HYAS Insight (Preview)
HYAS Insight integration to Microsoft Azure Sentinel provides direct, high volume access to HYAS Insight data. It enables investigators and analysts to understand and defend against cyber adversaries and their infrastructure.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | HYAS Infosec |
| URL | https://www.hyas.com/contact |
| support@hyas.com |
| Connector Metadata | |
|---|---|
| Publisher | HYAS Infosec |
| Website | https://www.hyas.com |
| Privacy policy | https://www.hyas.com/privacy-statement/ |
| Categories | Security;Website |
Pre-requisites
You will need the following to proceed:
- A Microsoft Power Apps or Power Automate plan with custom connector feature
- An Azure subscription
- HYAS Insight API Key
Supported Operations
Details of all the supported operations, inputs and outputs are available here.
Support and documentation:
For all the support requests and general queries you can contact support@hyas.com or visit contact-us
Creating a connection
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
| Name | Type | Description | Required |
|---|---|---|---|
| HYAS Insight API Key | securestring | The HYAS Insight API Key for this api | True |
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Actions
| Retrieve C2 Attribution information for Domain |
Retrieve C2 Attribution enrichment data for Domain. |
| Retrieve C2 Attribution information for Email address |
Retrieve C2 Attribution enrichment data for Email address. |
| Retrieve C2 Attribution information for IP address |
Retrieve C2 Attribution enrichment data for IP address. |
| Retrieve C2 Attribution information for SHA256 |
Retrieve C2 Attribution enrichment data for SHA256. |
| Retrieve Current WHOIS information for domain |
Retrieve Current WHOIS enrichment data for domain. |
| Retrieve Device Geo information for IPv4 address |
Retrieve Device Geo enrichment data for IPv4 address. |
| Retrieve Device Geo information for IPv6 address |
Retrieve Device Geo enrichment data for IPv6 address. |
| Retrieve Dynamic DNS information for email address |
Retrieve Dynamic DNS enrichment data for email address. |
| Retrieve Dynamic DNS information for IP address |
Retrieve Dynamic DNS enrichment data for IP address. |
| Retrieve Historic WHOIS information for domain |
Retrieve Historic WHOIS enrichment data for domain. |
| Retrieve Historic WHOIS information for email address |
Retrieve Historic WHOIS enrichment data for email address. |
| Retrieve Historic WHOIS information for phone number |
Retrieve Historic WHOIS enrichment data for phone number. |
| Retrieve Passive DNS information for domain |
Retrieve Passive DNS enrichment data for domain. |
| Retrieve Passive DNS information for IP address |
Retrieve Passive DNS enrichment data for IP address. |
| Retrieve Passive Hash information for IP address |
Retrieve Passive Hash enrichment data for IP address. |
| Retrieve Sinkhole information for IP address |
Retrieve Sinkhole enrichment data for IP address. |
| Retrieve SSL certificate information for IP address |
Retrieve SSL certificate enrichment data for IP address. |
Retrieve C2 Attribution information for Domain
Retrieve C2 Attribution enrichment data for Domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Domain
|
domain | True | string |
Domain that you want to enrich |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
actor_ipv4
|
actor_ipv4 | string |
The actor ipv4. |
|
c2_domain
|
c2_domain | string |
The c2 domain. |
|
c2_ip
|
c2_ip | string |
The c2 ipv4. |
|
c2_url
|
c2_url | string |
The C2 panel url. |
|
datetime
|
datetime | string |
C2 Attribution datetime. |
|
email
|
string |
The actor email. |
|
|
email_domain
|
email_domain | string |
The email domain. |
|
referrer_domain
|
referrer_domain | string |
The referrer domain. |
|
referrer_ipv4
|
referrer_ipv4 | string |
The referrer ipv4. |
|
referrer_url
|
referrer_url | string |
The referrer url. |
|
sha256
|
sha256 | string |
The sha256 malware hash. |
Retrieve C2 Attribution information for Email address
Retrieve C2 Attribution enrichment data for Email address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Email
