HYAS Insight (Preview)

HYAS Insight integration to Microsoft Azure Sentinel provides direct, high volume access to HYAS Insight data. It enables investigators and analysts to understand and defend against cyber adversaries and their infrastructure.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
Contact
Name HYAS Infosec
URL https://www.hyas.com/contact
Email support@hyas.com
Connector Metadata
Publisher HYAS Infosec
Website https://www.hyas.com
Privacy policy https://www.hyas.com/privacy-statement/
Categories Security;Website

Pre-requisites

You will need the following to proceed:

  • A Microsoft Power Apps or Power Automate plan with custom connector feature
  • An Azure subscription
  • HYAS Insight API Key

Support and documentation:

For all the support requests and general queries you can contact support@hyas.com or visit contact-us

Creating a connection

To connect your account, you will need the following information:

Name Type Description
HYAS Insight API Key securestring

The HYAS Insight API Key for this api

Throttling Limits

Name Calls Renewal Period
API calls per connection10060 seconds

Actions

Retrieve Current WHOIS information for domain

Retrieve Current WHOIS enrichment data for domain.

Retrieve Device Geo information for IPv4 address

Retrieve Device Geo enrichment data for IPv4 address.

Retrieve Device Geo information for IPv6 address

Retrieve Device Geo enrichment data for IPv6 address.

Retrieve Dynamic DNS information for email address

Retrieve Dynamic DNS enrichment data for email address.

Retrieve Dynamic DNS information for IP address

Retrieve Dynamic DNS enrichment data for IP address.

Retrieve Historic WHOIS information for domain

Retrieve Historic WHOIS enrichment data for domain.

Retrieve Historic WHOIS information for email address

Retrieve Historic WHOIS enrichment data for email address.

Retrieve Historic WHOIS information for phone number

Retrieve Historic WHOIS enrichment data for phone number.

Retrieve Passive DNS information for domain

Retrieve Passive DNS enrichment data for domain.

Retrieve Passive DNS information for IP address

Retrieve Passive DNS enrichment data for IP address.

Retrieve Passive Hash information for IP address

Retrieve Passive Hash enrichment data for IP address.

Retrieve Sinkhole information for IP address

Retrieve Sinkhole enrichment data for IP address.

Retrieve SSL certificate information for IP address

Retrieve SSL certificate enrichment data for IP address.

Retrieve Current WHOIS information for domain

Retrieve Current WHOIS enrichment data for domain.

Parameters

Name Key Required Type Description
Domain
domain True string

Domain you want to enrich.

Returns

Name Path Type Description
items
items array of object

The items object.

abuse_emails
items.abuse_emails array of string

The abuse emails information.

address
items.address array of string

The address information.

city
items.city array of string

The city of the registrant.

country
items.country array of string

The country of the registrant.

data
items.data string

The data information.

datetime
items.datetime string

The datetime information.

domain
items.domain string

The domain of the registrant.

domain_2tld
items.domain_2tld string

The second-level domain of the registrant.

domain_created_datetime
items.domain_created_datetime string

The date and time when the Whois record was created.

domain_expires_datetime
items.domain_expires_datetime string

The date and time when the Whois record expires.

domain_updated_datetime
items.domain_updated_datetime string

The date and time when the Whois record was last updated.

email
items.email array of string

The email information.

idn_name
items.idn_name string

The international domain name information.

meta_data
items.meta_data string

The metadata information.

name
items.name array of string

The contact name (registrant contact, administrative contact, technical contact, or abuse contact.)

nameserver
items.nameserver array of string

The nameserver domain.

organization
items.organization array of string

The organization information.

phone
items.phone array of string

The phone number of the registrant in e164 format.

registrar
items.registrar string

The domain registrar.

state
items.state array of string

The state where domain was registered.

whois_hash
items.whois_hash string

The hash information.

whois_id
items.whois_id string

The whois id information.

whois_nameserver
items.whois_nameserver array of object

The whois_nameserver object.

domain
items.whois_nameserver.domain string

The nameserver’s domain information.

