Enricher - Flashpoint Forum Visits


This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.

Specifications

Enricher name

Flashpoint Forum Visits

Input

Company, ipv4, and registrar.

Output

Enriches supported observable types with indicators and related enrichment observables that provide details on forum visits/forum accesses from the input IP address, or forum accesses related to the company name or registrar information used as input.

API endpoint

https://fp.tools/api/v4/forums/visits

Description

The Flashpoint Forum Visits enricher provides information on a range of cyber threat data like IP addresses, domains, and geolocation information.
It polls Flashpoint's Deep & Dark Web Forum Dataset to help gather details about fraud tactics and techniques, accomplice recruitment, illegal drug trade, weapons, counterfeit items, and threat actor conversations on data breaches, exploits, emerging malware, crimeware, and ransomware.

Configure the enricher parameters

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Flashpoint Forum Visits enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://fp.tools/api/v4/forums/visits.

  4. In the Token field, enter a valid token associated with the Flashpoint account to access and consume the corresponding Flashpoint service.

  5. To store your changes, click Save; to discard them, click Cancel.

See also