/
RiskIQDigitalFootprint.yml
3243 lines (3243 loc) · 170 KB
/
RiskIQDigitalFootprint.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
category: Data Enrichment & Threat Intelligence
commonfields:
id: RiskIQDigitalFootprint
version: -1
configuration:
- defaultvalue: https://api.riskiq.net
display: API URL
name: url
required: true
type: 0
- display: API Token
name: token
required: true
type: 4
- display: API Secret
name: secret
required: true
type: 4
- display: Trust any certificate (not secure)
name: insecure
type: 8
required: false
- display: Use system proxy settings
name: proxy
type: 8
required: false
description: The RiskIQ Digital Footprint integration enables your security team to manage assets outside your firewall. Using the integration, you can view asset details, add or update assets and analyze your digital footprint from the adversary's perspective.
display: RiskIQ Digital Footprint
name: RiskIQDigitalFootprint
script:
commands:
- arguments:
- auto: PREDEFINED
description: 'The type of the asset for which connections are to be fetched. Valid types include: Domain, Host, IP Address, IP Block, ASN, Page, SSL Cert, Contact. This argument supports a single value only.'
name: type
predefined:
- Domain
- Host
- IP Address
- IP Block
- ASN
- Page
- SSL Cert
- Contact
required: true
- description: The name of the asset for which connections are to be fetched. For example riskiq.com, 8.8.8.8, mail.net, etc. This argument supports a single value only.
name: name
required: true
- auto: PREDEFINED
description: Setting this value to true will search the entire global inventory. Setting it to false will search for assets in the workspace associated with the authentication token. The default value for this argument is false. This argument supports a single value only.
name: global
predefined:
- 'true'
- 'false'
- description: The index of the page to retrieve. The index is zero based so the first page is page 0. The default value for this argument is 0.
name: page
- description: The response contains a page of assets for each related asset type. Size determines the number of associated assets of each type that are returned. The default value for this argument is 20. The more associated assets you retrive, the longer it will take to fetch the response.
name: size
description: Retrieve the set of assets that are connected to the requested asset.
name: df-asset-connections
outputs:
- contextPath: Domain.Name
description: The domain name.
type: String
- contextPath: Domain.Organization
description: The organization of the domain.
type: String
- contextPath: IP.Address
description: IP address.
type: String
- contextPath: URL.Data
description: The URL.
type: String
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the score.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.name
description: Name of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.type
description: Type of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.state
description: State of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.firstSeen
description: Date and time when the connected asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.lastSeen
description: Date and time when the connected asset was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.uuid
description: UUID of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.label
description: Label of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.description
description: Description of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.confidence
description: Discovery confidence level of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.priority
description: Priority of the connected asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.autoConfirmed
description: Was the connected asset auto-confirmed.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.enterprise
description: Has the connected asset been designated as an enterprise asset.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.keystone
description: Was the connected asset designated as a discovery keystone.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.organizations.createdAt
description: Date and time when the organization applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.organizations.updatedAt
description: Date and time when the organization applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.organizations.status
description: Status of the organization applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.organizations.workspaceOrganizationID
description: ID of the organization applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.organizations.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.organizations.name
description: Name of the organization applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.organizations.id
description: ID of the organization applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.tags.createdAt
description: Date and time when the tag applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.tags.updatedAt
description: Date and time when the tag applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.tags.status
description: Status of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.workspaceTagID
description: ID of the tag applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.tags.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.tags.workspaceTagType
description: Workspace type of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.color
description: Color of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.name
description: Name of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.id
description: ID of the tag applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.brands.createdAt
description: Date and time when the brand applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.brands.updatedAt
description: Date and time when the brand applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.brands.status
description: Status of the brand applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.brands.workspaceBrandID
description: ID of the brand applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.brands.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.brands.name
description: Name of the brand applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.brands.id
description: ID of the brand applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.createdAt
description: The date that the connected asset was added to inventory.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.updatedAt
description: The date of the most recent update performed by a user action for the connected asset.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.hostExcluded
description: 'When true, only IP Addresses associated with confirmed IP Blocks will be included in the results. Possible Values: True, False.'
