Common Use Cases
Explore common ways to use FullHunt's APIs and platform for various security and intelligence needs.
Attack Surface Management
Continuous Asset Discovery
Use Case: Automatically discover and monitor your organization's external assets.
Implementation:
- Use Domain APIs to discover subdomains
- Monitor for new assets using scheduled scans
- Track changes in your attack surface over time
Example Workflow:
- Query for all subdomains of your primary domain
- Scan discovered assets for open ports and services
- Monitor for certificate changes and expirations
- Alert on new or suspicious assets
Certificate Monitoring
Use Case: Track SSL/TLS certificates across your infrastructure.
Implementation:
- Use Certificate APIs to monitor certificates
- Set up alerts for upcoming expirations
- Track certificate changes and anomalies
Benefits:
- Prevent certificate-related outages
- Detect unauthorized certificates
- Maintain compliance with security policies
Threat Intelligence
Domain Intelligence Gathering
Use Case: Gather intelligence on suspicious domains and IPs.
Implementation:
- Use Domain APIs for domain analysis
- Cross-reference with threat intelligence feeds
- Build watchlists of suspicious indicators
Example Applications:
- Phishing campaign analysis
- Malware infrastructure tracking
- Brand protection monitoring
Dark Web Monitoring
Use Case: Monitor dark web activities related to your organization.
Implementation:
- Use Dark Web APIs to search for mentions
- Set up alerts for specific keywords or data types
- Track leaked credentials and sensitive information
Benefits:
- Early detection of data breaches
- Proactive threat hunting
- Incident response preparation
Security Operations
Automated Threat Hunting
Use Case: Integrate FullHunt data into your security operations workflows.
Implementation:
- Connect APIs to your SIEM or security platform
- Create automated playbooks for threat investigation
- Enrich security alerts with contextual data
Example Integration:
# Example: Enrich security alert with domain intelligence
def enrich_security_alert(domain):
# Get domain intelligence
domain_info = fullhunt_api.get_domain_info(domain)
# Check for suspicious indicators
risk_score = calculate_risk_score(domain_info)
# Update security alert with enriched data
return {
'domain': domain,
'risk_score': risk_score,
'subdomains': domain_info.get('subdomains', []),
'certificates': domain_info.get('certificates', [])
}
Vulnerability Management
Use Case: Track and prioritize vulnerabilities across your attack surface.
Implementation:
- Use Vulnerability APIs to identify issues
- Prioritize based on exposure and exploitability
- Track remediation progress
Benefits:
- Focus on externally facing vulnerabilities
- Understand true risk exposure
- Measure security improvement over time
Compliance and Reporting
Regulatory Compliance
Use Case: Support compliance with security regulations and standards.
Implementation:
- Generate regular security posture reports
- Track compliance metrics over time
- Document security controls and evidence
Common Compliance Frameworks:
- PCI DSS - Payment card industry security
- SOC 2 - Service organization controls
- ISO 27001 - Information security management
Executive Reporting
Use Case: Provide security metrics and insights to leadership.
Implementation:
- Create dashboards showing security posture trends
- Generate risk reports and recommendations
- Track security program effectiveness
Key Metrics:
- Attack surface size and changes
- Vulnerability exposure trends
- Certificate management status
- Threat intelligence insights
DevSecOps Integration
CI/CD Pipeline Integration
Use Case: Integrate security scanning into your development workflow.
Implementation:
- Scan new deployments for security issues
- Check for certificate problems before going live
- Validate security configurations
Example CI/CD Integration:
# Example GitHub Actions workflow
name: Security Scan
on:
push:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Scan deployment
run: |
# Scan the deployed application
python scripts/security_scan.py ${{ secrets.FULLHUNT_API_KEY }}
Infrastructure as Code Security
Use Case: Validate security configurations in your infrastructure code.
Implementation:
- Scan infrastructure configurations for security issues
- Validate DNS and certificate configurations
- Check for exposed services and credentials
Brand Protection
Typosquatting Detection
Use Case: Detect domains that might be used for phishing or brand abuse.
Implementation:
- Generate variations of your brand domains
- Monitor for new domain registrations
- Check for suspicious content or certificates
Social Media Monitoring
Use Case: Monitor for brand mentions and potential threats on social platforms.
Implementation:
- Track mentions of your brand or domains
- Identify potential phishing campaigns
- Monitor for leaked credentials or sensitive information
Getting Started with Your Use Case
- Identify your primary objective: What security challenge are you trying to solve?
- Choose relevant APIs: Review our API documentation to find the right endpoints
- Start with a pilot: Begin with a small-scale implementation
- Iterate and expand: Build on your initial success
- Monitor and optimize: Continuously improve your implementation
Need Help?
If you need assistance implementing any of these use cases:
- Review our getting started guide
- Check our best practices
- Contact our support team for guidance
- Consider our professional services for complex implementations