domain_2tld
items.whois_nameserver.domain_2tld string

The nameserver’s domain_2tld information.

whois_related_nameserver_id
items.whois_nameserver.whois_related_nameserver_id string

The nameserver’s Id Information.

whois_pii
items.whois_pii array of object

The whois_pii object.

address
items.whois_pii.address string

The personal identity address information.

city
items.whois_pii.city string

The personal identity city information.

data
items.whois_pii.data string

The personal identity data information.

email
items.whois_pii.email string

The personal identity email information.

geo_country_alpha_2
items.whois_pii.geo_country_alpha_2 string

The personal identity country information.

name
items.whois_pii.name string

The personal identity name information.

organization
items.whois_pii.organization string

The personal identity organization information.

phone_e164
items.whois_pii.phone_e164 string

The personal identity Phone_e164 information.

state
items.whois_pii.state string

The personal identity state information.

whois_related_pii_id
items.whois_pii.whois_related_pii_id string

The personal identity Id information.

whois_related_type
items.whois_pii.whois_related_type string

The personal identity related information.

source
source string

The source information.

total_count
total_count integer

The total count information.

Retrieve Device Geo information for IPv4 address

Retrieve Device Geo enrichment data for IPv4 address.

Parameters

Name Key Required Type Description
IPv4 address
ipv4 True string

IPv4 address you want to enrich.

Returns

Name Path Type Description
array of object
datetime
datetime string

A date-time string in RFC 3339 format.

device_geo_id
device_geo_id string

Internal record ID.

device_user_agent
device_user_agent string

The user agent string for the device.

geo_country_alpha_2
geo_country_alpha_2 string

The ISO 3316 alpha-2 code for the country associated with the lat/long reported.

geo_horizontal_accuracy float

The GPS horizontal accuracy.

ipv4
ipv4 string

The ipv4 address assigned to the device. A device may have either or ipv4 and ipv6.

ipv6
ipv6 string

The ipv6 address assigned to the device. A device may have either or ipv4 and ipv6.

latitude
latitude float

Units are degrees on the WGS 84 spheroid.

longitude
longitude float

Units are degrees on the WGS 84 spheroid.

wifi_bssid
wifi_bssid string

The BSSID (MAC address) of the wifi router that the device communicated through.

Retrieve Device Geo information for IPv6 address

Retrieve Device Geo enrichment data for IPv6 address.

Parameters

Name Key Required Type Description
IPv6 address
ipv6 True string

IPv6 address you want to enrich.

Returns

Name Path Type Description
array of object
datetime
datetime string

A date-time string in RFC 3339 format.

device_geo_id
device_geo_id string

Internal record ID.

device_user_agent
device_user_agent string

The user agent string for the device.

geo_country_alpha_2
geo_country_alpha_2 string

The ISO 3316 alpha-2 code for the country associated with the lat/long reported.

geo_horizontal_accuracy float

The GPS horizontal accuracy.

ipv4
ipv4 string

The ipv4 address assigned to the device. A device may have either or ipv4 and ipv6.

ipv6
ipv6 string

The ipv6 address assigned to the device. A device may have either or ipv4 and ipv6.

latitude
latitude float

Units are degrees on the WGS 84 spheroid.

longitude
longitude float

Units are degrees on the WGS 84 spheroid.

wifi_bssid
wifi_bssid string

The BSSID (MAC address) of the wifi router that the device communicated through.

Retrieve Dynamic DNS information for email address

Retrieve Dynamic DNS enrichment data for email address.

Parameters

Name Key Required Type Description
Email address
email True string

Email address you want to enrich.

Returns

Name Path Type Description
array of object
a_record
a_record string

The A record for the domain.

account
account string

The account holder name.

created
created string

The date which the domain was created.

created_ip
created_ip string

The ip address of the account holder.

domain
domain string

The domain associated with the dynamic dns information.

domain_creator_ip
domain_creator_ip string

The ip address of the domain creator.

email
email string

The email address connected to the domain.

