Have I Been Pwned - Enrich Users' Data

Prev Next

Have I Been Pwned - Enrich Users' Data enriches users returned by the selected query or selected on the relevant asset page with breaches, pastes and pwned passwords identified by 'Have I Been Pwned' (HIBP) website.

Note:
  1. This Enfocrement Set supports only Users assets.
  2. For more information on the breaches, pastes and pwned password identified by 'Have I Been Pwned' (HIBP) API, see HIBP API

Required Fields

These fields must be configured to run the Enforcement Set.

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Additional Fields

These fields are optional.

  • Have I Been Pwned (HIBP) domain (default: https://haveibeenpwned.com) - The hostname or IP address of the Have I Been Pwned (HIBP) server.

  • Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  • HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  • Alternative email suffix (default: empty) - Specify a comma-separated list of additional email suffixes, that will be also be checked for breaches, pastes and pwned password identified by 'Have I Been Pwned' (HIBP). This field may be useful if users emails in the organization have several email suffixes.

  • Domain include list (default: empty) - Specify a comma-separated list of email domains.

    • If supplied, Axonius will request Have I Been Pwned to check only users from the given query their email is in the specified list.
    • If not supplied, Axonius will request Have I Been Pwned to check all users from the given query.
  • Rate Limit (requests per minute) (default: 10) - Use this field to handle rate limit issues by HIBP documentation. It is possible to buy an account with a better rate limit.

  • Extra fields for enrichment - Add email fields to be evaluated by Have I Been Pwned. Select an adapter and a field. Click Add Fields to add more fields. Click the x to the right of a field to delete it.


For more details about other Enforcement Actions available, see Action Library.