Have I Been Pwned

Integration version: 7.0

Configure Have I Been Pwned to work with Google Security Operations SOAR

Credentials

An API Key needs to be purchased in order to make necessary configurations for the HaveIBeenPwned integration.

Network

Function Default Port Direction Protocol
API Multivalues Outbound apikey

Configure HaveIBeenPwned integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Check Account

Description

Check if you have an account that has been compromised in a data breach.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the User entity.

Action Results

Entity Enrichment
Enrichment Field Name Logic - When to apply
Breaches Returns if it exists in JSON result
Pastes Returns if it exists in JSON result
Insights

N/A

Script Result
Script Result Name Value Options Example
pwned_emails N/A N/A
JSON Result
[
    {
        "EntityResult":
        {
            "breaches": [
                {
                    "PwnCount": 37217682,
                    "IsRetired": false,
                    "Description": "In March 2012, the music website <a href=\\\"https://techcrunch.com/2016/09/01/43-million-passwords-hacked-in-last-fm-breach/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Last.fm was hacked</a> and 43 million user accounts were exposed. Whilst <a href=\\\"http://www.last.fm/passwordsecurity\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Last.fm knew of an incident back in 2012</a>, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.",
                    "DataClasses": ["Email addresses",
                                    "Passwords",
                                    "Usernames"
                                   ],
                    "IsSensitive": false,
                    "Domain": "last.fm",
                    "IsSpamList": false,
                    "BreachDate": "2012-03-22",
                    "IsFabricated": false,
                    "ModifiedDate": "2016-09-20T20:00:49Z",
                    "Title": "Last.fm",
                    "Name": "Lastfm",
                    "AddedDate": "2016-09-20T20:00:49Z",
                    "IsVerified": true,
                    "LogoPath": "https://haveibeenpwned.com/Content/Images/PwnedLogos/Lastfm.png"
                }],
            "pastes": [
                {
                    "Date": null,
                    "Source": "AdHocUrl",
                    "EmailCount": 36959,
                    "Id": "http://siph0n.in/exploits.php?id=1",
                    "Title": "BuzzMachines.com 40k+"
                }]
        },
        "Entity": "john_doe@example.com"
    }
]

Ping

Description

Check connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_connect True/False is_connect:False
JSON Result
N/A