Ignite
Use the Ignite integration to reduce business risk. Ignite allows users to ingest alerts and compromised credentials as incident alerts and executes commands such as search intelligence report, ip, url, get events, and more.
Data Enrichment & Threat Intelligence · Flashpoint
Configuration parameters
isFetch— Fetch incidentsincidentType— Incident typeurl— Server URL (required)credentials— (required)max_fetch— Maximum number of incidents per fetchfirst_fetch— First fetch timefetch_type— Fetch Typeseverity— Severity for Incidentsstatus— Alert Statusorigin— Alert Originsources— Alert Sourcesis_fresh_compromised_credentials— Fetch fresh compromised credentials alertspassword_has_lowercase— Fetch compromised credentials alerts having lowercase in passwordpassword_has_uppercase— Fetch compromised credentials alerts having uppercase in passwordpassword_has_number— Fetch compromised credentials alerts having numbers in passwordpassword_has_symbol— Fetch compromised credentials alerts having symbol in passwordpassword_min_length— Fetch compromised credentials alerts having minimum length of passwordintegrationReliability— Source ReliabilityfeedExpirationPolicy—feedExpirationInterval—create_relationships— Create relationshipsioc_enrichment_exact_match— Enable Exact Match for IOC Enrichmentreputation_enrichments_limit— Reputation commands context limitinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (22)
-
cveRetrieves detailed information about a specific CVE by its CVE ID.
-
domainLooks up the "Domain" type indicator details. The reputation of the domain is decided from the indicator score if it is found in the Ignite IOC database.
-
emailDeprecatedLooks up the "Email" type indicator details. The reputation of Email is considered malicious if there's at least one IoC event in the Ignite database matching the Email indicator.
-
fileLooks up the "File" type indicator details. The reputation of the file is decided from the indicator score if it is found in the Ignite IOC database.
-
filenameDeprecatedLooks up the "Filename" type indicator details. The reputation of Filename is considered malicious if there's at least one IoC event in the Ignite database matching the Filename indicator.
-
flashpoint-ignite-alert-listRetrieves a list of alerts based on the filter values provided in the command arguments.
-
flashpoint-ignite-common-lookupLooks up details for indicators of types: "URL", "Domain", "File Hash", and "IP". The reputation of the indicator is decided from the indicator score if it is found in the Ignite IOC database.
-
flashpoint-ignite-compromised-credentials-listRetrieves the compromised credentials based on the filter values provided in the command arguments.
-
flashpoint-ignite-event-getRetrieves the details of a single event using event FPID or UUID.
-
flashpoint-ignite-event-listSearches for events within the specified time period, the Flashpoint report ID, or attack IDs.
-
flashpoint-ignite-indicator-getLooks up details for indicators of types "URL", "Domain", "File Hash", and "IP" using their ID. The reputation of the indicator is decided from the indicator score if it is found in the Ignite IOC database.
-
flashpoint-ignite-intelligence-related-report-listList related reports for a particular report using the report ID.
-
flashpoint-ignite-intelligence-report-getGet single report details using the report id.
-
flashpoint-ignite-intelligence-report-searchSearch for the Intelligence Reports using a keyword.
-
flashpoint-ignite-product-listList products using provided filters.
-
flashpoint-ignite-vendor-listList vendors using provided filters.
-
flashpoint-ignite-vulnerability-getRetrieves detailed information about a specific vulnerability by its Flashpoint ID.
-
flashpoint-ignite-vulnerability-library-listRetrieves a list of libraries that are affected by a particular vulnerability.
-
flashpoint-ignite-vulnerability-listList Vulnerabilities using provided filters.
-
flashpoint-ignite-vulnerability-package-listRetrieves a list of packages that are affected by a particular vulnerability.
-
ipLooks up the "IP" type indicator details. The reputation of the IP address is decided from the indicator score if it is found in the Ignite IOC database. Alternatively, the IP address is considered suspicious if it matches any one of the community's peer IP addresses.
-
urlLooks up the "URL" type indicator details. The reputation of the URL is decided from the indicator score if it is found in the Ignite IOC database.