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.id
description: ID of the connected asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.source
description: Indicates if the source of the connected asset is known.
type: String
- arguments:
- description: The date of the run in which the changes were identified (YYYY-MM-DD). If not passed, it would consider the most recently run date when the discovery was run on RiskIQ Digital Footprint. This argument supports a single value only.
name: date
- auto: PREDEFINED
description: The period of time for which the changes summary is to be fetched. Supported ranges are 1, 7, and 30 days. The default value is 1. This argument supports a single value only.
name: range
predefined:
- '1'
- '7'
- '30'
- description: Filter summary of changed assets based on the brand associated with the assets. This argument supports a single value only.
name: brand
- description: Filter summary of changed assets based on the organization associated with the assets. This argument supports a single value only.
name: organization
- description: Filter summary of changed assets based on the tag associated with the assets. This argument supports a single value only.
name: tag
description: Retrieve summary information describing counts of confirmed assets that have been added, removed or changed in inventory over the given time period.
name: df-asset-changes-summary
outputs:
- contextPath: RiskIQDigitalFootprint.AssetSummary.runDate
description: The date of the run in which the changes were identified.
type: String
- contextPath: RiskIQDigitalFootprint.AssetSummary.deltas.type
description: Type of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetSummary.deltas.aggregations.removed
description: Count of removed assets from Global Inventory in range of 1, 7, and 30 days from the most recently run date.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetSummary.deltas.aggregations.added
description: Count of added assets to Global Inventory in range of 1, 7, and 30 days from the most recently run date.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetSummary.deltas.aggregations.changed
description: Count of changed assets from Global Inventory in range of 1, 7, and 30 days from the most recently run date.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetSummary.deltas.aggregations.count
description: It indicates the number of confirmed assets in inventory.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetSummary.deltas.aggregations.range
description: The period of time over which the changes were identified. Supported ranges are 1, 7, and 30 days.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetSummary.deltas.aggregations.difference
description: Indicates the result of added minus removed assets.
type: Number
- arguments:
- auto: PREDEFINED
default: true
description: 'Either the type of asset or asset detail to retrieve. Valid asset types: Domain, Host, IP Address, IP Block, ASN, Page, SSL Cert, Contact. Valid asset detail types: Self Hosted Resource, ThirdParty Hosted Resource. This argument supports a single value only.'
name: type
predefined:
- Domain
- Host
- IP Address
- IP Block
- ASN
- Page
- SSL Cert
- Contact
- Self Hosted Resource
- ThirdParty Hosted Resource
required: true
- description: The date of the run in which the changes were identified (YYYY-MM-DD). If not passed, it would consider the most recently run date when the discovery was run on RiskIQ Digital Footprint. This argument supports a single value only.
name: date
- auto: PREDEFINED
description: The period of time over which the changes were identified. Supported ranges are 1, 7, and 30 days. The default value for this argument from RiskIQ platform is 1. This argument supports a single value only.
name: range
predefined:
- '1'
- '7'
- '30'
- auto: PREDEFINED
description: The type of change. Valid options for asset types are Added or Removed and for asset detail types are Added or Changed. The default value for this argument is Added. This argument supports a single value only.
name: measure
predefined:
- Added
- Removed
- Changed
- description: Filter changed assets based on the brand associated with the assets. This argument supports a single value only.
name: brand
- description: Filter changed assets based on the organization associated with the assets. This argument supports a single value only.
name: organization
- description: Filter changed assets based on the tag associated with the assets. This argument supports a single value only.
name: tag
- description: The index of the page to retrieve. The index is zero based so the first page is page 0. The default value for this argument from RiskIQ platform is 0.
name: page
- description: The number of matching assets to return per page. The default value for this argument is 20. The more associated assets you retrive, the longer it will take to fetch the response.
