Emails Exposed in Data Breach

Number of APIs: 3

What does this collection do?

This collection checks if your organization' accounts have been compromised in a data breach. It is designed to be set up as a Qodex Monitor to periodically scan all the employees personal and work accounts against the data of haveibeenpwned.com. It uses Rippling to fetch employees' details and uses a Slack webhooks to inform your security team.

Requirements

  • Get an API Key from Rippling.
  • Get an API Key from haveibeenpwned.com
  • Get a Slack webhook.
  • Set the following environment variables:
    • rippling_token: The API key you got from Rippling.
    • hibp_key: The API key you got from haveibeenpwned.com
    • slack_url: The webhook you got from slack.com
    • slack_channel: The name of the channel in Slack where you want to receive these notifications. e.g. #security
    • offset: The number of days you want to go back when checking for a data breach. e.g. 365, will check for all the data breach that happened in the past one year.

Results

At the end of each run, you'll receive a Slack message for each account that was exposed in a data breach.

After each successful collection run, you'll receive the following message, informing you the number of employees' account checked for the exposed credentials.

  1. Get employees GET {{rippling_url}}/platform/api/employees?limit=10

  2. Check employee email GET {{hibp_url}}/api/v3/breachedaccount/{{email}}?truncateResponse=false

  3. Success POST {{slack_url}}