The Polarity - Flashpoint integration queries the indicators, reports, and forums endpoints in Flashpoint for IPs, domains, CVEs, and file hashes. These capabilities enable analysts to have a complete threat picture of indicators Flashpoint has information on, even enabling the analyst to quickly pivot to Flashpoint for further analysis.

Flashpoint Solutions

Threat: With the Flashpoint integration threat analysts can easily see if a domain, IP hash or CVE is of potential risk to their organization and adjust their internal threat information appropriately.

Threat Hunting: Threat hunters utilize the Flashpoint integration to gain quick insights into threat information on indicators. Enabling quick triage of the indicators analysts are going through to determine if there are any threats before issues occur.

Malware Analysis: Analysts reversing malware or drilling into potential malware in their environment can quickly gain insight into other reports and forums that are discussing the malware file hash and pivot to Flashpoint for further analysis.

Configuring Flashpoint

This integration requires you to complete a few extra steps in order to use it.

In order to use the Polarity - Flashpoint integration configuration of the integration is required.

Integration is free to use up to 1000 queries a day.

Configuration Options

API Url - The base url for the Flashpoint API. By default, the Polarity - Flashpoint integration sets the url that Flashpoint utilizes.

API Key - An API key is required in order to use the Flashpoint integration. To locate and or generate a Flashpoint API key, navigate to the API and Integrations page under fp.tools.

Ignore List or Ignore Regex - Flashpoint Integration enables the ability to set a regex to match domains or IPs to be ignored or add in a comma-separated list, so the integration will never look them up in Flashpoint. This is typically used for sensitive information or company domains.