name: size
description: Retrieve the list of confirmed assets that have been added or removed from inventory over the given time period. Retrieve the list of asset detail changes in inventory over the given time period.
name: df-asset-changes
outputs:
- contextPath: Domain.Name
description: The domain name.
type: String
- contextPath: IP.Address
description: IP address.
type: String
- contextPath: URL.Data
description: The URL.
type: String
- contextPath: File.Name
description: The full file name (including file extension).
type: String
- contextPath: File.Size
description: The size of the file, in bytes.
type: Number
- contextPath: File.MD5
description: The MD5 hash of the file.
type: String
- contextPath: File.Type
description: The file type, as determined by libmagic (same as displayed in file entries).
type: String
- contextPath: File.Hostname
description: The name of the host where the file was found. Should match Path.
type: String
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the score.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.name
description: Name of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.runDate
description: The date of the run in which the changes were identified.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.measure
description: The type of change.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.autoConfirmed
description: Was the asset auto-confirmed.
type: Boolean
- contextPath: RiskIQDigitalFootprint.AssetChanges.enterprise
description: Has the asset been designated as an enterprise asset.
type: Boolean
- contextPath: RiskIQDigitalFootprint.AssetChanges.state
description: State of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.priority
description: Priority of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.keystone
description: Was the asset designated as a discovery keystone.
type: Boolean
- contextPath: RiskIQDigitalFootprint.AssetChanges.type
description: Type of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.description
description: Description of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.hostExcluded
description: 'When set to True, only IP Addresses associated with confirmed IP Blocks will be included in the results. Possible values: True, False.'
type: Boolean
- contextPath: RiskIQDigitalFootprint.AssetChanges.id
description: ID of the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.createdAt
description: The date that the asset was added to inventory.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.updatedAt
description: The date of the most recent update performed by a user action.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.confidence
description: Discovery confidence level of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.wildcard
description: Has the asset been designated as a wildcard asset.
type: Boolean
- contextPath: RiskIQDigitalFootprint.AssetChanges.discoveryRun
description: The id of the discovery run in which the asset was discovered.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.childUrlFirstSeen
description: The date and time when the child URl was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.childUrlLastSeen
description: The date and time when the child URL was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.resourceFirstSeen
description: The date and time when the resource was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.resourceLastSeen
description: The date and time when the resource was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.dynamicScore
description: The dynamic score of the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.originalUrl
description: The original URL of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.firstSeenResourceGuid
description: Resource GUID that was first observed for the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.lastSeenResourceGuid
description: Resource GUID that was most recently observed for the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.firstSeenCrawlGuid
description: Crawl GUID that was first observed for the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.lastSeenCrawlGuid
description: Crawl GUID that was most recently observed for the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.firstSeenPageGuid
description: Page GUID that was first observed for the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.lastSeenPageGuid
description: Page GUID that was most recently observed for the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.contentType
description: The content type of the resource included in the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.responseBodySize
description: The response body size of the resource included in the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.md5
description: The md5 hash of the content of the resource included in the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.resource
description: The url of the resource included in the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.resourceHost
description: The hostname of the resource included in the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.microDeltaType
description: The type of the resource included in the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.source
description: If the source of the asset is known.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.organizations.createdAt
description: Date and time when the organization applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.organizations.updatedAt
description: Date and time when the organization applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.organizations.status
description: Status of the organization applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.organizations.workspaceOrganizationID
description: ID of the organization applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.organizations.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.organizations.name
description: Name of the organization applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.organizations.id
description: ID of the organization applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.createdAt
description: Date and time when the tag applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.updatedAt
description: Date and time when the tag applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.status
description: Status of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.workspaceOrganizationID
description: ID of the tag applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.workspaceTagType
description: Workspace type of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.color
description: Color of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.name
description: Name of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.tags.id
description: ID of the tag applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.brands.createdAt
description: Date and time when the brand applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.brands.updatedAt
description: Date and time when the brand applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.AssetChanges.brands.status
description: Status of the brand applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.brands.workspaceOrganizationID
description: ID of the brand applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.brands.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.AssetChanges.brands.name
description: Name of the brand applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.AssetChanges.brands.id
description: ID of the brand applied to the asset.
