The Digital Shadows SearchLight App allows users to create flexible and dynamic playbooks that fully harness the capabilities provided by the Digital Shadows SearchLight API
Supported Actions
- test connectivity: Validate connection to the Digital Shadows API
- on poll: Callback action for the 'on_poll' ingest functionality
- search all records: Search across all Digital Shadow's entities including incidents, threat profiles, and our closed data stores
- get incident: Retrieve a single incident and its details, identified by its unique integer identifier
- search incidents: Search incidents based on filters. The On Poll action also uses this endpoint to collect incidents for a given time range/interval
- get incident review: Retrieve the history of all review submissions for a given incident, ordered by submission time with the most recent submission first
- post incident review: Post a status update to the incident along with a note
- search intelligence incidents: Meant to be a simple way to search Intelligence Incidents based on time range and incident types if needed
- get intelligence incident: Retrieve a single intelligence incident and its details, identified by its unique integer identifier
- get intelligenceincident ioc: Retrieve the indicators of compromise associated with an intelligence incident
- search data breaches: Search across all data breaches that are relevant to your organization
- get data breach: Retrieve a single data breach and its details, identified by its unique integer identifier. The records associated with the breach must be retrieved using a separate operation
- search databreach records: Search data breach records across all data breaches. This operation also includes basic information about the data breach the record occurred within
- get databreach records: Retrieve breach records (credentials) for a specific breach
- get breachrecord byuser: This action allows you to search breach records based on the domain, review status, or full/partial strings from the username
- get breachrecord review: Retrieve the list of review status updates for a given data breach record
- post breachrecord review: Update an individual breach record's notes or status using this action