Emails Exposed in Data Breach
Number of APIs: 3
What does this collection do?
This collection checks if your organization' accounts have been compromised in a data breach. It is designed to be set up as a Qodex Monitor to periodically scan all the employees personal and work accounts against the data of haveibeenpwned.com. It uses Rippling to fetch employees' details and uses a Slack webhooks to inform your security team.
Requirements
- Get an API Key from Rippling.
- Get an API Key from haveibeenpwned.com
- Get a Slack webhook.
- Set the following environment variables:
rippling_token
: The API key you got from Rippling.hibp_key
: The API key you got from haveibeenpwned.comslack_url
: The webhook you got from slack.comslack_channel
: The name of the channel in Slack where you want to receive these notifications. e.g. #securityoffset
: The number of days you want to go back when checking for a data breach. e.g. 365, will check for all the data breach that happened in the past one year.
Results
At the end of each run, you'll receive a Slack message for each account that was exposed in a data breach.
After each successful collection run, you'll receive the following message, informing you the number of employees' account checked for the exposed credentials.
-
Get employees GET {{rippling_url}}/platform/api/employees?limit=10
-
Check employee email GET {{hibp_url}}/api/v3/breachedaccount/{{email}}?truncateResponse=false
-
Success POST {{slack_url}}