Retrieve Dynamic DNS information for IP address

Retrieve Dynamic DNS enrichment data for IP address.

Parameters

Name Key Required Type Description
IPv4 address
ip True string

IPv4 address you want to enrich.

Returns

Name Path Type Description
array of object
a_record
a_record string

The A record for the domain.

account
account string

The account holder name.

created
created string

The date which the domain was created.

created_ip
created_ip string

The ip address of the account holder.

domain
domain string

The domain associated with the dynamic dns information.

domain_creator_ip
domain_creator_ip string

The ip address of the domain creator.

email
email string

The email address connected to the domain.

Retrieve Historic WHOIS information for domain

Retrieve Historic WHOIS enrichment data for domain.

Parameters

Name Key Required Type Description
Domain
domain True string

Domain you want to enrich.

Returns

Name Path Type Description
array of object
address
address array of string

The address information.

city
city array of string

The city information.

country
country array of string

The country information.

data
data string

The data information.

datetime
datetime string

The datetime information.

domain
domain string

The domain of the registrant.

domain_2tld
domain_2tld string

The second-level domain of the registrant.

domain_created_datetime
domain_created_datetime string

The date and time when the whois record was created.

domain_expires_datetime
domain_expires_datetime string

The date and time when the whois record expires.

domain_updated_datetime
domain_updated_datetime string

The date and time when the whois record was last updated.

email
email array of string

The email information.

idn_name
idn_name string

The international domain name.

meta_data
meta_data string

The metadata information.

name
name array of string

The name information.

nameserver
nameserver array of string

The nameserver information.

phone
phone array of object

Array of object, The phone number registrant contact in e164 format along with geo info.

phone
phone.phone string

The phone number registrant contact in e164 format.

carrier
phone.phone_info.carrier string

Phone number carrier.

country
phone.phone_info.country string

Phone number country.

geo
phone.phone_info.geo string

Phone number geo Can be city or province or region or country.

registrar
registrar string

The domain registrar.

whois_hash
whois_hash string

The hash information.

whois_id
whois_id string

The whois id information.

Retrieve Historic WHOIS information for email address

Retrieve Historic WHOIS enrichment data for email address.

Parameters

Name Key Required Type Description
Email address
email True string

Email address you want to enrich.

Returns

Name Path Type Description
array of object
address
address array of string

The address information.

city
city array of string

The city information.

country
country array of string

The country information.

data
data string

The data information.

datetime
datetime string

The datetime information.

domain
domain string

The domain of the registrant.

domain_2tld
domain_2tld string

The second-level domain of the registrant.

domain_created_datetime
domain_created_datetime string

The date and time when the whois record was created.

domain_expires_datetime
domain_expires_datetime string

The date and time when the whois record expires.

domain_updated_datetime
domain_updated_datetime string

The date and time when the whois record was last updated.

email
email array of string

The email information.

idn_name
idn_name string

The international domain name.

meta_data
meta_data string

The metadata information.

name
name array of string

The name information.

nameserver
nameserver array of string

The nameserver information.

phone
phone array of object

Array of object, The phone number registrant contact in e164 format along with geo info.

phone
phone.phone string

The phone number registrant contact in e164 format.

carrier
phone.phone_info.carrier string

Phone number carrier.

country
phone.phone_info.country string

Phone number country.

geo
phone.phone_info.geo string

Phone number geo Can be city or province or region or country.

registrar
registrar string

The domain registrar.

whois_hash
whois_hash string

The hash information.

whois_id
whois_id string

The whois id information.

Retrieve Historic WHOIS information for phone number

Retrieve Historic WHOIS enrichment data for phone number.

