Platform Resources and Know-how
This API allows you to test whether a domain/URL is already in the system. It will return whether it is in the Bolster system and the disposition. For example, some Bolster customers have service desks where they interface with their customers. Those customers may submit a malicious URL they have found. The action would […]
This API command will return a list of all the Domains/URLs that are/were live during a particular time period. For instance, if the time period was Sept 1, 2023 to Sept 31, 2023, it would return all the sites that were live during that time despite their current status. Step 1: Locate your API key […]
This API call will return all the Domains/URLs that were detected and/or takedown during a specified time period. Not every detection will be taken down in the specified time period and not every takedown will have been detected in the specified time period. Obviously, this will depend on the time period selected. The API call […]
Getting started with CheckPhish is as easy as entering the domain to monitor.
In addition to requesting takedowns from the Bolster platform, you can now also submit takedown requests via our API. To get started, follow the steps below: Step 1: Locate your API key Before making takedown requests through the API, you’ll need to have your Bolster API key. Here’s how you can find it: Step 2: […]
Cortex XSOAR provides security orchestration and automation features that align with the automation provided with Bolster playbooks. You can integrate Bolster playbooks with XSOAR playbooks by configuring access to the Bolster Latest-Results API. Prerequisites Integration Steps in XSOAR 2. Click the Upload Integration button. 3. Select the file identified in the Prerequisites section above. Once […]
CheckPhish is a real-time URL and website scanner. It offers a small subset of the functionality included in the Bolster Platform. Once a URL is submitted to CheckPhish, our engine spins up an automated headless browser to capture a live screenshot, natural language content on the webpage, DOM, WHOIS, and other essential information. The engine […]
Use Marketplace search terms to define the Marketplace findings of interest. A search term consists of: Example To find: Enter this: Platform: Amazon Product Category: Technology Value: Bolster Available Categories Value Guidelines
Use Social Media search terms to define the Social Media findings of interest. A search term consists of: Example To find: Enter this: Platform: Facebook posts Category: Crypto scams Value: Bolster Available Categories Value Guidelines
The Insights page displays when you drill into findings/detections. For example, you can click the URL for a finding in your Scan page results. Use the Insights page to: Sections Scan Results The Scan Results section displays the basic data points collected for the website. This is the information that Bolster sends to the abuse […]
Bolster integrates AI/ML technologies into the platform to optimize and automate the processes required to detect and monitor potential threats. Search Algorithms The search algorithms that drive the domain variant monitoring use AI to determine likely variants based on the domains you have registered with the platform. With a list of likely variants, the Bolster […]
If you licensed reports, each report displays in the Reports screen. Click Email to send the PDF via email, or click Download PDF to get the PDF on your device.
The App Store dashboard gives you a snapshot of your defense activities on popular app stores. Monitor app stores to detect threats like: a statistics for app store points of interest b detections to monitor c analytics to drill into underlying data Points of Interest The top section lists the statistics of interest when monitoring […]
The Marketplace dashboard gives you a snapshot of products and logos associated with your brand that appear on ecommerce sites. a statistics for marketplace points of interest b detections to monitor c analytics to drill into underlying data Marketplace Points of Interest The top section lists the statistics of interest when monitoring potential threats. Type […]
The Social Media dashboard gives you a snapshot of your defense activities across social media platforms. Monitor social medial to detect threats like: a statistics for social media points of interest b detections to monitor c analytics to drill into underlying data Social Media Points of Interest The top section lists the statistics of interest […]
An important part of configuring the Bolster platform is cataloging your online assets in the Assets database. Cataloging your online assets achieves the following goals: Types of Assets Bolster considers more than just your URLs and logos. Here’s a list of the materials you can upload to our database: Adding Logo Assets To add logo […]
The Bolster platform applies the following dispositions to websites after scanning:
Bolster uses AI, natural language processing, text analytics, and other technology to determine whether a site needs further investigation. The URL Construction field displays important information resulting from these analyses.
Use the Scan screen to check a list of up to 10 website URLs for potential threats without exposing yourself to those threats. For example, if a customer reports phishing attempts using your company’s brand, you can safely check the URL related to that attempt. This feature is intended for use with websites only. If […]
Let’s get started with Phishing Detection APIs Bolster Scan APIs can detect following scams and categories in real-time. Request Your Free API Key Try out Phishing Detection APIs for free. 250 scans per month are completely free. No credit card required. Sign up for your API key here How to Use APIs Step 1: Submit URL […]
You can add connectors to Slack channels so that playbooks can route data to those channels.