type: Number
- arguments:
- description: The unique identifier of an asset in global inventory. This argument supports a single value only.
name: uuid
- description: The name of the asset to retrieve. For example riskiq.com, 8.8.8.8, mail.net, etc. This argument supports a single value only.
name: name
- auto: PREDEFINED
description: 'The type of the asset to retrieve. Valid Types: Domain, Host, IP Address, IP Block, ASN, Page, SSL Cert, Contact. This argument supports a single value only.'
name: type
predefined:
- Domain
- Host
- IP Address
- IP Block
- ASN
- Page
- SSL Cert
- Contact
- auto: PREDEFINED
description: Setting this value to true will search the entire global inventory. Setting it to false will search for assets in the workspace associated with the authentication token. The default value for this argument is false. This argument supports a single value only.
name: global
predefined:
- 'true'
- 'false'
- auto: PREDEFINED
description: When specified and set as 'true', only return recent data on the asset. The default value for this argument is false. This argument supports a single value only.
name: recent
predefined:
- 'true'
- 'false'
- description: Digital Footprint (Global Inventory) assets potentially contain pages of related data, for example attributes, cookies and host pairs. Size determines the number for each of these associated items that are returned. The more associated assets you retrive, the longer it will take to fetch the response.
name: size
description: Retrieve the asset of the specified UUID or type and name from Global Inventory.
name: df-get-asset
outputs:
- contextPath: Domain.Name
description: The domain name.
type: String
- contextPath: Domain.Organization
description: The organization of the domain.
type: String
- contextPath: Domain.DomainStatus
description: The status of the domain.
type: String
- contextPath: Domain.NameServers
description: Name servers of the domain.
type: String
- contextPath: Domain.Registrant.Country
description: The country of the domain registrant.
type: String
- contextPath: Domain.Registrant.Email
description: The email address of the domain registrant.
type: String
- contextPath: Domain.Registrant.Name
description: The name of the domain registrant.
type: String
- contextPath: Domain.Registrant.Phone
description: The phone number of the domain registrant.
type: String
- contextPath: Domain.Registrar.Name
description: 'The name of the registrar, for example: "GoDaddy".'
type: String
- contextPath: Domain.Registrar.AbuseEmail
description: The email address of the contact for reporting abuse.
type: String
- contextPath: Domain.Registrar.AbusePhone
description: The phone number of contact for reporting abuse.
type: String
- contextPath: Domain.Admin.Country
description: The country of the domain administrator.
type: String
- contextPath: Domain.Admin.Email
description: The email address of the domain administrator.
type: String
- contextPath: Domain.Admin.Name
description: The name of the domain administrator.
type: String
- contextPath: Domain.Admin.Phone
description: The phone number of the domain administrator.
type: String
- contextPath: Domain.WHOIS.DomainStatus
description: The status of the domain.
type: String
- contextPath: Domain.WHOIS.NameServers
description: 'A list of name servers, for example: "ns1.bla.com, ns2.bla.com".'
type: String
- contextPath: Domain.WHOIS.Registrant.Country
description: The country of the domain registrant.
type: String
- contextPath: Domain.WHOIS.Registrant.Email
description: The email address of the domain registrant.
type: String
- contextPath: Domain.WHOIS.Registrant.Name
description: The name of the domain registrant.
type: String
- contextPath: Domain.WHOIS.Registrant.Phone
description: The phone number of the domain registrant.
type: String
- contextPath: Domain.WHOIS.Registrar.Name
description: 'The name of the registrar, for example: "GoDaddy".'
type: String
- contextPath: Domain.WHOIS.Registrar.AbuseEmail
description: The email address of the contact for reporting abuse.
type: String
- contextPath: Domain.WHOIS.Registrar.AbusePhone
description: The phone number of contact for reporting abuse.
