Search by Company

post

https://api.hudsonrock.com/json/v3/search-by-company

Search for compromises within a specific company's digital assets (domains, APKs, and external domains)

Body Params

company_id

string

required

MongoDB ObjectId of the company to search within

company_asset_types

array of strings

length ≥ 1

🎯 Asset Type Filter: Specify which types of company assets to search. If not provided, searches ALL company assets (domains + apks + external_domains). ⚠️ Important: When searching all assets (default), the 'types' parameter cannot be used due to external_domains having different search logic.

company_asset_types

subdomains

array of strings

length ≤ 5

Filter by specific subdomains within company domains

subdomains

sort_by

string

enum

Defaults to date_compromised

Field to sort results by. 'date_compromised' sorts by when the infection occurred, while 'date_uploaded' sorts by when the data was integrated into our platform.

Allowed:

sort_direction

string

enum

Defaults to desc

Direction to sort results. 'desc' returns newest records first (recommended for monitoring), while 'asc' returns oldest records first (useful for historical analysis).

Allowed:

types

array of strings

Filter results by credential type. 'employees' returns corporate email credentials (@company.com), 'users' returns consumer credentials, and 'third_parties' returns credentials from related domains (only available when 'domains' parameter is provided).

types

domains

array of strings

Defaults to

List of domains to filter results by. Accepts root domains (example.com) and will match all subdomains. Maximum 50 domains per request. Required for 'third_parties' type filtering.

domains

keywords

array of strings

Filter results to URLs containing specified keywords. Useful for finding credentials for specific services (e.g., ['vpn', 'admin', 'portal']). Case-insensitive matching. Maximum 10 keywords per request.

keywords

keywords_match

string

enum

Defaults to any

Determines how multiple keywords are matched. 'any' returns results matching at least one keyword (broader results), while 'all' requires all keywords to match (narrower, more specific results).

Allowed:

filter_credentials

boolean

Defaults to true

Controls credential filtering in results. When true, returns only credentials matching the search criteria. When false, returns all credentials from matching stealers, which may include credentials for unrelated domains/services.

cursor

string

Base64 encoded pagination cursor for retrieving the next set of results. Obtained from the 'nextCursor' field in the previous response. Provides more reliable pagination than offset-based approaches.

start_date

date-time

ISO 8601 formatted timestamp (YYYY-MM-DDThh:mm:ssZ) to filter results from this date/time onward. Applies to the field specified in 'sort_by'. Useful for incremental data retrieval and monitoring.

end_date

date-time

ISO 8601 formatted timestamp (YYYY-MM-DDThh:mm:ssZ) to filter results up to this date/time. Applies to the field specified in 'sort_by'. Useful for historical analysis and limiting result timeframes.

additional_fields

array of strings

Defaults to

Optional additional data to include in results. 'search_data' adds information about the search terms found in the browsing history search engine results from infected devices. 'installed_software' adds information about software installed on compromised machines, useful for vulnerability assessment and attack surface analysis. 'employee_session_cookies' adds session cookies from employee credentials, useful for identifying active sessions and potential unauthorized access. May increase response size and processing time. 'password_strength' adds password strength analysis for each password in the results. 'sensitive_applications' adds information about sensitive applications within the compromised URL structure, based on a predefined list of sensitive apps. 'dir_tree' adds information about the directory tree of the compromised machine, which can help identify potential attack vectors.

additional_fields

Responses

200Successful search

400Validation error - the request or request body was invalid

401Unauthorized - the server could not authenticate the request

403Forbidden - the server authenticated the request but refuses to process it because of insufficient permissions

404Not found - the server could not find the requested resource

408Timeout - the server timed out while waiting for a response (90 seconds)

429Rate limit exceeded - the server has received too many requests in a short period of time

500Internal server error - the server encountered an unexpected condition that prevented it from fulfilling the request