Knowledge Base
Platform Resources and Know-how
The AddAssets API allows developers to add assets (domains) to the platform. You can add multiple assets in a single request using this API. There are two sections on the Assets page of the Platform where assets can be added: Managed by Brand Managed by Affiliates The section where the assets are added is determined […]
Overview This release introduces enhanced access control, allowing for module-level Read-Write and Admin access. The system now supports four distinct user roles, each with specific permissions and visibility within the platform. User Roles & Permissions 1. Admin Functionality: Admins act as Super Admins with comprehensive Read-Write (RW) access to all modules. They have the authority […]
This page captures detail step to be follow by Bolster Customer to successfully integrate Microsoft 365 Exchange/Defender with Bolster platform. It allows Bolster created Microsoft Entra registered application to manage your Exchange online for adding/remove bolster identified malicious URLs/domains using tenant allow blocklist Step 1. Prerequisite Steps To be Followed on Customer Microsoft Account 1. Go […]
Playbook Connectors for Slack You can add connectors to Slack channels so that playbooks can route data to those channels. Before You Start Adding a Slack connector requires adding a custom app to your Slack instance. Ask your Slack admin if you have permission to add apps. Step 1: Generate the Slack token Use the […]
Playbook Connector for APIs The playbook connector for APIs allows you to define custom HTTP requests to deliver your playbook data to any destination system that offers an API for integration. Here are some examples: Alerting: Integrating a playbook with a simple notification API, like Slack or Twilio, can help you monitor when a playbook […]
Setting Up Integration Between XSOAR and Platform Using Generic Webhooks 1. Login to XSOAR Access your XSOAR instance using your login credentials. 2. Go to Marketplace and Install Generic Webhooks Navigate to the Marketplace within XSOAR. Search for “Generic Webhooks”. Install the “Generic Webhooks” integration. 3. Go to Settings > Integrations > Instances Navigate to […]
Setup New HTTP Event Collector Input in Splunk and Send Data This document provides step-by-step instructions on how to add a new HTTP Event Collector (HEC) input in Splunk and how to send data to it using Postman. Steps to Create HTTP Event Collector in Splunk 1. Login to Splunk Open your Splunk instance and […]
Steps to Set Up HTTP Source Collection. — ThreatConnect 1. Login to ThreatConnect Open your ThreatConnect account and log in with your credentials. 2. Navigate to Playbooks 3. Click on “New“ button to create webhook trigger 4. Create a Playbook a. On the top navigation bar, click Playbooks to display the Playbooks screen. b. Create […]
Integrating Jira with Bolster Platform In Jira: 1. Login to Jira: Open Jira and log in with your credentials. 2. Select the Desired Project: Navigate to the desired project. 3. Access Project Settings: Click on the project settings gear icon in the lower-left corner. 4. Set Up Automation: Click on Automation in the project settings […]
Setup Integration between Microsoft Sentinel and Platform Microsoft Sentinel is a cloud-native security management solution running in the Microsoft cloud. You can integrate Microsoft Sentinel with the Delinea Platform with webhooks. Prerequisites Ensure you have all required accounts and utilities before starting the integration: A Microsoft subscription Access to the Microsoft Portal A Log Analytics […]
This document provides step-by-step instructions on how to set up a web hook in Tines. Setting Up a Web Hook in Tines Login to Tines Open your Tines instance and log in with your credentials. Navigate to Favorites Click on the Profile Icon. Click on Favorites in the menu. Create a New Story In Favorite Stories, […]
Steps to Send Data from Platform to Microsoft Teams In Microsoft Teams: Login to Teams: Open the Microsoft Teams application and log in with your credentials. Select or Create a Channel: Navigate to the desired team and either open an existing channel or create a new one by clicking on the + icon. Add the desired members […]
Steps to Set Up HTTP Source Collection Login to Sumo Logic Open your Sumo Logic account and log in with your credentials. Navigate to Collection Click to expand Manage Data Click on Collection. 3. Setup Wizard In the Collection page, click on Setup Wizard. The Let’s Get Started screen will open. 4. Integrate with Sumo Logic Click Integrate with Sumo Logic. […]
You have the ability to save and reuse filter combinations, referred to as “views.” You can name these views and edit both the views and associated filters. They have the option to create filters for personal use or for their brand. When creating filters, we’ve implemented real-time search and filtering capabilities for a seamless experience. […]
This feature allows you to create a custom tag for a finding, which can then be saved for personal use or your team for future use. You can easily assign or remove custom tags from findings, just like they would with the pre-provided tags. To edit or delete your custom tag, simply click on the […]
This API allows you to test whether a domain/URL is already in the system. It will return whether it is in the Bolster system and the disposition. For example, some Bolster customers have service desks where they interface with their customers. Those customers may submit a malicious URL they have found. The action would […]
This API command will return a list of all the Domains/URLs that are/were live during a particular time period. For instance, if the time period was Sept 1, 2023 to Sept 31, 2023, it would return all the sites that were live during that time despite their current status. Step 1: Locate your API key […]
This API call will return all the Domains/URLs that were detected and/or takedown during a specified time period. Not every detection will be taken down in the specified time period and not every takedown will have been detected in the specified time period. Obviously, this will depend on the time period selected. The API call […]
Getting started with CheckPhish is as easy as entering the domain to monitor.