|
True | string |
Email address that you to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
actor_ipv4
|
actor_ipv4 | string |
The actor ipv4. |
|
c2_domain
|
c2_domain | string |
The c2 domain. |
|
c2_ip
|
c2_ip | string |
The c2 ipv4. |
|
c2_url
|
c2_url | string |
The C2 panel url. |
|
datetime
|
datetime | string |
C2 Attribution datetime. |
|
email
|
string |
The actor email. |
|
|
email_domain
|
email_domain | string |
The email domain. |
|
referrer_domain
|
referrer_domain | string |
The referrer domain. |
|
referrer_ipv4
|
referrer_ipv4 | string |
The referrer ipv4. |
|
referrer_url
|
referrer_url | string |
The referrer url. |
|
sha256
|
sha256 | string |
The sha256 malware hash. |
Retrieve C2 Attribution information for IP address
Retrieve C2 Attribution enrichment data for IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IP
|
ip | True | string |
IP address that you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
actor_ipv4
|
actor_ipv4 | string |
The actor ipv4. |
|
c2_domain
|
c2_domain | string |
The c2 domain. |
|
c2_ip
|
c2_ip | string |
The c2 ipv4. |
|
c2_url
|
c2_url | string |
The C2 panel url. |
|
datetime
|
datetime | string |
C2 Attribution datetime. |
|
email
|
string |
The actor email. |
|
|
email_domain
|
email_domain | string |
The email domain. |
|
referrer_domain
|
referrer_domain | string |
The referrer domain. |
|
referrer_ipv4
|
referrer_ipv4 | string |
The referrer ipv4. |
|
referrer_url
|
referrer_url | string |
The referrer url. |
|
sha256
|
sha256 | string |
The sha256 malware hash. |
Retrieve C2 Attribution information for SHA256
Retrieve C2 Attribution enrichment data for SHA256.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
SHA256
|
sha256 | True | string |
SHA256 that you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
actor_ipv4
|
actor_ipv4 | string |
The actor ipv4. |
|
c2_domain
|
c2_domain | string |
The c2 domain. |
|
c2_ip
|
c2_ip | string |
The c2 ipv4. |
|
c2_url
|
c2_url | string |
The C2 panel url. |
|
datetime
|
datetime | string |
C2 Attribution datetime. |
|
email
|
string |
The actor email. |
|
|
email_domain
|
email_domain | string |
The email domain. |
|
referrer_domain
|
referrer_domain | string |
The referrer domain. |
|
referrer_ipv4
|
referrer_ipv4 | string |
The referrer ipv4. |
|
referrer_url
|
referrer_url | string |
The referrer url. |
|
sha256
|
sha256 | string |
The sha256 malware hash. |
Retrieve Current WHOIS information for domain
Retrieve Current WHOIS enrichment data for domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Domain
|
domain | True | string |
Domain that you want to enrich |
|
current
|
current | True | boolean |
current |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
items
|
items | array of object |
The items object. |
|
abuse_emails
|
items.abuse_emails | array of string |
The abuse emails information. |
|
address
|
items.address | array of string |
The address information. |
|
city
|
items.city | array of string |
The city of the registrant. |
|
country
|
items.country | array of string |
The country of the registrant. |
|
data
|
items.data | string |
The data information. |
|
datetime
|
items.datetime | string |
The datetime information. |
|
domain
|
items.domain | string |
The domain of the registrant. |
|
domain_2tld
|
items.domain_2tld | string |
The second-level domain of the registrant. |
|
domain_created_datetime
|
items.domain_created_datetime | string |
The date and time when the Whois record was created. |
|
domain_expires_datetime
|
items.domain_expires_datetime | string |
The date and time when the Whois record expires. |
|
domain_updated_datetime
|
items.domain_updated_datetime | string |
The date and time when the Whois record was last updated. |
|
email
|
items.email | array of string |
The email information. |
|
idn_name
|
items.idn_name | string |
The international domain name information. |
|
meta_data
|
items.meta_data | string |
The metadata information. |
|
name
|
items.name | array of string |
The contact name (registrant contact, administrative contact, technical contact, or abuse contact.) |
|
nameserver
|
items.nameserver | array of string |
