DeHashed

This integration allows you to check if your personal information such as your email, username, or password is being compromised. This integration was integrated and tested with version xx of DeHashed

Configure DeHashed on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for DeHashed.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
credentialsUsernameTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
email_dbot_scoreEmail Severity: The DBot reputation for compromised emails (SUSPICIOUS or MALICIOUS)False
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

dehashed-search


Performs a search to check if information is compromised.

Base Command

dehashed-search

Input

Argument NameDescriptionRequired
asset_typeIf you select the "all fields" option, the search is performed on all fields with the specified value entered in the "value" argument, and you don't have to pass the "operation" argument.Required
valueThe searched value.Required
operationSearch operator. Can be "is", "contains", or "regex".Required
pageThe number of page to return. Each page contains a maximum of 5,000 results. entries.Optional
results_fromStarting result number to display. Default is 0. Dehashed response can include more than 5,000 results.Optional
results_toEnding result number to display. Default is 100. Dehashed response can include more than 5,000 results.Optional

Context Output

PathTypeDescription
DeHashed.Search.IdStringID of the object.
DeHashed.Search.EmailStringEmail address of the object.
DeHashed.Search.UsernameStringUsername of the object.
DeHashed.Search.PasswordStringPassword of the object.
DeHashed.Search.HashedPasswordStringHashed password of the object.
DeHashed.Search.NameStringName of the object.
DeHashed.Search.VinNumberVehicle identification of the object.
DeHashed.Search.AddressStringAddress of the object.
DeHashed.Search.IpDddressNumberIP address of the object.
DeHashed.Search.PhoneNumberPhone number of the object.
DeHashed.Search.ObtainedFromStringSource of the object.
Dehashed.LastQuery.ResultsFromNumberThe value of the "results_from" argument that was passed in the last query.
Dehashed.LastQuery.ResultsToUnknownThe value of the "results_to" argument that was passed in the last query.
Dehashed.LastQuery.TotalResultsNumberThe total number of entries returned from the last query.
Dehashed.LastQuery.DisplayedResultsNumberThe number of entries that were displayed in Cortex XSOAR from the last query.

Command Example

!dehashed-search asset_type=all_fields operation=contains value=or-gal@gmail.com results_to=4 results_from=0 !dehashed-search asset_type=email operation=is value=or-gal@gmail.com page=1 !dehashed-search asset_type=name operation=contains value=gal,gil,test1 results_from=2 results_to=30 page=3 !dehashed-search asset_type=name operation=regex value=joh?n(ath[oa]n)

Human Readable Output

email


Checks if an email address was compromised.

Base Command

email

Input

Argument NameDescriptionRequired
emailThe email address to check.Required

Context Output

PathTypeDescription
DeHashed.Search.IdStringID of the object.
DeHashed.Search.EmailStringEmail address of the object.
DeHashed.Search.UsernameStringUsername of the object.
DeHashed.Search.PasswordStringPassword of the object.
DeHashed.Search.HashedPasswordStringHashed password of the object.
DeHashed.Search.NameStringName of the object.
DeHashed.Search.VinNumberVehicle identification of the object.
DeHashed.Search.AddressStringAddress of the object.
DeHashed.Search.IpDddressNumberIP address of the object.
DeHashed.Search.PhoneNumberPhone number of the object.
DeHashed.Search.ObtainedFromStringSource of the object.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example

!email email=or-gal@gmail.com

Human Readable Output