Dark Web ID
Overview
Dark Web ID (a Kaseya product, formerly ID Agent) is a dark-web monitoring platform that detects compromised credentials — emails, domains, and IPs — belonging to your client organizations, with breach source, attribution, and triage status.
The Bumblebee integration is read-only: it can list and retrieve compromises, monitored organizations (with their search feeds), and portal users, but cannot create, modify, or delete Dark Web ID records.
Prerequisites & Setup
Before setting up the Dark Web ID integration, you need:
- A Dark Web ID partner account (API access is for partner administrators and partner agents only — it cannot be granted to SMB users)
- Permit access to web services enabled for the user whose credentials Bumblebee will use
- Bumblebee's IP address allowlisted (see below)
Allowlist Bumblebee's IP address (required)
Dark Web ID only accepts API requests from IP addresses on the user's IP Address whitelist, and an empty allowlist blocks API access completely.
Add Bumblebee's IP address
52.3.248.8to the IP Address whitelist or every request from Bumblebee will be rejected with a 403.
Entries are semicolon-separated with no trailing semicolon (e.g. 52.3.248.8;203.0.113.7).
Enable API access
- Sign in to Dark Web ID at secure.darkwebid.com as a partner administrator
- Open My Account → My Settings (or Edit User for another partner admin/agent)
- Under Web Services, check Permit access to web services
- In the IP Address whitelist field, add
52.3.248.8 - If your organization enforces Require Log In With KaseyaOne: go to Organization Settings → KaseyaOne, add the API user under User Overrides, then set a Dark Web ID-specific password via Forgot Password on the login page
- Verify: the API Documentation link appears in the portal's Help menu once web services access is granted
Vendor documentation:
- API access guide: help.darkwebid.kaseya.com
- IP allowlisting: help.darkwebid.kaseya.com
Configure in Bumblebee
- Go to the Integrations page in Bumblebee
- Select Dark Web ID
- Enter the user's email as the username and its Dark Web ID-specific password (not the KaseyaOne password)
- Save the configuration
- Run a test request (e.g. list organizations) from the validation card
API Limits
Dark Web ID does not publish request quotas. List endpoints are paginated with page (0-based) and limit (maximum 200 records per page).
Available Tools
Compromises (2 tools)
- list_compromises — List dark-web compromises (breached credentials). Optional: organization_ids (list of organization UUIDs), search_record_ids (list of search-feed UUIDs), begin_date / end_date (
YYYY-MM-DD HH:MM:SS, filters on the date the compromise was imported), page, limit, sort, direction. The default response omits the breachedpasswordvalue. - get_compromise — Get full details of a single compromise. Required: compromise_uuid (str).
Organizations (2 tools)
- list_organizations — List monitored organizations, including their search feeds (
ip_addresses,email_domains,email_addresses) whose UUIDs are used to filter compromises. Optional: page, limit, sort, direction. - get_organization — Get details of a single organization. Required: organization_uuid (str).
Users (2 tools)
- list_users — List Dark Web ID portal users. Optional: page, limit, sort, direction.
- get_user — Get details of a single portal user. Required: user_uuid (str).
Key field semantics
| Field | Values |
|---|---|
record_status | 0 New, 1 In Progress, 2 Resolved, 3 3rd Party Tracking (4/5 are PSA-sync states) |
record_type | domain, ip, or email |
password_criteria | 1 low priority (no match), 2 high priority (match found), 3 no password criteria configured |