The nameserver domain. |
|
organization
|
items.organization | array of string |
The organization information. |
|
phone
|
items.phone | array of string |
The phone number of the registrant in e164 format. |
|
registrar
|
items.registrar | string |
The domain registrar. |
|
state
|
items.state | array of string |
The state where domain was registered. |
|
whois_hash
|
items.whois_hash | string |
The hash information. |
|
whois_id
|
items.whois_id | string |
The whois id information. |
|
whois_nameserver
|
items.whois_nameserver | array of object |
The whois_nameserver object. |
|
domain
|
items.whois_nameserver.domain | string |
The nameserver’s domain information. |
|
domain_2tld
|
items.whois_nameserver.domain_2tld | string |
The nameserver’s domain_2tld information. |
|
whois_related_nameserver_id
|
items.whois_nameserver.whois_related_nameserver_id | string |
The nameserver’s Id Information. |
|
whois_pii
|
items.whois_pii | array of object |
The whois_pii object. |
|
address
|
items.whois_pii.address | string |
The personal identity address information. |
|
city
|
items.whois_pii.city | string |
The personal identity city information. |
|
data
|
items.whois_pii.data | string |
The personal identity data information. |
|
email
|
items.whois_pii.email | string |
The personal identity email information. |
|
geo_country_alpha_2
|
items.whois_pii.geo_country_alpha_2 | string |
The personal identity country information. |
|
name
|
items.whois_pii.name | string |
The personal identity name information. |
|
organization
|
items.whois_pii.organization | string |
The personal identity organization information. |
|
phone_e164
|
items.whois_pii.phone_e164 | string |
The personal identity Phone_e164 information. |
|
state
|
items.whois_pii.state | string |
The personal identity state information. |
|
whois_related_pii_id
|
items.whois_pii.whois_related_pii_id | string |
The personal identity Id information. |
|
whois_related_type
|
items.whois_pii.whois_related_type | string |
The personal identity related information. |
|
source
|
source | string |
The source information. |
|
total_count
|
total_count | integer |
The total count information. |
Retrieve Device Geo information for IPv4 address
Retrieve Device Geo enrichment data for IPv4 address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IPv4 address
|
ipv4 | True | string |
IPv4 address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
datetime
|
datetime | string |
A date-time string in RFC 3339 format. |
|
device_geo_id
|
device_geo_id | string |
Internal record ID. |
|
device_user_agent
|
device_user_agent | string |
The user agent string for the device. |
|
geo_country_alpha_2
|
geo_country_alpha_2 | string |
The ISO 3316 alpha-2 code for the country associated with the lat/long reported. |
|
geo_horizontal_accuracy
|
geo_horizontal_accuracy | float |
The GPS horizontal accuracy. |
|
ipv4
|
ipv4 | string |
The ipv4 address assigned to the device. A device may have either or ipv4 and ipv6. |
|
ipv6
|
ipv6 | string |
The ipv6 address assigned to the device. A device may have either or ipv4 and ipv6. |
|
latitude
|
latitude | float |
Units are degrees on the WGS 84 spheroid. |
|
longitude
|
longitude | float |
Units are degrees on the WGS 84 spheroid. |
|
wifi_bssid
|
wifi_bssid | string |
The BSSID (MAC address) of the wifi router that the device communicated through. |
|
wifi_ssid
|
wifi_ssid | string |
The SSID (name) of the wifi network that the device communicated through. |
Retrieve Device Geo information for IPv6 address
Retrieve Device Geo enrichment data for IPv6 address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IPv6 address
|
ipv6 | True | string |
IPv6 address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
datetime
|
datetime | string |
A date-time string in RFC 3339 format. |
|
device_geo_id
|
device_geo_id | string |
Internal record ID. |
|
device_user_agent
|
device_user_agent | string |
The user agent string for the device. |
|
geo_country_alpha_2
|
geo_country_alpha_2 | string |
The ISO 3316 alpha-2 code for the country associated with the lat/long reported. |
|
geo_horizontal_accuracy
