Skip to content
knowledge base

Knowledge Base

Platform Resources and Know-how

AddAssets API

The AddAssets API allows developers to add assets (domains) to the platform. You can add multiple assets in a single request using this API. There are two sections on the Assets page of the Platform where assets can be added: Managed by Brand Managed by Affiliates The section where the assets are added is determined […]

Enhanced Role-Based Access Control (RBAC) System

Overview This release introduces enhanced access control, allowing for module-level Read-Write and Admin access. The system now supports four distinct user roles, each with specific permissions and visibility within the platform. User Roles & Permissions 1. Admin Functionality: Admins act as Super Admins with comprehensive Read-Write (RW) access to all modules. They have the authority […]

Microsoft 365 Exchange/Defender Connector

This page captures detail step to be follow by Bolster Customer to successfully integrate Microsoft 365 Exchange/Defender with Bolster platform. It allows Bolster created Microsoft Entra registered application to manage your Exchange online for adding/remove bolster identified malicious URLs/domains using tenant allow blocklist Step 1. Prerequisite Steps To be Followed on Customer Microsoft Account 1. Go […]

Slack

Playbook Connectors for Slack You can add connectors to Slack channels so that playbooks can route data to those channels. Before You Start Adding a Slack connector requires adding a custom app to your Slack instance. Ask your Slack admin if you have permission to add apps. Step 1: Generate the Slack token Use the […]

API

Playbook Connector for APIs The playbook connector for APIs allows you to define custom HTTP requests to deliver your playbook data to any destination system that offers an API for integration. Here are some examples: Alerting: Integrating a playbook with a simple notification API, like Slack or Twilio, can help you monitor when a playbook […]

XSOAR

Setting Up Integration Between XSOAR and Platform Using Generic Webhooks 1. Login to XSOAR Access your XSOAR instance using your login credentials. 2. Go to Marketplace and Install Generic Webhooks Navigate to the Marketplace within XSOAR. Search for “Generic Webhooks”. Install the “Generic Webhooks” integration. 3. Go to Settings > Integrations > Instances Navigate to […]

Splunk

Setup New HTTP Event Collector Input in Splunk and Send Data This document provides step-by-step instructions on how to add a new HTTP Event Collector (HEC) input in Splunk and how to send data to it using Postman. Steps to Create HTTP Event Collector in Splunk 1. Login to Splunk Open your Splunk instance and […]

ThreatConnect

Steps to Set Up HTTP Source Collection. — ThreatConnect 1. Login to ThreatConnect Open your ThreatConnect account and log in with your credentials. 2. Navigate to Playbooks 3. Click on “New“ button to create webhook trigger 4. Create a Playbook a. On the top navigation bar, click Playbooks to display the Playbooks screen. b. Create […]

Jira

Integrating Jira with Bolster Platform In Jira: 1. Login to Jira: Open Jira and log in with your credentials. 2. Select the Desired Project: Navigate to the desired project. 3. Access Project Settings: Click on the project settings gear icon in the lower-left corner. 4. Set Up Automation: Click on Automation in the project settings […]

Microsoft Sentinel

Setup Integration between Microsoft Sentinel and Platform Microsoft Sentinel is a cloud-native security management solution running in the Microsoft cloud. You can integrate Microsoft Sentinel with the Delinea Platform with webhooks. Prerequisites Ensure you have all required accounts and utilities before starting the integration: A Microsoft subscription Access to the Microsoft Portal A Log Analytics […]

Tines

This document provides step-by-step instructions on how to set up a web hook in Tines. Setting Up a Web Hook in Tines Login to Tines Open your Tines instance and log in with your credentials. Navigate to Favorites Click on the Profile Icon. Click on Favorites in the menu. Create a New Story In Favorite Stories, […]

Microsoft Teams

Steps to Send Data from Platform to Microsoft Teams In Microsoft Teams: Login to Teams: Open the Microsoft Teams application and log in with your credentials. Select or Create a Channel: Navigate to the desired team and either open an existing channel or create a new one by clicking on the + icon. Add the desired members […]