type: String
- contextPath: Domain.WHOIS.Admin.Country
description: The country of the domain administrator.
type: String
- contextPath: Domain.WHOIS.Admin.Email
description: The email address of the domain administrator.
type: String
- contextPath: Domain.WHOIS.Admin.Name
description: The name of the domain administrator.
type: String
- contextPath: Domain.WHOIS.Admin.Phone
description: The phone number of the domain administrator.
type: String
- contextPath: IP.Address
description: IP address.
type: String
- contextPath: IP.ASN
description: 'The autonomous system name for the IP address, for example: "AS8948".'
type: String
- contextPath: CVE.ID
description: 'The ID of the CVE, for example: CVE-2015-1653.'
type: String
- contextPath: CVE.CVSS
description: 'The CVSS of the CVE, for example: 10.0.'
type: String
- contextPath: URL.Data
description: The URL.
type: String
- contextPath: DBotScore.Indicator
description: The indicator that was tested.
type: String
- contextPath: DBotScore.Type
description: The indicator type.
type: String
- contextPath: DBotScore.Vendor
description: The vendor used to calculate the score.
type: String
- contextPath: DBotScore.Score
description: The actual score.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.name
description: Name of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.type
description: Type of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.firstSeen
description: Date and time when the asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.lastSeen
description: Date and time when the asset was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.uuid
description: UUID of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.label
description: Label of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.description
description: Description of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.autoConfirmed
description: Was the asset auto-confirmed.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.enterprise
description: Has the asset been designated as an enterprise asset.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.state
description: State of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.priority
description: Priority of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.keystone
description: Was the asset designated as a discovery keystone.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.hostExcluded
description: 'When true, only IP Addresses associated with confirmed IP Blocks will be included in the results. Possible values: True, False.'
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.id
description: ID of the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.createdAt
description: The date that the asset was added to inventory.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.updatedAt
description: The date of the most recent update was performed on the asset by a user action.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.confidence
description: Discovery confidence level of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.source
description: If the source of the asset is known.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.organizations.createdAt
description: Date and time when the organization applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.organizations.updatedAt
description: Date and time when the organization applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.organizations.status
description: Status of the organization applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.organizations.workspaceOrganizationID
description: ID of the organization applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.organizations.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.organizations.name
description: Name of the organization applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.organizations.id
description: ID of the organization applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.tags.createdAt
description: Date and time when the tag applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.tags.updatedAt
description: Date and time when the tag applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.tags.status
description: Status of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.workspaceOrganizationID
description: ID of the tag applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.tags.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.tags.workspaceTagType
description: Workspace type of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.color
description: Color of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.name
description: Name of the tag applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.tags.id
description: ID of the tag applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.brands.createdAt
description: Date and time when the brand applied to the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.brands.updatedAt
description: Date and time when the brand applied to the asset was updated.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.brands.status
description: Status of the brand applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.brands.workspaceOrganizationID
description: ID of the brand applied to the asset in the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.brands.workspaceID
description: ID of the user's workspace.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.brands.name
description: Name of the brand applied to the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.brands.id
description: ID of the brand applied to the asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.auditTrail.name
description: Name of audit trail detected for the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.auditTrail.type
description: Type of audit trail detected for the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.auditTrail.description
description: Description of audit trail detected for the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.contactID
description: Contact ID of primary contact of the requested asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.firstName
description: First name of primary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.lastName
description: Last name of primary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.fullName
description: Full name of primary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.email
description: Email of primary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.userId
description: User ID of primary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.name
description: Name of primary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.primaryContact.id
description: ID of primary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.contactID
description: Contact ID of secondary contact of the requested asset.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.firstName
description: First name of secondary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.lastName
description: Last name of secondary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.fullName
description: Full name of secondary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.email
description: Email of secondary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.userId
description: User ID of secondary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.name
description: Name of secondary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.secondaryContact.id
description: ID of secondary contact of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.externalID
description: External ID of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.externalMetadata
description: External metadata of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.note
description: Note of the requested asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.removedState
description: State of the asset after removing that asset from the inventory.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.wildcard
description: Has the asset been designated as a wildcard asset.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetDomain
description: Domain of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetWhoisId
description: Whois ID of the domain.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarIanaIds.value
description: The IANA id associated with the domain registrar.