|
geo_horizontal_accuracy | float |
The GPS horizontal accuracy. |
|
ipv4
|
ipv4 | string |
The ipv4 address assigned to the device. A device may have either or ipv4 and ipv6. |
|
ipv6
|
ipv6 | string |
The ipv6 address assigned to the device. A device may have either or ipv4 and ipv6. |
|
latitude
|
latitude | float |
Units are degrees on the WGS 84 spheroid. |
|
longitude
|
longitude | float |
Units are degrees on the WGS 84 spheroid. |
|
wifi_bssid
|
wifi_bssid | string |
The BSSID (MAC address) of the wifi router that the device communicated through. |
|
wifi_ssid
|
wifi_ssid | string |
The SSID (name) of the wifi network that the device communicated through. |
Retrieve Dynamic DNS information for email address
Retrieve Dynamic DNS enrichment data for email address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Email address
|
True | string |
Email address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
a_record
|
a_record | string |
The A record for the domain. |
|
account
|
account | string |
The account holder name. |
|
created
|
created | string |
The date which the domain was created. |
|
created_ip
|
created_ip | string |
The ip address of the account holder. |
|
domain
|
domain | string |
The domain associated with the dynamic dns information. |
|
domain_creator_ip
|
domain_creator_ip | string |
The ip address of the domain creator. |
|
email
|
string |
The email address connected to the domain. |
Retrieve Dynamic DNS information for IP address
Retrieve Dynamic DNS enrichment data for IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IPv4 address
|
ip | True | string |
IPv4 address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
a_record
|
a_record | string |
The A record for the domain. |
|
account
|
account | string |
The account holder name. |
|
created
|
created | string |
The date which the domain was created. |
|
created_ip
|
created_ip | string |
The ip address of the account holder. |
|
domain
|
domain | string |
The domain associated with the dynamic dns information. |
|
domain_creator_ip
|
domain_creator_ip | string |
The ip address of the domain creator. |
|
email
|
string |
The email address connected to the domain. |
Retrieve Historic WHOIS information for domain
Retrieve Historic WHOIS enrichment data for domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Domain
|
domain | True | string |
Domain you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
address
|
address | array of string |
The address information. |
|
city
|
city | array of string |
The city information. |
|
country
|
country | array of string |
The country information. |
|
data
|
data | string |
The data information. |
|
datetime
|
datetime | string |
The datetime information. |
|
domain
|
domain | string |
The domain of the registrant. |
|
domain_2tld
|
domain_2tld | string |
The second-level domain of the registrant. |
|
domain_created_datetime
|
domain_created_datetime | string |
The date and time when the whois record was created. |
|
domain_expires_datetime
|
domain_expires_datetime | string |
The date and time when the whois record expires. |
|
domain_updated_datetime
|
domain_updated_datetime | string |
The date and time when the whois record was last updated. |
|
email
|
array of string |
The email information. |
|
|
idn_name
|
idn_name | string |
The international domain name. |
|
meta_data
|
meta_data | string |
The metadata information. |
|
name
|
name | array of string |
The name information. |
|
nameserver
|
nameserver | array of string |
The nameserver information. |
|
phone
|
phone | array of object |
Array of object, The phone number registrant contact in e164 format along with geo info. |
|
phone
|
phone.phone | string |
The phone number registrant contact in e164 format. |
|
carrier
|
phone.phone_info.carrier | string |
Phone number carrier. |
|
country
|
phone.phone_info.country | string |
Phone number country. |
|
geo
|
phone.phone_info.geo | string |
Phone number geo Can be city or province or region or country. |
|
privacy_punch
|
privacy_punch | boolean |
True if this record has additional information bypassing privacy protect. |
|
