation of the URL is decided from the indicator score if it is found in the Ignite IOC database.