Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

All New Have I Been Pwned Domain Search APIs and Splunk Integration

published on 2023-08-14 19:55:10 UTC by Troy Hunt
Content:

Presently sponsored by: Unpatched devices keeping you up at night? Kolide can get your entire fleet updated in days. It's Device Trust for Okta. Watch the demo!

All New Have I Been Pwned Domain Search APIs and Splunk Integration

I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and gradually progressed through to the current day where he's getting into Python in Visual Studio Code. As I was writing the new domain search API for Have I Been Pwned (HIBP) over the course of this year, I was trying to explain to him how powerful APIs are:

Think of HIBP as one website that does pretty much one thing; you load it in your browser and search through data breaches which then display on the screen. But when you have an API, it's no longer just locked into your browser, it's in all sorts of other systems. Mobile apps, other websites, dashboards and if you really want, you can even integrate the lights in your room with HIBP! Why? How? Well, there's a Home Assistant integration for HIBP and being pwned in a new breach could raise an event there you can then use YAML to perform an action with, for example flashing a light red. That might be weird and unnecessary, but when you have an API, suddenly all these things you never thought of are possible.

It took Brett Adams less than a day after we released the new domain search API last Monday for him to reach out to me with one of those ideas. He wanted to build a Splunk app (Brett is a Splunk MVP so this was right up his alley) to surface breached data about an organisation's domains right into the place where so many security engineers spend their days. He just wanted 2 new APIs to make the user experience the best it could be:

  1. One that can show you the subscription level for someone's key
  2. One that can show you all the domains they're monitoring

That seems so ridiculously obvious, why didn't I think of that originally?! But hey, easy fix, so the next day Brett had his APIs. And today, you also have the APIs because they're now all publicly documented and ready for you to consume. You also have Brett's Splunk app and because he's published it to Splunkbase, you can go and pull it into your own Splunk instance, plug in your HIBP API key and it's job done!

I'll leave you with a bunch of screen caps from Brett's work, starting with a zoomed in grab of what I suspect folks will find the most valuable - the addresses on their domains and their appearances across breaches:

All New Have I Been Pwned Domain Search APIs and Splunk Integration

That's a fragment of the broader dashboard that also breaks down the incidents over time:

All New Have I Been Pwned Domain Search APIs and Splunk Integration

The starting point for this is simply plugging your API key into the interface:

All New Have I Been Pwned Domain Search APIs and Splunk Integration

I like these headline figures and I picture particularly large organisations that have gone through various acquisitions of different brands with various domains finding this really useful:

All New Have I Been Pwned Domain Search APIs and Splunk Integration
All New Have I Been Pwned Domain Search APIs and Splunk Integration
All New Have I Been Pwned Domain Search APIs and Splunk Integration

And speaking of breaches, there's a lot of them which Brett has visualised across the course of time:

All New Have I Been Pwned Domain Search APIs and Splunk Integration

So that's it, you can see all the APIs documented on the HIBP website and you can grab Brett's app right now from Splunkbase. You can also find all the code for this in Brett's GitHub repo should you wish to have a read through it.

The HIBP APIs are there for other people to build awesome things. If you're one of those people, please get in touch with me and show me what you've created, I can't wait to see more integrations like Brett's 😊

Article: All New Have I Been Pwned Domain Search APIs and Splunk Integration - published over 1 year ago.

https://www.troyhunt.com/all-new-have-i-been-pwned-domain-search-apis-and-splunk-integration/   
Published: 2023 08 14 19:55:10
Received: 2023 08 14 20:00:12
Feed: Troy Hunt's Blog
Source: Troy Hunt's Blog
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor