Skip to main content

DeHashed

This Integration is part of the DeHashed Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This integration allows you to check if your personal information such as your email, username, or password is being compromised.

Configure DeHashed in Cortex#

ParameterDescriptionRequired
credentialsUsernameTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
email_dbot_scoreEmail Severity: The DBot reputation for compromised emails (SUSPICIOUS or MALICIOUS)False
Source ReliabilityReliability of the source providing the intelligence data.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

dehashed-search#


Performs a search to check if information is compromised.

Base Command#

dehashed-search

Input#

Argument NameDescriptionRequired
asset_typeIf you select the "all fields" option, the search is performed on all fields with the specified value entered in the "value" argument, and you don't have to pass the "operation" argument.Required
valueThe searched value.Required
operationSearch operator. Can be "is", "contains", or "regex".Required
pageThe number of page to return. Each page contains a maximum of 5,000 results. entries.Optional
results_fromStarting result number to display. Default is 0. Dehashed response can include more than 5,000 results.Optional
results_toEnding result number to display. Default is 100. Dehashed response can include more than 5,000 results.Optional

Context Output#

PathTypeDescription
DeHashed.Search.IdStringID of the object.
DeHashed.Search.EmailStringEmail address of the object.
DeHashed.Search.UsernameStringUsername of the object.
DeHashed.Search.PasswordStringPassword of the object.
DeHashed.Search.HashedPasswordStringHashed password of the object.
DeHashed.Search.NameStringName of the object.
DeHashed.Search.VinNumberVehicle identification of the object.
DeHashed.Search.AddressStringAddress of the object.
DeHashed.Search.IpDddressNumberIP address of the object.
DeHashed.Search.PhoneNumberPhone number of the object.
DeHashed.Search.ObtainedFromStringSource of the object.
Dehashed.LastQuery.ResultsFromNumberThe value of the "results_from" argument that was passed in the last query.
Dehashed.LastQuery.ResultsToUnknownThe value of the "results_to" argument that was passed in the last query.
Dehashed.LastQuery.TotalResultsNumberThe total number of entries returned from the last query.
Dehashed.LastQuery.DisplayedResultsNumberThe number of entries that were displayed in Cortex XSOAR from the last query.

Command Example#

!dehashed-search asset_type=all_fields operation=contains value=or-gal@gmail.com results_to=4 results_from=0 !dehashed-search asset_type=email operation=is value=or-gal@gmail.com page=1 !dehashed-search asset_type=name operation=contains value=gal,gil,test1 results_from=2 results_to=30 page=3 !dehashed-search asset_type=name operation=regex value=joh?n(ath[oa]n)

Human Readable Output#

email#


Checks if an email address was compromised.

Base Command#

email

Input#

Argument NameDescriptionRequired
emailThe email address to check.Required

Context Output#

PathTypeDescription
DeHashed.Search.IdStringID of the object.
DeHashed.Search.EmailStringEmail address of the object.
DeHashed.Search.UsernameStringUsername of the object.
DeHashed.Search.PasswordStringPassword of the object.
DeHashed.Search.HashedPasswordStringHashed password of the object.
DeHashed.Search.NameStringName of the object.
DeHashed.Search.VinNumberVehicle identification of the object.
DeHashed.Search.AddressStringAddress of the object.
DeHashed.Search.IpDddressNumberIP address of the object.
DeHashed.Search.PhoneNumberPhone number of the object.
DeHashed.Search.ObtainedFromStringSource of the object.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.

Command Example#

!email email=or-gal@gmail.com

Human Readable Output#