Current ThreatQ Version Filter
 

Have I Been Pwned Operation

The web format of this guide reflects the most current release.  Guides for older iterations are available in PDF format.  

Integration Details

ThreatQuotient provides the following details for this integration:

Introduction

The Have I Been Pwned Operation for ThreatQuotient enables a ThreatQ user to query Have I Been Pwned for any breaches for a given account.

The operation provides the following action:

  • Lookup - queries Have I Been Pwned for any breaches associated with the selected email address.

The operation is compatible with IP Address type Indicators.   

Installation

This integration can be installed in the My Integration section of your ThreatQ instance. See the Adding an Integration topic for more details.

Configuration

ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.

To configure the integration:

  1. Navigate to your integrations management page in ThreatQ.
  2. Select the Operation option from the Type dropdown (optional).
  3. Click on the integration entry to open its details page.
  4. Enter the following parameter under the Configuration tab:
    Parameter Description
    API Key Your Have I Been Pwned API Key.
  5. Review any additional settings, make any changes if needed, and click on Save.
  6. Click on the toggle switch, located above the Additional Information section, to enable it.

Actions

The operation provides the following action:

Action Description Object Type Object Subtype
Lookup Queries Have I Been Pwned for any breaches associated with the queried email address. Indicator IP Address

Lookup

The Lookup action queries Have I Been Pwned for any breaches associated with the queried email address.

Example Output

Lookup Action Example Result

Change Log

  • Version 1.0.0
    • Initial release

PDF Guides

Document ThreatQ Version
Have I Been Pwned Operation Guide v1.0.0 4.26.0 or Greater