Parameters

Name Key Required Type Description
Phone number
phone True string

Phone number you want to enrich. ( e164 format. Eg: ( +41585855634 ) )

Returns

Name Path Type Description
array of object
address
address array of string

The address information.

city
city array of string

The city information.

country
country array of string

The country information.

data
data string

The data information.

datetime
datetime string

The datetime information.

domain
domain string

The domain of the registrant.

domain_2tld
domain_2tld string

The second-level domain of the registrant.

domain_created_datetime
domain_created_datetime string

The date and time when the whois record was created.

domain_expires_datetime
domain_expires_datetime string

The date and time when the whois record expires.

domain_updated_datetime
domain_updated_datetime string

The date and time when the whois record was last updated.

email
email array of string

The email information

idn_name
idn_name string

The international domain name.

meta_data
meta_data string

The metadata information.

name
name array of string

The name information.

nameserver
nameserver array of string

The nameserver information.

phone
phone array of object

Array of object, The phone number registrant contact in e164 format along with geo info.

phone
phone.phone string

The phone number registrant contact in e164 format.

carrier
phone.phone_info.carrier string

Phone number carrier.

country
phone.phone_info.country string

Phone number country.

geo
phone.phone_info.geo string

Phone number geo Can be city or province or region or country.

registrar
registrar string

The domain registrar.

whois_hash
whois_hash string

The hash information.

whois_id
whois_id string

The whois id information.

Retrieve Passive DNS information for domain

Retrieve Passive DNS enrichment data for domain.

Parameters

Name Key Required Type Description
Domain
domain True string

Domain you want to enrich.

Returns

Name Path Type Description
array of object
cert_name
cert_name string

The certificate provider name.

count
count integer

The passive dns count.

domain
domain string

The domain of the passive dns information requested.

first_seen
first_seen string

The first time this domain was seen.

city_name
ip.geo.city_name string

City of the ip organization.

country_iso_code
ip.geo.country_iso_code string

Country ISO code of the ip organization.

country_name
ip.geo.country_name string

Country name of the ip organization.

location_latitude
ip.geo.location_latitude string

The latitude of the ip organization.

location_longitude
ip.geo.location_longitude string

The longitude of the ip organization.

postal_code
ip.geo.postal_code string

The postalcode of the ip organization.

ip
ip.ip string

IP of the organization.

autonomous_system_number
ip.isp.autonomous_system_number string

The ASN of the ip.

autonomous_system_organization
ip.isp.autonomous_system_organization string

The ASO of the ip.

ip_address
ip.isp.ip_address string

The IP.

isp
ip.isp.isp string

The Internet Service Provider.

organization
ip.isp.organization string

The ISP organization.

ipv4
ipv4 string

The ipv4 address of the passive dns record.

ipv6
ipv6 string

The ipv6 address of the passive dns record.

last_seen
last_seen string

The last time this domain was seen.

sha1
sha1 string

The sha1.

sources
sources array of string

A list of pDNS providers which the data came from.

Retrieve Passive DNS information for IP address

Retrieve Passive DNS enrichment data for IP address.

Parameters

Name Key Required Type Description
IPv4 address
ipv4 True string

IPv4 address you want to enrich.

Returns

Name Path Type Description
array of object
cert_name
cert_name string

The certificate provider name.

count
count integer

The passive dns count.

domain
domain string

The domain of the passive dns information requested.

first_seen
first_seen string

The first time this domain was seen.

city_name
ip.geo.city_name string

City of the ip organization.

country_iso_code
ip.geo.country_iso_code string

Country ISO code of the ip organization.

country_name
ip.geo.country_name string

Country name of the ip organization.

location_latitude
ip.geo.location_latitude string

The latitude of the ip organization.

location_longitude
ip.geo.location_longitude string

The longitude of the ip organization.

postal_code
ip.geo.postal_code string

The postalcode of the ip organization.

ip
ip.ip string

IP of the organization.

autonomous_system_number
ip.isp.autonomous_system_number string

The ASN of the ip.

autonomous_system_organization
ip.isp.autonomous_system_organization string

The ASO of the ip.

ip_address
ip.isp.ip_address string

The IP.

isp
ip.isp.isp string

The Internet Service Provider.

organization
ip.isp.organization string

The ISP organization.

ipv4
ipv4 string

The ipv4 address of the passive dns record.

ipv6
ipv6 string

The ipv6 address of the passive dns record.

last_seen
last_seen string

The last time this domain was seen.

sha1
sha1 string

The sha1.

sources
sources array of string

A list of pDNS providers which the data came from.

