apivoid provides several threat intelligence services ranging from IP, URL, Domain reputation to domain age and website screenshots.
This document provides information about the apivoid connector, which facilitates automated interactions with apivoid using FortiSOAR™ playbooks. Add the apivoid connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the reputation for specified email ID, IP addresses, domain names, etc, take high-quality screenshots of the specified website, or retrieving the domain registration date and domain age, in days, for the specified domain.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 6.4.4-3164
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-apivoid
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the apivoid connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | IP address or FQDN of the apivoid cloud platform. |
| API Key | API key that is configured for your account from apivoid.com for using the apivoid APIs. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onward:
| Function | Description | Annotation and Category |
|---|---|---|
| Get ThreatLog Domain Reputation | Queries the ThreatLog.com database of malicious domains based on the domain name specified, and if a matching domain is found, then the operation retrieves its reputation from ThreatLog.com. | threatlog Investigation |
| Get Domain Reputation | Checks if the specified domain name is blacklisted by trusted sources and retrieves its reputation from apivoid. | domainbl Investigation |
| Get IP Reputation | Checks and retrieves the reputation and geolocation of the specified IPv4 address from apivoid. | iprep Investigation |
| Get URL Screenshot | Allows you to take high-quality screenshots of any specified web page or URL. | screenshot Investigation |
| Get URL Reputation | Identifies potentially unsafe and phishing URLs and retrieves the reputation of the specified URL from apivoid. | urlrep Investigation |
| Get Domain Age | Retrieves the domain registration date and domain age, in days, from apivoid based on the domain name you have specified. | domainage Investigation |
| Get Domain Trustworthiness | Retrieves important details about the specified domain from apivoid to check whether the specified domain is legit. | sitetrust Investigation |
| Get Domain Parked Status | Retrieves the parked status information, i,e, parked, for sale, or Inactive, for the specified domain from apivoid. | parkeddomain Investigation |
| Get URL Status | Retrieves the URL status information, i,e, online or offline (down or not accessible), for the specified URL from apivoid. | urlstatus Investigation |
| Get Email Reputation | Retrieves the reputation for the specified email ID from apivoid, and provides information about the email , i.e., whether the email is disposable, suspicious/risky, has a valid format, etc. | emailverify Investigation |
| Get DNS Propagation | Checks if the DNS records of the specified domain have been propagated globally. | dnspropagation Investigation |
| Get URL HTML | Captures the HTML page source after JavaScript has been executed for a specified URL. | urltohtml Investigation |
| Get SSL Info | Retrieves information about the SSL certificate, i.e., whether the certificate is valid, expired, or blacklisted from apivoid, for the specified website. | sslinfo Investigation |
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain that you want to query for in the ThreatLog.com database and whose reputation you want to retrieve from ThreatLog.com. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain that you want to check for blacklisting by trusted sources and whose reputation you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| IP Address | IP address whose geolocation and reputation you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| URL | URL for which you want to capture the screenshot. |
The output contains the following populated JSON schema:
{
"data": {
"id": "",
"@id": "",
"file": {
"id": "",
"@id": "",
"file": [],
"size": "",
"@type": "",
"@context": "",
"filename": "",
"metadata": [],
"mimeType": "",
"thumbnail": "",
"uploadDate": ""
},
"name": "",
"type": "",
"@type": "",
"@context": "",
"createDate": "",
"createUser": {
"id": "",
"@id": "",
"name": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"@settings": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"modifyDate": "",
"modifyUser": {
"id": "",
"@id": "",
"name": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"@settings": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"recordTags": "",
"description": ""
},
"status": "",
"_status": "",
"message": "",
"operation": "",
"request_id": ""
}
| Parameter | Description |
|---|---|
| URL | URL for which you want to retrieve reputation information from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain name whose registration date and domain age, in days, you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain whose trustworthiness (check whether or not it is legit) information you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain whose parked status information, i.e., parked, for sale, or inactive, you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| URL | URL whose status information, i.e., online or offline (down or not accessible) you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Email Address | Email ID whose reputation information you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain whose DNS records propagation you want to check in apivoid. |
| Record Type | Type of DNS records you want to check for in apivoid. You can choose from the following options: A, AAAA, NS, MX, TXT, SRV, PTR, SOA, CNAME, SPF, or CAA. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| URL | URL whose HTML page source you want to capture. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Website whose SSL information, i.e., whether the SSL certificate is valid, expired, or blacklisted, needs to be validated and retrieved from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
The Sample - apivoid - 1.0.0 playbook collection comes bundled with the apivoid connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the apivoid connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
apivoid provides several threat intelligence services ranging from IP, URL, Domain reputation to domain age and website screenshots.
