Flashpoint

Updated 4 months ago by Elvis Hovor

Introduction

TruSTAR is a threat intelligence platform designed to accelerate incident analysis process and exchange of intelligence among various internal and external teams. Flashpoint provides unique Deep & Dark Web data, expertise, and technology enable our customers to glean intelligence that informs risk and protects their ability to operate.TruSTAR's Integration with Flashpoint allows users to enrich suspicious IOCs with Flashpoint intelligence and pull that into their workflow tools.

Prerequisites

This integration requires TruSTAR users to be paying customers of Flashpoint and have access to Flashpoint API keys.

Configure Integration

After you have retrieved your Flashpoint API key follow these steps:

  1. Log into TruSTAR Station and go the Explore->Marketplace (https://station.trustar.co/browse/marketplace).
  2. Click on Closed Sources.
  3. Click on the Flashpoint logo and fill in your API key.
  4. Click Submit.

TruSTAR will validate and enable either or all of the Flashpoint integrations within 48 hours. You will receive an email from us informing you as soon as it is enabled.

After the integration in enabled you should see reports from Flashpoint intelligence reports being submitted into an enclave you control.

FAQ

What data do you currently pull from .Flashpoint? 

Our integration currently only pulls reports from Flashpoint that have the cyber IOC’s listed below

These include:

  • IP
  • Domain
  • URL
  • Bitcoin Addresses
  • SHA1
  • SHA256
  • CVE
  • Registry Keys
  • Malware

Please contact us if you would like to discuss additional indicators that can be queried from ........

How often is the data pulled?

Our integration retrieves data from Flashpoint every 15mins.

Technical Details 

Integration type: Intelligence Feed Ingest

API Timeout : 30 seconds

BASE_URL - https://docs.fp.tools

API Mapping: Credential Type - API Key

Stash Type: stash_flashpoint

SourceType: Closed Source

Latest 500 feeds will be considered from response

Request Example-

https://docs.fp.tools/api/v4/reports/?since=-1d&until=now&limit=500&highlight_tag=x-fp-highlight&fragment_size=256

Sample Response -

{

   "total": 3,

   "limit": 500,

   "count": 3,

   "skip": 0,

   "data": [

       {

           "platform_url": "https://fp.tools/home/intelligence/reports/report/yhVTxxxxx#detail",

           "title_asset_id": "yO1DghSURxiFicz9z23Chg",

           "ingested_at": "2018-11-29T20:18:32+00:00",

           "sources": [

               {

                   "platform_url": "https://fp.tools/home/intelligence/reports/report/YG4xxxxxxx#detail",

                   "source": "/reports/Yxxxxxx",

                   "original": "https://fp.tools/home/intelligence/reports/report/Yxxxxxxxxx",

                   "title": "Threat Actors....... ",

                   "type": "Report",

                   "source_id": "Yxxxxxxxx"

               },

                          ],

           "posted_at": "2018-11-29T20:18:32+00:00",

           "summary": "<p>Threat actors use ..</p>",

           "tags": [

               "Cybersecurity & Internet Governance",

               "Entertainment",

               "Hospitality & Gaming",

               "Manuals",

               "Technology & Internet"

           ],

           "title_asset": "/assets/yOxxxxxxxx",

           "id": "yhxxxxxxxx",

           "version_posted_at": "2018-11-29T20:18:32+00:00",

           "is_featured": false,

           "title": "Lessonxxxxxxx",

           "asset_ids": [

               "8_OApWA-SFGkMYxYdR8lMQ",

               "yO1xxxxxxx"

           ],

           "body": "<p><strong>Key Takeaways</strong></p>\n<ul>\n<li>Threat actors use ... (distributed with Android) — to carry out attacks against apps for a range of organizations, including financial institutions and video game companies. Video game cheaters use emulators to give themselves an advantage .... </em></p>",

           "notified_at": "2018-11-29T20:18:32+00:00",

           "assets": [

               "/assets/8_Oxxxxx",

               "/assets/yOxxxxxx"

           ],

}

TruSTAR Report Content Mapping:

Report Title - title of individual item under data field of json response (e.g Lessons in .......)

External ID - id of individual item under data field of json response(e.g yhVToqq6T-2wjIP5E8WArA)

Report Body - individual item of data field of json response

Time Begun - posted_at of individual item under data field of response(e.g. 2018-11-29T20:18:32+00:00)

Tags - Tags field of response if available(e.g. [“Cybersecurity & Internet Governance”, “Entertainment”, “Hospitality & Gaming”, “Manuals”, “Intelligence Report”, “Fraud”, “Cybercrime”, “Cyber Threats”, “Media & Telecom”, “Technology & Internet”])

Tags greater than 32 characters long will be ignored

Deeplink - platform_url field of individual item (https://fp.tools/home/intelligence/reports/report/yhVTAxxxxxx#detail)

Summary field should be on the top. If there is a link available for CSV data, we will append response with ‘csv_data’ key in original json response

Please reach out to support@trustar.co for any additional questions.


How Did We Do?