Submit a Have I Been Pwned? lookup with Threat Intelligence

Submit Have I Been Pwned? lookups on domain names and email addresses from Threat Intelligence to determine whether a user's personal data has suffered a data breach.

Before you begin

The Security Operations Have I Been Pwned? Integration plugin must be activated.

Role required: sn_ti.write

Procedure

  1. Navigate to Threat Intelligence > IoC Lookup > Lookups.
    The Lookups list shows all lookups, including those lookups that have not yet executed and those lookups that are complete. Each lookup includes an automatically generated lookup name that identifies the file, hash value, URL, or IP address selected.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Note: Not all fields are supported by all integrated lookup sources.
    Table 1. IoC Lookup
    Field Description
    Number The auto-generated record number for this request.
    Lookup Source Select Have I been pwned?.
    Type Select the type of lookup to perform: Email or URL.
    Value The email address or URL to perform the lookup.
    State The current state of the request.
    Time requested The date and time the request was created.
    Requested by The name of the requester.
    Status message A status message generated by the third-party lookup source.
    Reference The URL of the third-party lookup source.
    Raw response The raw results of the lookup form the selected lookup source. To view this field, you must personalize the form and add the Raw response field.
  4. Click Submit.
    The new lookup appears in the Lookups list.
  5. Click the SCN number to view the status of the lookup.
    The Have I Been Pwned? lookup returns a combination of this information:
    • title
    • name
    • domain name
    • breach date
    • added date
    • PwnCount
    • Description
    • DataClasses
    • Passwords
    • IsVerified (true/false)
    • IsSensitive (true/false)
    • IsActive (true/false)
    • IsRetired (true/false)
    • IsSpamList (true/false)
    • LogoType