Sumo Logic

Steps to Set Up HTTP Source Collection Login to Sumo Logic Open your Sumo Logic account and log in with your credentials. Navigate to Collection Click to expand Manage Data Click on Collection. 3. Setup Wizard In the Collection page, click on Setup Wizard. The Let’s Get Started screen will open. 4. Integrate with Sumo Logic Click Integrate with Sumo Logic. […]

Save Custom Filters

You have the ability to save and reuse filter combinations, referred to as “views.” You can name these views and edit both the views and associated filters. They have the option to create filters for personal use or for their brand. When creating filters, we’ve implemented real-time search and filtering capabilities for a seamless experience. […]

Custom Tags

This feature allows you to create a custom tag for a finding, which can then be saved for personal use or your team for future use. You can easily assign or remove custom tags from findings, just like they would with the pre-provided tags.  To edit or delete your custom tag, simply click on the […]

DomainTest API

This API allows you to test whether a domain/URL is already in the system.  It will return whether it is in the Bolster system and the disposition.   For example, some Bolster customers have service desks where they interface with their customers.  Those customers may submit a malicious URL they have found.  The action would […]

LiveSites API

This API command will return a list of all the Domains/URLs that are/were live during a particular time period. For instance, if the time period was Sept 1, 2023 to Sept 31, 2023, it would return all the sites that were live during that time despite their current status.   Step 1: Locate your API key […]

Takendown-LiveSites API

This API call will return all the Domains/URLs that were detected and/or takedown during a specified time period. Not every detection will be taken down in the specified time period and not every takedown will have been detected in the specified time period. Obviously, this will depend on the time period selected.   The API call […]

Using CheckPhish Domain Monitoring

Getting started with CheckPhish is as easy as entering the domain to monitor.

Takedown API

In addition to requesting takedowns from the Bolster platform, you can now also submit takedown requests via our API. To get started, follow the steps below: Step 1: Locate your API key Before making takedown requests through the API, you’ll need to have your Bolster API key. Here’s how you can find it: Step 2: […]

Accessing Playbook Results from XSOAR

Cortex XSOAR provides security orchestration and automation features that align with the automation provided with Bolster playbooks. You can integrate Bolster playbooks with XSOAR playbooks by configuring access to the Bolster Latest-Results API. Prerequisites Integration Steps in XSOAR 2. Click the Upload Integration button. 3. Select the file identified in the Prerequisites section above. Once […]

What’s CheckPhish?

CheckPhish is a real-time URL and website scanner. It offers a small subset of the functionality included in the Bolster Platform. Once a URL is submitted to CheckPhish, our engine spins up an automated headless browser to capture a live screenshot, natural language content on the webpage, DOM, WHOIS, and other essential information. The engine […]

Using Marketplace Search Terms

Use Marketplace search terms to define the Marketplace findings of interest. A search term consists of: Example To find: Enter this: Platform: Amazon Product Category: Technology Value: Bolster Available Categories Value Guidelines

Using Social Media Search Terms

Use Social Media search terms to define the Social Media findings of interest. A search term consists of: Example To find: Enter this: Platform: Facebook posts Category: Crypto scams Value: Bolster Available Categories Value Guidelines

Bolster Insights

The Insights page displays when you drill into findings/detections. For example, you can click the URL for a finding in your Scan page results. Use the Insights page to: Sections Scan Results The Scan Results section displays the basic data points collected for the website. This is the information that Bolster sends to the abuse […]

The Role of AI/ML in Bolster Threat Assessment

Bolster integrates AI/ML technologies into the platform to optimize and automate the processes required to detect and monitor potential threats. Search Algorithms The search algorithms that drive the domain variant monitoring use AI to determine likely variants based on the domains you have registered with the platform. With a list of likely variants, the Bolster […]

Accessing Reports

If you licensed reports, each report displays in the Reports screen. Click Email to send the PDF via email, or click Download PDF to get the PDF on your device.