registrar
|
registrar | string |
The domain registrar. |
|
whois_hash
|
whois_hash | string |
The hash information. |
|
whois_id
|
whois_id | string |
The whois id information. |
Retrieve Historic WHOIS information for email address
Retrieve Historic WHOIS enrichment data for email address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Email address
|
True | string |
Email address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
address
|
address | array of string |
The address information. |
|
city
|
city | array of string |
The city information. |
|
country
|
country | array of string |
The country information. |
|
data
|
data | string |
The data information. |
|
datetime
|
datetime | string |
The datetime information. |
|
domain
|
domain | string |
The domain of the registrant. |
|
domain_2tld
|
domain_2tld | string |
The second-level domain of the registrant. |
|
domain_created_datetime
|
domain_created_datetime | string |
The date and time when the whois record was created. |
|
domain_expires_datetime
|
domain_expires_datetime | string |
The date and time when the whois record expires. |
|
domain_updated_datetime
|
domain_updated_datetime | string |
The date and time when the whois record was last updated. |
|
email
|
array of string |
The email information. |
|
|
idn_name
|
idn_name | string |
The international domain name. |
|
meta_data
|
meta_data | string |
The metadata information. |
|
name
|
name | array of string |
The name information. |
|
nameserver
|
nameserver | array of string |
The nameserver information. |
|
phone
|
phone | array of object |
Array of object, The phone number registrant contact in e164 format along with geo info. |
|
phone
|
phone.phone | string |
The phone number registrant contact in e164 format. |
|
carrier
|
phone.phone_info.carrier | string |
Phone number carrier. |
|
country
|
phone.phone_info.country | string |
Phone number country. |
|
geo
|
phone.phone_info.geo | string |
Phone number geo Can be city or province or region or country. |
|
privacy_punch
|
privacy_punch | boolean |
True if this record has additional information bypassing privacy protect. |
|
registrar
|
registrar | string |
The domain registrar. |
|
whois_hash
|
whois_hash | string |
The hash information. |
|
whois_id
|
whois_id | string |
The whois id information. |
Retrieve Historic WHOIS information for phone number
Retrieve Historic WHOIS enrichment data for phone number.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Phone number
|
phone | True | string |
Phone number you want to enrich. ( e164 format. Eg: ( +41585855634 ) ) |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
address
|
address | array of string |
The address information. |
|
city
|
city | array of string |
The city information. |
|
country
|
country | array of string |
The country information. |
|
data
|
data | string |
The data information. |
|
datetime
|
datetime | string |
The datetime information. |
|
domain
|
domain | string |
The domain of the registrant. |
|
domain_2tld
|
domain_2tld | string |
The second-level domain of the registrant. |
|
domain_created_datetime
|
domain_created_datetime | string |
The date and time when the whois record was created. |
|
domain_expires_datetime
|
domain_expires_datetime | string |
The date and time when the whois record expires. |
|
domain_updated_datetime
|
domain_updated_datetime | string |
The date and time when the whois record was last updated. |
|
email
|
array of string |
The email information |
|
|
idn_name
|
idn_name | string |
The international domain name. |
|
meta_data
|
meta_data | string |
The metadata information. |
|
name
|
name | array of string |
The name information. |
|
nameserver
|
nameserver | array of string |
The nameserver information. |
|
phone
|
phone | array of object |
Array of object, The phone number registrant contact in e164 format along with geo info. |
|
phone
|
phone.phone | string |
The phone number registrant contact in e164 format. |
|
carrier
|
phone.phone_info.carrier | string |
Phone number carrier. |
|
country
|
phone.phone_info.country | string |
Phone number country. |
|
geo
|
phone.phone_info.geo | string |
