This add-on supports the latest v3 API. For details refer - https://haveibeenpwned.com/API/v3
Enter your API key in the App setup page.
Manage Apps -> Click Set up against 'HaveIBeenPwnedAPI' app -> Enter API key under 'API key' section.
<base_query> | hibp field=<emailfield>
produces new field called Pwned_Details and it has three possible values :
if email found - > produces result with Breach Title,Date, DataClases
if email not found -> produces static message "Not Pwned"
if not above two cases -> produces "Error: Response Code -XXX"
Problem:
In Windows platform, after configuring the 'API Key' (using 'Setup' option in the App management page), below configuration file is created in 'UTF-8 BOM' format. This might break the script that is used for 'hibp' command.
$SPLUNK_HOME\etc\apps\TA-hibp-api\local\hibpq.conf
Solution:
Convert the format of '$SPLUNK_HOME\etc\apps\TA-hibp-api\local\hibpq.conf' file from 'UTF-8 BOM' to 'UTF-8' to fix the issue in Windows platform.
Thanks to Balaji Thambisetty for the base version of this app.
App Icons and Documentation added.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.