type: Number
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarIanaIds.firstSeen
description: Date and time when the Registrar IanaID of the domain was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarIanaIds.lastSeen
description: Date and time when the Registrar IanaID of the domain was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarIanaIds.recent
description: If the Registrar IanaID of the domain is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarIanaIds.current
description: If the Registrar IanaID of the domain is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantContacts.value
description: Registrant Contact of the domain.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantContacts.firstSeen
description: Date and time when the Registrant Contact of the domain was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantContacts.lastSeen
description: Date and time when the Registrant Contact of the domain was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantContacts.recent
description: If the Registrant Contact of the domain is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantContacts.current
description: If the Registrant Contact of the domain is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantOrgs.value
description: Registrant Organization of the domain.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantOrgs.firstSeen
description: Date and time when the Registrant Organization of the asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantOrgs.lastSeen
description: Date and time when the Registrant Organization of the asset was last seen.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantOrgs.recent
description: If the Registrant Organization of the asset is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrantOrgs.current
description: If the Registrant Organization of the asset is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetAdminContacts.value
description: Administrator Contact of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetAdminContacts.firstSeen
description: Date and time when the Administrator Contact of the asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetAdminContacts.lastSeen
description: Date and time when the Administrator Contact of the asset was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetAdminContacts.recent
description: If the Administrator Contact of the asset is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetAdminContacts.current
description: If the Administrator Contact of the asset is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetTechnicalContacts.value
description: Technical Contact of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetTechnicalContacts.firstSeen
description: Date and time when the Technical Contact of the asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetTechnicalContacts.lastSeen
description: Date and time when the Technical Contact of the asset was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetTechnicalContacts.recent
description: If the Technical Contact of the asset is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetTechnicalContacts.current
description: If the Technical Contact of the asset is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetNameServers.value
description: Name Server of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetNameServers.firstSeen
description: Date and time when the Name Server of the asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetNameServers.lastSeen
description: Date and time when the Name Server of the asset was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetNameServers.recent
description: If the Name Server of the asset is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetNameServers.current
description: If the Name Server of the asset is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetMailServers.value
description: Mail Server of the asset.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetMailServers.firstSeen
description: Date and time when the Mail Server of the asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetMailServers.lastSeen
description: Date and time when the Mail Server of the asset was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetMailServers.recent
description: If the Mail Server of the asset is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetMailServers.current
description: If the Mail Server of the asset is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetWhoisServers.value
description: Whois Server of the domain.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetWhoisServers.firstSeen
description: Date and time when the Whois Server of the domain was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetWhoisServers.lastSeen
description: Date and time when the Whois Server of the domain was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetWhoisServers.recent
description: If the Whois Server of the domain is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetWhoisServers.current
description: If the Whois Server of the domain is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetDomainStatuses.value
description: Domain Status of the domain.
type: String
- contextPath: RiskIQDigitalFootprint.Asset.assetDomainStatuses.firstSeen
description: Date and time when the Domain Status of the domain was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetDomainStatuses.lastSeen
description: Date and time when the Domain Status of the domain was most recently observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetDomainStatuses.recent
description: If the Domain Status of the domain is recent.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetDomainStatuses.current
description: If the Domain Status of the domain is current.
type: Boolean
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarCreatedAt.value
description: Date and time when the Registrar of the asset was created.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarCreatedAt.firstSeen
description: Date and time when the Registrar's created date of the asset was first observed.
type: Date
- contextPath: RiskIQDigitalFootprint.Asset.assetRegistrarCreatedAt.lastSeen
description: Date and time when the Registrar's created date of the asset was most recently observed.
type: Date