Phone number geo Can be city or province or region or country. |
|
privacy_punch
|
privacy_punch | boolean |
True if this record has additional information bypassing privacy protect. |
|
registrar
|
registrar | string |
The domain registrar. |
|
whois_hash
|
whois_hash | string |
The hash information. |
|
whois_id
|
whois_id | string |
The whois id information. |
Retrieve Passive DNS information for domain
Retrieve Passive DNS enrichment data for domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Domain
|
domain | True | string |
Domain you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
cert_name
|
cert_name | string |
The certificate provider name. |
|
count
|
count | integer |
The passive dns count. |
|
domain
|
domain | string |
The domain of the passive dns information requested. |
|
first_seen
|
first_seen | string |
The first time this domain was seen. |
|
city_name
|
ip.geo.city_name | string |
City of the ip organization. |
|
country_iso_code
|
ip.geo.country_iso_code | string |
Country ISO code of the ip organization. |
|
country_name
|
ip.geo.country_name | string |
Country name of the ip organization. |
|
location_latitude
|
ip.geo.location_latitude | string |
The latitude of the ip organization. |
|
location_longitude
|
ip.geo.location_longitude | string |
The longitude of the ip organization. |
|
postal_code
|
ip.geo.postal_code | string |
The postalcode of the ip organization. |
|
ip
|
ip.ip | string |
IP of the organization. |
|
autonomous_system_number
|
ip.isp.autonomous_system_number | string |
The ASN of the ip. |
|
autonomous_system_organization
|
ip.isp.autonomous_system_organization | string |
The ASO of the ip. |
|
ip_address
|
ip.isp.ip_address | string |
The IP. |
|
isp
|
ip.isp.isp | string |
The Internet Service Provider. |
|
organization
|
ip.isp.organization | string |
The ISP organization. |
|
ipv4
|
ipv4 | string |
The ipv4 address of the passive dns record. |
|
ipv6
|
ipv6 | string |
The ipv6 address of the passive dns record. |
|
last_seen
|
last_seen | string |
The last time this domain was seen. |
|
sha1
|
sha1 | string |
The sha1. |
|
sources
|
sources | array of string |
A list of pDNS providers which the data came from. |
Retrieve Passive DNS information for IP address
Retrieve Passive DNS enrichment data for IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IPv4 address
|
ipv4 | True | string |
IPv4 address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
cert_name
|
cert_name | string |
The certificate provider name. |
|
count
|
count | integer |
The passive dns count. |
|
domain
|
domain | string |
The domain of the passive dns information requested. |
|
first_seen
|
first_seen | string |
The first time this domain was seen. |
|
city_name
|
ip.geo.city_name | string |
City of the ip organization. |
|
country_iso_code
|
ip.geo.country_iso_code | string |
Country ISO code of the ip organization. |
|
country_name
|
ip.geo.country_name | string |
Country name of the ip organization. |
|
location_latitude
|
ip.geo.location_latitude | string |
The latitude of the ip organization. |
|
location_longitude
|
ip.geo.location_longitude | string |
The longitude of the ip organization. |
|
postal_code
|
ip.geo.postal_code | string |
The postalcode of the ip organization. |
|
ip
|
ip.ip | string |
IP of the organization. |
|
autonomous_system_number
|
ip.isp.autonomous_system_number | string |
The ASN of the ip. |
|
autonomous_system_organization
|
ip.isp.autonomous_system_organization | string |
The ASO of the ip. |
|
ip_address
|
ip.isp.ip_address | string |
The IP. |
|
isp
|
ip.isp.isp | string |
The Internet Service Provider. |
|
organization
|
ip.isp.organization | string |
The ISP organization. |
|
ipv4
|
ipv4 | string |
The ipv4 address of the passive dns record. |
|
ipv6
|
ipv6 | string |
The ipv6 address of the passive dns record. |
|
last_seen
|
last_seen | string |
The last time this domain was seen. |
|
sha1
|
sha1 | string |
The sha1. |
|
sources
|
sources | array of string |
A list of pDNS providers which the data came from. |
Retrieve Passive Hash information for IP address