This document provides information about the apivoid connector, which facilitates automated interactions with apivoid using FortiSOAR™ playbooks. Add the apivoid connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the reputation for specified email ID, IP addresses, domain names, etc, take high-quality screenshots of the specified website, or retrieving the domain registration date and domain age, in days, for the specified domain.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 6.4.4-3164
Authored By: Fortinet
Certified: Yes
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-apivoid
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the apivoid connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | IP address or FQDN of the apivoid cloud platform. |
| API Key | API key that is configured for your account from apivoid.com for using the apivoid APIs. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from version 4.10.0 onward:
| Function | Description | Annotation and Category |
|---|---|---|
| Get ThreatLog Domain Reputation | Queries the ThreatLog.com database of malicious domains based on the domain name specified, and if a matching domain is found, then the operation retrieves its reputation from ThreatLog.com. | threatlog Investigation |
| Get Domain Reputation | Checks if the specified domain name is blacklisted by trusted sources and retrieves its reputation from apivoid. | domainbl Investigation |
| Get IP Reputation | Checks and retrieves the reputation and geolocation of the specified IPv4 address from apivoid. | iprep Investigation |
| Get URL Screenshot | Allows you to take high-quality screenshots of any specified web page or URL. | screenshot Investigation |
| Get URL Reputation | Identifies potentially unsafe and phishing URLs and retrieves the reputation of the specified URL from apivoid. | urlrep Investigation |
| Get Domain Age | Retrieves the domain registration date and domain age, in days, from apivoid based on the domain name you have specified. | domainage Investigation |
| Get Domain Trustworthiness | Retrieves important details about the specified domain from apivoid to check whether the specified domain is legit. | sitetrust Investigation |
| Get Domain Parked Status | Retrieves the parked status information, i,e, parked, for sale, or Inactive, for the specified domain from apivoid. | parkeddomain Investigation |
| Get URL Status | Retrieves the URL status information, i,e, online or offline (down or not accessible), for the specified URL from apivoid. | urlstatus Investigation |
| Get Email Reputation | Retrieves the reputation for the specified email ID from apivoid, and provides information about the email , i.e., whether the email is disposable, suspicious/risky, has a valid format, etc. | emailverify Investigation |
| Get DNS Propagation | Checks if the DNS records of the specified domain have been propagated globally. | dnspropagation Investigation |
| Get URL HTML | Captures the HTML page source after JavaScript has been executed for a specified URL. | urltohtml Investigation |
| Get SSL Info | Retrieves information about the SSL certificate, i.e., whether the certificate is valid, expired, or blacklisted from apivoid, for the specified website. | sslinfo Investigation |
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain that you want to query for in the ThreatLog.com database and whose reputation you want to retrieve from ThreatLog.com. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain that you want to check for blacklisting by trusted sources and whose reputation you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| IP Address | IP address whose geolocation and reputation you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| URL | URL for which you want to capture the screenshot. |
The output contains the following populated JSON schema:
{
"data": {
"id": "",
"@id": "",
"file": {
"id": "",
"@id": "",
"file": [],
"size": "",
"@type": "",
"@context": "",
"filename": "",
"metadata": [],
"mimeType": "",
"thumbnail": "",
"uploadDate": ""
},
"name": "",
"type": "",
"@type": "",
"@context": "",
"createDate": "",
"createUser": {
"id": "",
"@id": "",
"name": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"@settings": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"modifyDate": "",
"modifyUser": {
"id": "",
"@id": "",
"name": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"@settings": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"recordTags": "",
"description": ""
},
"status": "",
"_status": "",
"message": "",
"operation": "",
"request_id": ""
}
| Parameter | Description |
|---|---|
| URL | URL for which you want to retrieve reputation information from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain name whose registration date and domain age, in days, you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain whose trustworthiness (check whether or not it is legit) information you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain whose parked status information, i.e., parked, for sale, or inactive, you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| URL | URL whose status information, i.e., online or offline (down or not accessible) you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Email Address | Email ID whose reputation information you want to retrieve from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Name of the domain whose DNS records propagation you want to check in apivoid. |
| Record Type | Type of DNS records you want to check for in apivoid. You can choose from the following options: A, AAAA, NS, MX, TXT, SRV, PTR, SOA, CNAME, SPF, or CAA. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| URL | URL whose HTML page source you want to capture. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
| Parameter | Description |
|---|---|
| Domain Name | Website whose SSL information, i.e., whether the SSL certificate is valid, expired, or blacklisted, needs to be validated and retrieved from apivoid. |
The output contains the following populated JSON schema:
{
"result": "",
"status": ""
}
The Sample - apivoid - 1.0.0 playbook collection comes bundled with the apivoid connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the apivoid connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
