haveIbeenpwned integration

[John S. Galliano]

Has anyone integrated the haveIbeenpwned APIv3 service?

[Juan Nicolás Asselle (Nico Asselle)]

Hi!

After looking in the different Wazuh forums, I was not able to find someone asking/using/sharing any integration with haveipawned service.

But it's not all bad news! I can help you so that together we can develop and validate this integration.

The goal is to, check if haveipawned service contains/retrieves any pwaned information based on Wazuh alert's extracted data (email/cellphone). In case this email/cellphone information is compromised, create a new Wazuh Alert about this. Is this the behavior you need?

Using [custom integration documentation](https://documentation.wazuh.com/current/user-manual/manager/manual-integration.html?h#custom-integration) and any [default integration installed as reference](https://github.com/wazuh/wazuh/tree/v4.3.7/integrations) will be crucial to make this work.

In the meantime, did you already have custom rules or default rules that will provide the necessary data to query haveipawned service? 

Looking forward to your comments.

Nico