The playbook connector for APIs allows you to define custom HTTP requests to deliver your playbook data to any destination system that offers an API for integration. Here are some examples: Alerting: Integrating a playbook with a simple notification API, like Slack or Twilio, can help you monitor when a playbook returns results and route […]
The best way to review and address findings in the Web Module will vary by organization. Here’s a good practice to start with.
Use playbooks to automate routing of findings to the appropriate people and apps for further actions. Playbooks are available for the following modules: Components of a Playbook A playbook consists of: The output definition defines the attributes to include and in what format. The query selects the data to be sent. The connector defines the […]
The referrer URLs in your web server logs provide valuable information on where your site visitors are coming from. You can use these URLs with Bolster Phishing Detection APIs to help identify phishing websites that are targeting your brand. Bolster’s engine detects phishing on such URLs in real-time and helps you identify users who might […]
What Are Bolster Playbook APIs? Bolster Playbook APIs are the API translations of the output of a Bolster Playbook. Every time a configured Bolster Playbook runs and has results, the results are published in Bolster’s cloud temporarily for 72 hours (as well as sent to any connector destinations the customer has configured for the playbook). […]
Bolster categorizes findings into these intent categories.
The Bolster Scan API can detect the following scams and threat categories in real-time: Use the Scan API to submit the URLs you would like to have scanned. You can submit for a quick scan or full scan. Your Bolster enterprise license determines the limit on the number of scan requests you can submit. Before […]
Adding a tag to each finding helps you categorize findings for next steps. Bolster provides a basic set of tags to use with any module except Dark Web.
If you want your playbook to route findings to Microsoft Teams, you’ll need to set up the Microsoft Teams Connector.
You can use Ping Identity to implement single sign-on functions (SSO) for Bolster. Before You Start You will need the following items before starting the PingOne integration: Contact Bolster support to obtain the URLs. Step 1: Create the PingOne App for Bolster 5. Choose Manually Enter Application Metadata and enter the following values: 6. Click […]
1- Login OneLogin as administrator 2- Switch to ‘Administration’ mode 3- Choose ‘Applications’ from menu 4- Click on ‘Add App’ button 5- Search ‘SAML Custom’ in the search box and choose ‘SAML Custom Connector (Advanced)’ from search result 6- In the ‘Add SAML Custom Connector (Advanced)’ UI, enter ‘Bolster Platform’ or anything preferred as display […]
This document describes the sequence of steps to enable Single-Sign On for the Bolster Platform. We currently support the following SSO integration Option: Step 1: Create Okta App for Bolster Platform Task 1: Launch the Wizard Task 2: Configure initial settings Step 2: Download and Share Metadata Download the metadata file by right click on […]
The Bolster platform supports Security Assertion Markup Language (SAML) 2.0 to enable Single Sign On (SSO) for user access. The steps below are meant to highlight how to perform this type of integration with Azure Active Directory (AD). Step 1: Create Active Directory SAML App following this tutorial Perform basic SAML Configuration with the following values: […]
This document describes the sequence of steps to enable Single-Sign On for the Bolster Platform. We currently support the following SSO integration Option: Step 1: Create Okta App for Bolster Platform Task 1: Launch the Wizard Task 2: Configure initial settings Task 3: Configure OIDC settings Step 2: Collect information Please send a screen-shot of […]
The Web Dashboard gives you a snapshot of your web defense activities.
The Dark Web module extends the Bolster Web module by detecting potential threats from anonymous sites. These sites include marketplaces, forums, and paste sites used for selling sensitive information. The following diagram illustrates a typical approach for using the Dark Web module to mitigate most use cases. Basic use cases for the Dark Web module […]
The easiest way to start a playbook for the Web module is with a template. Bolster provides starting templates for routing data automatically to the right people and apps.
The Dark Web Threat Actors screen lists information about the users posting potential threats on the Dark Web. Use this screen to:
The Dark Web Ignored Findings screen lists the potential threats you have decided to leave out of your defense activities. Use this screen to:
The Dark Web Mitigated Findings screen lists the findings you have set to Mitigated status. Use this screen to:
The Dark Web Active Findings screen lists the potential threats to your brand found on the Dark Web based on search terms you add. Use this screen to:
The Dark Web dashboard gives you a snapshot of your Dark Web defense activities.
Use playbook templates to start with a pre-defined query for your Web module playbook.
Use connectors to configure a playbook with information about how to handle the results of the query you have selected or defined. For example, to automate routing of query results to an email address, you would select the Email connector. Connectors specify: the app to send the results to any additional information needed to establish […]
Creating a playbook from scratch means you define the query as well as the schedule and destination.
Use Dark Web search terms to define the Dark Web findings of interest.