Retrieve Passive Hash information for IP address

Retrieve Passive Hash enrichment data for IP address.

Parameters

Name Key Required Type Description
IPv4 address
ipv4 True string

IPv4 address you want to enrich.

Returns

Name Path Type Description
array of object
domain
domain string

The domain of the passive hash information requested.

md5_count
md5_count integer

The malware hash count related to the domain.

Retrieve Sinkhole information for IP address

Retrieve Sinkhole enrichment data for IP address.

Parameters

Name Key Required Type Description
IPv4 address
ipv4 True string

IPv4 address you want to enrich.

Returns

Name Path Type Description
array of object
count
count integer

The sinkhole count.

country_name
country_name string

The country of the ip.

data_port
data_port integer

The data port.

datetime
datetime string

The first seen date of the sinkhole.

ipv4
ipv4 string

The ipv4 of the sinkhole.

last_seen
last_seen string

The last seen date of the sinkhole.

organization_name
organization_name string

The isp organization for the ip.

sink_source
sink_source string

The ipv4 of the sink source.

Retrieve SSL certificate information for IP address

Retrieve SSL certificate enrichment data for IP address.

Parameters

Name Key Required Type Description
IPv4 address
ip True string

IPv4 address you want to enrich.

Returns

Name Path Type Description
related_count
related_count integer

The number of ip addresses connected to this certificate.

ssl_certs
ssl_certs array of object

The ssl_certs object.

ip
ssl_certs.ip string

The ip address associated with certificate.

cert_key
ssl_certs.ssl_cert.cert_key string

The certificate key (sha1).

expire_date
ssl_certs.ssl_cert.expire_date string

The expiry date of the certificate.

issue_date
ssl_certs.ssl_cert.issue_date string

The issue date of the certificate.

issuer_commonName
ssl_certs.ssl_cert.issuer_commonName string

The common name that the certificate was issued from.

issuer_countryName
ssl_certs.ssl_cert.issuer_countryName string

The country ISO the certificate was issued from.

issuer_localityName
ssl_certs.ssl_cert.issuer_localityName string

The city where the issuer company is legally located.

issuer_organizationName
ssl_certs.ssl_cert.issuer_organizationName string

The organization name that issued the certificate.

issuer_organizationalUnitName
ssl_certs.ssl_cert.issuer_organizationalUnitName string

The organization unit name that issued the certificate.

issuer_stateOrProvinceName
ssl_certs.ssl_cert.issuer_stateOrProvinceName string

The issuer state or province.

md5
ssl_certs.ssl_cert.md5 string

The certificate MD5.

serial_number
ssl_certs.ssl_cert.serial_number float

The certificate serial number.

sha1
ssl_certs.ssl_cert.sha1 string

The certificate sha1.

sha_256
ssl_certs.ssl_cert.sha_256 string

The certificate sha256.

sig_algo
ssl_certs.ssl_cert.sig_algo string

The certificate signature algorithm.

signature
ssl_certs.ssl_cert.signature array of string

Signature split into multiple lines.

ssl_version
ssl_certs.ssl_cert.ssl_version integer

The SSL version.

subject_commonName
ssl_certs.ssl_cert.subject_commonName string

The subject name that the certificate was issued to.

subject_countryName
ssl_certs.ssl_cert.subject_countryName string

The country the certificate was issued to.

subject_localityName
ssl_certs.ssl_cert.subject_localityName string

The city where the subject company is legally located.

subject_organizationName
ssl_certs.ssl_cert.subject_organizationName string

The organization name that recieved the certificate.

subject_organizationalUnitName
ssl_certs.ssl_cert.subject_organizationalUnitName string

The organization unit name that recieved the certificate.

subject_stateOrProvinceName
ssl_certs.ssl_cert.subject_stateOrProvinceName string

The state or province name where the subject company is located.

timestamp
ssl_certs.ssl_cert.timestamp string

The certificate date and time.