In addition to requesting takedowns from the Bolster platform, you can now also submit takedown requests via our API. To get started, follow the steps below: Step 1: Locate your API key Before making takedown requests through the API, you’ll need to have your Bolster API key. Here’s how you can find it: Step 2: […]
Cortex XSOAR provides security orchestration and automation features that align with the automation provided with Bolster playbooks. You can integrate Bolster playbooks with XSOAR playbooks by configuring access to the Bolster Latest-Results API. Prerequisites Integration Steps in XSOAR 2. Click the Upload Integration button. 3. Select the file identified in the Prerequisites section above. Once […]
CheckPhish is a real-time URL and website scanner. It offers a small subset of the functionality included in the Bolster Platform. Once a URL is submitted to CheckPhish, our engine spins up an automated headless browser to capture a live screenshot, natural language content on the webpage, DOM, WHOIS, and other essential information. The engine […]
Use Marketplace search terms to define the Marketplace findings of interest. A search term consists of: Example To find: Enter this: Platform: Amazon Product Category: Technology Value: Bolster Available Categories Value Guidelines
Use Social Media search terms to define the Social Media findings of interest. A search term consists of: Example To find: Enter this: Platform: Facebook posts Category: Crypto scams Value: Bolster Available Categories Value Guidelines
The Insights page displays when you drill into findings/detections. For example, you can click the URL for a finding in your Scan page results. Use the Insights page to: Sections Scan Results The Scan Results section displays the basic data points collected for the website. This is the information that Bolster sends to the abuse […]
Bolster integrates AI/ML technologies into the platform to optimize and automate the processes required to detect and monitor potential threats. Search Algorithms The search algorithms that drive the domain variant monitoring use AI to determine likely variants based on the domains you have registered with the platform. With a list of likely variants, the Bolster […]
If you licensed reports, each report displays in the Reports screen. Click Email to send the PDF via email, or click Download PDF to get the PDF on your device.
The App Store dashboard gives you a snapshot of your defense activities on popular app stores. Monitor app stores to detect threats like: a statistics for app store points of interest b detections to monitor c analytics to drill into underlying data Points of Interest The top section lists the statistics of interest when monitoring […]
The Marketplace dashboard gives you a snapshot of products and logos associated with your brand that appear on ecommerce sites. a statistics for marketplace points of interest b detections to monitor c analytics to drill into underlying data Marketplace Points of Interest The top section lists the statistics of interest when monitoring potential threats. Type […]
The Social Media dashboard gives you a snapshot of your defense activities across social media platforms. Monitor social medial to detect threats like: a statistics for social media points of interest b detections to monitor c analytics to drill into underlying data Social Media Points of Interest The top section lists the statistics of interest […]
An important part of configuring the Bolster platform is cataloging your online assets in the Assets database. Cataloging your online assets achieves the following goals: Types of Assets Bolster considers more than just your URLs and logos. Here’s a list of the materials you can upload to our database: Adding Logo Assets To add logo […]
The Bolster platform applies the following dispositions to websites after scanning:
Bolster uses AI, natural language processing, text analytics, and other technology to determine whether a site needs further investigation. The URL Construction field displays important information resulting from these analyses.
Use the Scan screen to check a list of up to 10 website URLs for potential threats without exposing yourself to those threats. For example, if a customer reports phishing attempts using your company’s brand, you can safely check the URL related to that attempt. This feature is intended for use with websites only. If […]
Let’s get started with Phishing Detection APIs Bolster Scan APIs can detect following scams and categories in real-time. Request Your Free API Key Try out Phishing Detection APIs for free. 250 scans per month are completely free. No credit card required. Sign up for your API key here How to Use APIs Step 1: Submit URL […]
You can add connectors to Slack channels so that playbooks can route data to those channels.
