Integrate Picnic superpowers into your cybersecurity operations and shift toward prevention.
Picnic API
Picnic works outside your perimeter to identify, analyze, and remediate human risk, reducing the human attack surface with preventative actions that make social engineering more difficult and expensive for threat actors. Our work continuously produces risk indicators you can ingest via REST API to supercharge existing cybersecurity controls and power new ones.
Picnic offers two REST APIs to fuel a human-centric cybersecurity strategy: a Human Risk API and a Compromised Credential API.
Human Risk API
Enrich your existing user metadata with individual user risk scores and exposure information without ingesting exposed PII.
While you can access individual risk scores and exposure information by logging into the Picnic dashboard and via frequent reports delivered by the Picnic team, a REST API enables the seamless operationalization of that human risk data without ingesting exposed PII. Integrating Picnic intelligence into your IdP, IAM, EDR, SIEM, SOAR, Email Security, and Cyber Awareness Training platforms via API enables a human-centric cybersecurity strategy. Picnic API supercharges your cybersecurity.
Picnic Human Risk API enables you to:
- Incorporate the human element into cybersecurity playbooks.
- Ingest human risk metadata for overall risk assessment and reporting.
- Identify users with recent cleartext password exposure to trigger password resets, MFA profile updates and/or security group assignment updates.
- Segment users by vulnerability to specific threat types, such as credential stuffing and SMS spear phishing, and design risk-triggered workflows based on those threats.
- Prioritize users for IAM authentication profile updates, security group assignments, cyber awareness training, phishing simulations, and red team targeting.
For API documentation, visit the Picnic Developer Portal
API Sample Data
|
/individuals/UUID
|
Description
|
Sample Content
|
|---|---|---|
|
attributes
|
Identifiers like name and work email, general indicators of coverage like the number and type of monitored email addresses, physical addresses and phone numbers.
|
John Doe, [email protected], 3 Work Emails, 2 Personal Emails, 4 Addresses, 2 Cell Phone Numbers
|
|
risk_scores
|
Overall social engineering risk scores by quintile and benchmark scores relative to peers.
|
Overall Risk High, Accessibility Risk Moderate, Value Risk Critical, Peer Benchmark Higher, Peer Benchmark 67%
|
|
threat_scores
|
Individual risk by social engineering threat, including Corporate Email Spear Phishing, Password Cracking, Credential Stuffing, etc.
|
Identity Theft Critical, Password Cracking High, Credential Stuffing Moderate
|
|
flags
|
Lower-level metrics created by picnic that inform risk calculations like “exposed personal cell phone”, “has privileged technical access” and “has additional employment”.
|
Exposed cell phone number TRUE, exposed home address TRUE, privileged technical access TRUE, LinkedIn Account TRUE, Insider Threat Risk TRUE
|
|
breaches
|
Aggregate exposed beach content and exposure within individual breaches, such as the total count of breaches, the most recent breach date, count of exposed cleartext passwords, the number of accounts tracked, type of accounts tracked and the exposed content type(s) per individual breach.
|
Total Breaches 31, Last breach 5/21/21, Exposed Cleartext Passwords 12, Breach 1 Name, Breach 1 Description, Breach 1 Exposed Data Categories, Breach 1 Date…
|
|
passwords
|
Password metadata including the number of unique passwords, the number of ciphertext passwords and the aggregate password strength/sophistication. Exposed passwords are available via Picnic’s compromised credential API.
|
Unique Cleartext Passwords 7, Unique Ciphertext Passwords 11, Last Unique Password Exposure 11/12/20, Password Strength 58
|
Compromised Credential API
Automatically and continuously protects your organization against compromised credential reuse.
Most employees reuse passwords from past jobs and personal accounts within their current work environment. Most do not know if their credentials were exposed in a breach, and threat actors can exploit this blind spot in your organization to conduct credential-stuffing attacks. Social engineers do not need much to connect the dots between work and personal identities. In fact, the 2024 X-Factor Threat Intelligence Index by IBM reported an increase of 71% yearly in the volume of attacks using valid credentials.
Picnic Compromised Credential API enables you to:
- Feed a Picnic password filter to any identity provider (IdP).
- Block compromised password reuse.
- Trigger password resets and multi-factor authentication (MFA) for users with surging risk of credential compromise and credential stuffing attacks.
- Stream these events to your SIEM.
- Native integration with Active Directory that bypasses its 1,000 password limit.
How it works
Get started today
Move beyond the corporate perimeter to reduce human risk and proactively safeguard against cyber threats with zero effort.