EASM endpoints

Overview

This API endpoint returns the list of assets that have been marked as False Positive.

Configuration

Parameters

• Domain (organizationId)

Secrets

• Auth Token (fortireconAuth)

After entering the required parameters and secrets, you can choose to manually enter the EASM endpoint fields, or simply paste the desired YAML.

Configure as YAML

withTemporalWindow: true
temporalWindow:
  duration: 5m
  offset: 5m
  tz: UTC
  format: RFC3339
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "page"
  pageSize: 100
  isZeroIndex: false
  request:
    responseType: json
    method: GET
    url: https://api.fortirecon.forticloud.com/easm/${parameters.organizationId}/breaches
    headers:
      - name: Authorization
        value: ${secrets.fortireconAuth}
    queryParams:
      - name: page
        value: "${pagination.pageNumber}"
      - name: size
        value: "${pagination.pageSize}"
      - name: start_date
        value: ${temporalWindow.from}
      - name: end_date
        value: ${temporalWindow.to}
  output:
    select: ".hits"
    map: "."
    outputMode: element

withTemporalWindow: true
temporalWindow:
  duration: 5m
  offset: 5m
  tz: UTC
  format: RFC3339
withAuthentication: false
withEnumerationPhase: false
collectionPhase:
  paginationType: "page"
  pageSize: 100
  isZeroIndex: false
  request:
    responseType: json
    method: GET
    url: https://api.fortirecon.forticloud.com/easm/${parameters.organizationId}/leaked_creds
    headers:
      - name: Authorization
        value: ${secrets.fortireconAuth}
    queryParams:
      - name: page
        value: "${pagination.pageNumber}"
      - name: size
        value: "${pagination.pageSize}"
      - name: start_date
        value: ${temporalWindow.from}
      - name: end_date
        value: ${temporalWindow.to}
  output:
    select: ".hits"
    map: "."
    outputMode: element

Manually Configure

Temporal Window

Toggle ON to add a temporal window for events. This repeatedly shifts the time window over which data is collected.

• Duration - 5 minutes (5m) as default, adjust based on your needs.

• Offset - initial offset should be 0 (the latest alert).

• Format - RCF3339

Authentication Phase

OFF

Enumeration Phase

OFF

Collection Phase

• Pagination Type* - pageNumber/PageSize

• Zero Index* - false

• Page Size* - 100

• Request

  • Response Type* - JSON

  • Method* - GET

  • URL* - https://api.fortirecon.forticloud.com/easm/${parameters.organizationId}/breaches

  • Headers -

    • Name - Authorization

    • Value - ${secrets.fortireconAuth}

  • Query params

    • Name - page

    • Value - ${pagination.pageNumber}

    • Name - Size

    • Value - ${pagination.pageSize}

    • Name - start_date

    • Value - ${temporalWindow.from}

    • Name - end_date

    • Value - ${temporalWindow.to}

• Output

  • Select - .hits

  • Map - .

  • Output Mode - element

Click Create labels to move on to the next step and define the required Labels if needed.