The playbook connector for APIs allows you to define custom HTTP requests to deliver your playbook data to any destination system that offers an API for integration. Here are some examples: Alerting: Integrating a playbook with a simple notification API, like Slack or Twilio, can help you monitor when a playbook returns results and route […]
The best way to review and address findings in the Web Module will vary by organization. Here’s a good practice to start with.
Use playbooks to automate routing of findings to the appropriate people and apps for further actions. Playbooks are available for the following modules: Components of a Playbook A playbook consists of: The output definition defines the attributes to include and in what format. The query selects the data to be sent. The connector defines the […]
The referrer URLs in your web server logs provide valuable information on where your site visitors are coming from. You can use these URLs with Bolster Phishing Detection APIs to help identify phishing websites that are targeting your brand. Bolster’s engine detects phishing on such URLs in real-time and helps you identify users who might […]
What Are Bolster Playbook APIs? Bolster Playbook APIs are the API translations of the output of a Bolster Playbook. Every time a configured Bolster Playbook runs and has results, the results are published in Bolster’s cloud temporarily for 72 hours (as well as sent to any connector destinations the customer has configured for the playbook). […]
Bolster categorizes findings into these intent categories.
The Bolster Scan API can detect the following scams and threat categories in real-time: Use the Scan API to submit the URLs you would like to have scanned. You can submit for a quick scan or full scan. Your Bolster enterprise license determines the limit on the number of scan requests you can submit. Before […]
Adding a tag to each finding helps you categorize findings for next steps. Bolster provides a basic set of tags to use with any module except Dark Web.
If you want your playbook to route findings to Microsoft Teams, you’ll need to set up the Microsoft Teams Connector.
You can use Ping Identity to implement single sign-on functions (SSO) for Bolster. Before You Start You will need the following items before starting the PingOne integration: Contact Bolster support to obtain the URLs. Step 1: Create the PingOne App for Bolster 5. Choose Manually Enter Application Metadata and enter the following values: 6. Click […]
1- Login OneLogin as administrator 2- Switch to ‘Administration’ mode 3- Choose ‘Applications’ from menu 4- Click on ‘Add App’ button 5- Search ‘SAML Custom’ in the search box and choose ‘SAML Custom Connector (Advanced)’ from search result 6- In the ‘Add SAML Custom Connector (Advanced)’ UI, enter ‘Bolster Platform’ or anything preferred as display […]
This document describes the sequence of steps to enable Single-Sign On for the Bolster Platform. We currently support the following SSO integration Option: Step 1: Create Okta App for Bolster Platform Task 1: Launch the Wizard Task 2: Configure initial settings Step 2: Download and Share Metadata Download the metadata file by right click on […]
The Bolster platform supports Security Assertion Markup Language (SAML) 2.0 to enable Single Sign On (SSO) for user access. The steps below are meant to highlight how to perform this type of integration with Azure Active Directory (AD). Step 1: Create Active Directory SAML App following this tutorial Perform basic SAML Configuration with the following values: […]
This document describes the sequence of steps to enable Single-Sign On for the Bolster Platform. We currently support the following SSO integration Option: Step 1: Create Okta App for Bolster Platform Task 1: Launch the Wizard Task 2: Configure initial settings Task 3: Configure OIDC settings Step 2: Collect information Please send a screen-shot of […]
The Web Dashboard gives you a snapshot of your web defense activities.
The Dark Web module extends the Bolster Web module by detecting potential threats from anonymous sites. These sites include marketplaces, forums, and paste sites used for selling sensitive information. The following diagram illustrates a typical approach for using the Dark Web module to mitigate most use cases. Basic use cases for the Dark Web module […]
The easiest way to start a playbook for the Web module is with a template. Bolster provides starting templates for routing data automatically to the right people and apps.
The Dark Web Threat Actors screen lists information about the users posting potential threats on the Dark Web. Use this screen to:
The Dark Web Ignored Findings screen lists the potential threats you have decided to leave out of your defense activities. Use this screen to:
The Dark Web Mitigated Findings screen lists the findings you have set to Mitigated status. Use this screen to:
The Dark Web Active Findings screen lists the potential threats to your brand found on the Dark Web based on search terms you add. Use this screen to:
The Dark Web dashboard gives you a snapshot of your Dark Web defense activities.
Use playbook templates to start with a pre-defined query for your Web module playbook.
Use connectors to configure a playbook with information about how to handle the results of the query you have selected or defined. For example, to automate routing of query results to an email address, you would select the Email connector. Connectors specify: the app to send the results to any additional information needed to establish […]
Creating a playbook from scratch means you define the query as well as the schedule and destination.
Use Dark Web search terms to define the Dark Web findings of interest.