Actions21
- Digital Footprint Actions
- Dark Web Monitoring Actions
- Incident Actions
- Takedown Actions
- User Audit Logs Actions
- DRP Fraud Protection Actions
- Brand Protection Actions
Overview
This node integrates with the SOCRadar API to provide comprehensive cybersecurity data and monitoring capabilities. Specifically, for the Dark Web Monitoring resource with the Get IM Content operation, it retrieves instant messaging content related to a specified company from dark web sources. This can help security teams detect leaked or compromised information early.
Common scenarios include:
- Monitoring a company's presence on dark web forums and chat platforms.
- Detecting potential data breaches involving internal communications.
- Investigating suspicious activity or threats related to company assets.
Practical example: A security analyst wants to check if any internal company messages have appeared on dark web channels within a certain date range, filtering results by keywords and paginating through large result sets.
Properties
| Name | Meaning |
|---|---|
| Company ID | The unique identifier of the company to query dark web monitoring data for. |
| Additional Fields | Optional filters and pagination controls: |
| - From Date | Start date to filter messages from (inclusive). |
| - To Date | End date to filter messages up to (inclusive). |
| - Page | Page number for paginated results (default 1). |
| - Limit | Number of results per page (default 100). |
| - Search Term | Keyword or phrase to filter the instant messaging content results. |
Output
The node outputs an array of JSON objects representing the retrieved instant messaging content matching the query parameters. Each item typically contains details such as message text, timestamps, source information, and possibly metadata about the dark web channel where the content was found.
If errors occur during the API call, the output may include error messages and additional details explaining the failure.
No binary data output is indicated in the code.
Dependencies
- Requires an active SOCRadar API key credential configured in n8n.
- The node makes HTTP requests to the SOCRadar API base URL using this API key.
- No other external dependencies are indicated.
Troubleshooting
Common issues:
- Invalid or missing API key credential will cause authentication failures.
- Incorrect Company ID or parameters may return empty results or errors.
- Network connectivity problems can lead to request timeouts or failures.
Error messages:
- Errors returned from the SOCRadar API are captured and included in the output JSON under
erroranddetails. - If "Continue On Fail" is enabled, the node returns error info per item instead of stopping execution.
- Typical errors might include rate limiting, invalid parameters, or unauthorized access.
- Errors returned from the SOCRadar API are captured and included in the output JSON under
Resolutions:
- Verify that the API key credential is correctly set up and has necessary permissions.
- Double-check input parameters like Company ID and date ranges.
- Ensure network access to the SOCRadar API endpoint.
- Use "Continue On Fail" cautiously to handle partial failures gracefully.
Links and References
- SOCRadar Official Website
- SOCRadar API Documentation (for detailed API endpoints and parameters)