App Store Dashboard

The App Store dashboard gives you a snapshot of your defense activities on popular app stores. Monitor app stores to detect threats like: a statistics for app store points of interest b detections to monitor c analytics to drill into underlying data Points of Interest The top section lists the statistics of interest when monitoring […]

Marketplace Dashboard

The Marketplace dashboard gives you a snapshot of products and logos associated with your brand that appear on ecommerce sites. a statistics for marketplace points of interest b detections to monitor c analytics to drill into underlying data Marketplace Points of Interest The top section lists the statistics of interest when monitoring potential threats. Type […]

Social Media Dashboard

The Social Media dashboard gives you a snapshot of your defense activities across social media platforms. Monitor social medial to detect threats like: a statistics for social media points of interest b detections to monitor c analytics to drill into underlying data Social Media Points of Interest The top section lists the statistics of interest […]

Intro to Assets

An important part of configuring the Bolster platform is cataloging your online assets in the Assets database. Cataloging your online assets achieves the following goals: Types of Assets Bolster considers more than just your URLs and logos. Here’s a list of the materials you can upload to our database: Adding Logo Assets To add logo […]

Dispositions for Websites

The Bolster platform applies the following dispositions to websites after scanning:

URL Construction Field and Typosquat Variants

Bolster uses AI, natural language processing, text analytics, and other technology to determine whether a site needs further investigation. The URL Construction field displays important information resulting from these analyses.

Scanning URLs

Use the Scan screen to check a list of up to 10 website URLs for potential threats without exposing yourself to those threats. For example, if a customer reports phishing attempts using your company’s brand, you can safely check the URL related to that attempt. This feature is intended for use with websites only. If […]

Scan APIs for CheckPhish Users

Let’s get started with Phishing Detection APIs Bolster Scan APIs can detect following scams and categories in real-time. Request Your Free API Key Try out Phishing Detection APIs for free. 250 scans per month are completely free. No credit card required. Sign up for your API key here How to Use APIs Step 1: Submit URL […]

Playbook Connectors for Slack

You can add connectors to Slack channels so that playbooks can route data to those channels.

Playbook Connector for APIs

The playbook connector for APIs allows you to define custom HTTP requests to deliver your playbook data to any destination system that offers an API for integration. Here are some examples: Alerting: Integrating a playbook with a simple notification API, like Slack or Twilio, can help you monitor when a playbook returns results and route […]

Best Practices: Reviewing Web Findings

The best way to review and address findings in the Web Module will vary by organization. Here’s a good practice to start with.

Intro to Automating with Playbooks

Use playbooks to automate routing of findings to the appropriate people and apps for further actions. Playbooks are available for the following modules: Components of a Playbook A playbook consists of: The output definition defines the attributes to include and in what format. The query selects the data to be sent. The connector defines the […]

Referrer URL Scanning with Phishing Detection APIs

The referrer URLs in your web server logs provide valuable information on where your site visitors are coming from. You can use these URLs with Bolster Phishing Detection APIs to help identify phishing websites that are targeting your brand. Bolster’s engine detects phishing on such URLs in real-time and helps you identify users who might […]

Playbook APIs

What Are Bolster Playbook APIs? Bolster Playbook APIs are the API translations of the output of a Bolster Playbook. Every time a configured Bolster Playbook runs and has results, the results are published in Bolster’s cloud temporarily for 72 hours (as well as sent to any connector destinations the customer has configured for the playbook). […]

Intent Detection – Categories

Bolster categorizes findings into these intent categories.

Phishing and Fraudulent Site Detection API

The Bolster Scan API can detect the following scams and threat categories in real-time: Use the Scan API to submit the URLs you would like to have scanned. You can submit for a quick scan or full scan. Your Bolster enterprise license determines the limit on the number of scan requests you can submit. Before […]

Using Tags to Annotate Detections

Adding a tag to each finding helps you categorize findings for next steps. Bolster provides a basic set of tags to use with any module except Dark Web.

Microsoft Teams Connector for Bolster Playbooks

If you want your playbook to route findings to Microsoft Teams, you’ll need to set up the Microsoft Teams Connector.