Retrieve Passive Hash enrichment data for IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IPv4 address
|
ipv4 | True | string |
IPv4 address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
domain
|
domain | string |
The domain of the passive hash information requested. |
|
md5_count
|
md5_count | integer |
The passive dns count. |
Retrieve Sinkhole information for IP address
Retrieve Sinkhole enrichment data for IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IPv4 address
|
ipv4 | True | string |
IPv4 address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
|
array of object | ||
|
count
|
count | integer |
The sinkhole count. |
|
country_name
|
country_name | string |
The country of the ip. |
|
data_port
|
data_port | integer |
The data port. |
|
datetime
|
datetime | string |
The first seen date of the sinkhole. |
|
ipv4
|
ipv4 | string |
The ipv4 of the sinkhole. |
|
last_seen
|
last_seen | string |
The last seen date of the sinkhole. |
|
organization_name
|
organization_name | string |
The isp organization for the ip. |
|
sink_source
|
sink_source | string |
The ipv4 of the sink source. |
Retrieve SSL certificate information for IP address
Retrieve SSL certificate enrichment data for IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
IPv4 address
|
ip | True | string |
IPv4 address you want to enrich. |
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
related_count
|
related_count | integer |
The number of ip addresses connected to this certificate. |
|
ssl_certs
|
ssl_certs | array of object |
The ssl_certs object. |
|
ip
|
ssl_certs.ip | string |
The ip address associated with certificate. |
|
cert_key
|
ssl_certs.ssl_cert.cert_key | string |
The certificate key (sha1). |
|
expire_date
|
ssl_certs.ssl_cert.expire_date | string |
The expiry date of the certificate. |
|
issue_date
|
ssl_certs.ssl_cert.issue_date | string |
The issue date of the certificate. |
|
issuer_commonName
|
ssl_certs.ssl_cert.issuer_commonName | string |
The common name that the certificate was issued from. |
|
issuer_countryName
|
ssl_certs.ssl_cert.issuer_countryName | string |
The country ISO the certificate was issued from. |
|
issuer_localityName
|
ssl_certs.ssl_cert.issuer_localityName | string |
The city where the issuer company is legally located. |
|
issuer_organizationName
|
ssl_certs.ssl_cert.issuer_organizationName | string |
The organization name that issued the certificate. |
|
issuer_organizationalUnitName
|
ssl_certs.ssl_cert.issuer_organizationalUnitName | string |
The organization unit name that issued the certificate. |
|
issuer_stateOrProvinceName
|
ssl_certs.ssl_cert.issuer_stateOrProvinceName | string |
The issuer state or province. |
|
md5
|
ssl_certs.ssl_cert.md5 | string |
The certificate MD5. |
|
serial_number
|
ssl_certs.ssl_cert.serial_number | float |
The certificate serial number. |
|
sha1
|
ssl_certs.ssl_cert.sha1 | string |
The certificate sha1. |
|
sha_256
|
ssl_certs.ssl_cert.sha_256 | string |
The certificate sha256. |
|
sig_algo
|
ssl_certs.ssl_cert.sig_algo | string |
The certificate signature algorithm. |
|
signature
|
ssl_certs.ssl_cert.signature | array of string |
Signature split into multiple lines. |
|
ssl_version
|
ssl_certs.ssl_cert.ssl_version | integer |
The SSL version. |
|
subject_commonName
|
ssl_certs.ssl_cert.subject_commonName | string |
The subject name that the certificate was issued to. |
|
subject_countryName
|
ssl_certs.ssl_cert.subject_countryName | string |
The country the certificate was issued to. |
|
subject_localityName
|
ssl_certs.ssl_cert.subject_localityName | string |
The city where the subject company is legally located. |
|
subject_organizationName
|
ssl_certs.ssl_cert.subject_organizationName | string |
The organization name that recieved the certificate. |
|
subject_organizationalUnitName
|
ssl_certs.ssl_cert.subject_organizationalUnitName | string |
The organization unit name that recieved the certificate. |
|
subject_stateOrProvinceName
|
ssl_certs.ssl_cert.subject_stateOrProvinceName | string |
The state or province name where the subject company is located. |
|
timestamp
|
ssl_certs.ssl_cert.timestamp | string |
The certificate date and time. |