Have I Been Pwned

Integration version: 6.0

Configure Have I Been Pwned to work with Google Security Operations SOAR

Credentials

An API Key needs to be purchased in order to make necessary configurations for the HaveIBeenPwned integration.

Network

Function	Default Port	Direction	Protocol
API	Multivalues	Outbound	apikey

Configure HaveIBeenPwned integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Check Account

Description

Check if you have an account that has been compromised in a data breach.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the User entity.

Action Results

Entity Enrichment

Enrichment Field Name	Logic - When to apply
Breaches	Returns if it exists in JSON result
Pastes	Returns if it exists in JSON result

Insights

N/A

Script Result

Script Result Name	Value Options	Example
pwned_emails	N/A	N/A

JSON Result

[
    {
        "EntityResult":
        {
            "breaches": [
                {
                    "PwnCount": 37217682,
                    "IsRetired": false,
                    "Description": "In March 2012, the music website <a href=\\\"https://techcrunch.com/2016/09/01/43-million-passwords-hacked-in-last-fm-breach/\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Last.fm was hacked</a> and 43 million user accounts were exposed. Whilst <a href=\\\"http://www.last.fm/passwordsecurity\\\" target=\\\"_blank\\\" rel=\\\"noopener\\\">Last.fm knew of an incident back in 2012</a>, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.",
                    "DataClasses": ["Email addresses",
                                    "Passwords",
                                    "Usernames"
                                   ],
                    "IsSensitive": false,
                    "Domain": "last.fm",
                    "IsSpamList": false,
                    "BreachDate": "2012-03-22",
                    "IsFabricated": false,
                    "ModifiedDate": "2016-09-20T20:00:49Z",
                    "Title": "Last.fm",
                    "Name": "Lastfm",
                    "AddedDate": "2016-09-20T20:00:49Z",
                    "IsVerified": true,
                    "LogoPath": "https://haveibeenpwned.com/Content/Images/PwnedLogos/Lastfm.png"
                }],
            "pastes": [
                {
                    "Date": null,
                    "Source": "AdHocUrl",
                    "EmailCount": 36959,
                    "Id": "http://siph0n.in/exploits.php?id=1",
                    "Title": "BuzzMachines.com 40k+"
                }]
        },
        "Entity": "john_doe@example.com"
    }
]

Ping

Description

Check connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_connect	True/False	is_connect:False

JSON Result

N/A