Single Sign On (SSO) with Ping Identity

You can use Ping Identity to implement single sign-on functions (SSO) for Bolster. Before You Start You will need the following items before starting the PingOne integration: Contact Bolster support to obtain the URLs. Step 1: Create the PingOne App for Bolster 5. Choose Manually Enter Application Metadata and enter the following values: 6. Click […]

Single Sign On (SSO) with OneLogin

1- Login OneLogin as administrator 2- Switch to ‘Administration’ mode 3- Choose ‘Applications’ from menu 4- Click on ‘Add App’ button 5- Search ‘SAML Custom’ in the search box and choose ‘SAML Custom Connector (Advanced)’ from search result 6- In the ‘Add SAML Custom Connector (Advanced)’ UI, enter ‘Bolster Platform’ or anything preferred as display […]

Single Sign On (SSO) with Okta / SAML

This document describes the sequence of steps to enable Single-Sign On for the Bolster Platform. We currently support the following SSO integration Option: Step 1: Create Okta App for Bolster Platform Task 1: Launch the Wizard Task 2: Configure initial settings Step 2: Download and Share Metadata Download the metadata file by right click on […]

Single Sign On (SSO) with Azure AD / SAML

The Bolster platform supports Security Assertion Markup Language (SAML) 2.0 to enable Single Sign On (SSO) for user access. The steps below are meant to highlight how to perform this type of integration with Azure Active Directory (AD). Step 1: Create Active Directory SAML App following this tutorial Perform basic SAML Configuration with the following values: […]

Single Sign On (SSO) with Okta OIDC

This document describes the sequence of steps to enable Single-Sign On for the Bolster Platform. We currently support the following SSO integration Option: Step 1: Create Okta App for Bolster Platform Task 1: Launch the Wizard Task 2: Configure initial settings Task 3: Configure OIDC settings Step 2: Collect information Please send a screen-shot of […]

Web Dashboard

The Web Dashboard gives you a snapshot of your web defense activities.

Use Cases: Dark Web

The Dark Web module extends the Bolster Web module by detecting potential threats from anonymous sites. These sites include marketplaces, forums, and paste sites used for selling sensitive information. The following diagram illustrates a typical approach for using the Dark Web module to mitigate most use cases. Basic use cases for the Dark Web module […]

Creating Web Playbooks from a Template

The easiest way to start a playbook for the Web module is with a template. Bolster provides starting templates for routing data automatically to the right people and apps.

Dark Web Threat Actors

The Dark Web Threat Actors screen lists information about the users posting potential threats on the Dark Web. Use this screen to:

Dark Web Ignored Findings

The Dark Web Ignored Findings screen lists the potential threats you have decided to leave out of your defense activities. Use this screen to:

Dark Web Mitigated Findings

The Dark Web Mitigated Findings screen lists the findings you have set to Mitigated status. Use this screen to:

Dark Web Active Findings

The Dark Web Active Findings screen lists the potential threats to your brand found on the Dark Web based on search terms you add. Use this screen to:

Dark Web Dashboard

The Dark Web dashboard gives you a snapshot of your Dark Web defense activities.

Playbook Templates

Use playbook templates to start with a pre-defined query for your Web module playbook.

Playbooks and Connectors

Use connectors to configure a playbook with information about how to handle the results of the query you have selected or defined. For example, to automate routing of query results to an email address, you would select the Email connector. Connectors specify: the app to send the results to any additional information needed to establish […]

Creating Playbooks from Scratch

Creating a playbook from scratch means you define the query as well as the schedule and destination.

Using Dark Web Search Terms

Use Dark Web search terms to define the Dark Web findings of interest.

2024 Mid-Year Phishing Report

Protect Your Business from Evolving Phishing and Election Scams

bs-stop-the-steal
Master BEC Defense

Protect Your Business from BEC Scams with Our Latest Whitepaper

Dark Web for Dummies E-Book

Unlock the Secrets of the Dark Web with Our Latest E-book

llms-whitepaper
New Whitepaper

Protect Your Business From Multi-Channel Attacks Using AI Technology

Domain Risk Report

Want Visibility into Your Domain Threats? Get Your Free Domain Risk Report Now!