Houdin.io (Preview)
Houdin.io provides automated AI cyber threat analysis, reducing the time and effort required to analyze and respond to cyber threats.
This connector allows you to connect Houdin.io with your SOAR platform, enabling automated threat analysis and response workflows.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Copilot Studio | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Houdin.io Support |
| URL | https://houdin.io |
| support@houdin.io |
| Connector Metadata | |
|---|---|
| Publisher | Houdin.io |
| Website | https://houdin.io |
| Privacy policy | https://houdin.io/pp |
| Categories | AI;Security |
Houdin.io Threat Intelligence Connector
The Houdin.io Connector enables Power Automate/Logic Apps to launch cyber threat scans and retrieve results from Houdin.io, an AI-assisted threat hunting platform for cyberdefense professionals. Houdin is designed to simplify automated threat analysis (e.g. in SOAR or CTI workflows) by providing a single API. It “supercharges your SOAR” with just two operations: one to start a scan, and one to fetch its results.
- Launch Scan (
POST /api/v1/scan/launch) – Submit an artifact (such as a URL, domain, IPv4 address, or file hash) to start a scan. Houdin auto-detects the artifact type and runs all relevant scanners. For example, you might scan a malicious URL or suspicious IP. The API responds with a JSON object containing ascanIDand initialstatus(typically"In progress"). Use thisscanIDto check later when the scan completes. - Get Results (
GET /api/v1/scan/result) – Retrieve the results for a completed scan by supplying thescanID. Houdin returns a JSON payload that includes the original artifact, the finalstatus(e.g."Done"), and detailed results from each underlying scanner in ascanResultsobject (e.g. VirusTotal, URLscan, AlienVault, AbuseIPDB, etc.). If the scan is still running, the API returns HTTP 202 with “Scan is still in progress”.
Prerequisites
- A Houdin.io account on the Pro or Enterprise plan (required to use the API).
- A valid Houdin API key. You generate this key from the Houdin web app (in your user profile). The connector uses this key to authenticate all requests.
Authentication
Configure the connector connection by entering your Houdin API key. The connector will include this key in an X-API-Key header on each request. (Houdin also supports “Bring Your Own API Keys” for third-party scanners, but simply having the Houdin API key is sufficient to run scans.) Once authenticated, your Power Automate flows can call the Launch Scan and Get Results actions to interact with Houdin’s scanning service.
Using the Connector
This connector is intended for security workflows (SOAR, incident response, CTI enrichment, etc.) where you want to automate threat enrichment via Houdin.io. For example, you could build a flow that, upon detecting a suspicious IP or URL, calls Launch Scan, waits for the scan to complete, then calls Get Results and processes the returned intelligence. The full scanner results are returned, so you can extract reputation scores, malware findings, and other threat context directly from the JSON response.
# Example: Launch a scan
POST https://api.houdin.io/scan/launch
Headers: { "Content-Type": "application/json", "X-API-Key": "<YOUR_HOUDIN_KEY>" }
Body: { "artifact": "http://malicious.example.com/path" }
# Response:
{
"scanID": "houdin-xxxx-xxxx-xxxx",
"status": "In progress"
}
# Example: Get results (once status is Done)
GET https://api.houdin.io/scan/result?scanID=houdin-xxxx-xxxx-xxxx
Headers: { "X-API-Key": "<YOUR_HOUDIN_KEY>" }
# Response JSON includes fields like:
# "scanID", "status", "artifact", "scanOn",
# "scanResults": { "vt": {…}, "urlscan": {…}, ... }
Tip: Houdin’s API is designed to replace multiple service-specific calls. Just send one
scan/launchwith any supported artifact and Houdin automatically detects and runs the appropriate threat intelligence checks. This all-in-one approach gives a “holistic view of the threat landscape” without building separate playbooks for each data source.
Creating a connection
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
| Name | Type | Description | Required |
|---|---|---|---|
| api_key | securestring | The api_key for this api | True |
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Actions
| Launch Houdin scan |
This action launches a scan on Houdin.io |
| Retrieve Houdin results |
Based on a given scanID, retrieve the results of a scan from Houdin.io |
Launch Houdin scan
This action launches a scan on Houdin.io
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
artifact
|
artifact | True | string |
Any artifact you want to scan (can be URL, domain, IPv4, IPv6, MD5, SHA1, SHA256) |
|
scanOn
|
scanOn | array of string |
Returns
- Body
- scanResponse
Retrieve Houdin results
Based on a given scanID, retrieve the results of a scan from Houdin.io
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
A scan ID you want to retrieve results for
|
scanID | True | string |
A scan ID you want to retrieve results for |
Returns
- Body
- scanResult
Definitions
scanResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
scanID
|
scanID | string |
The unique identifier of your Houdin scan |
|
status
|
status | string |
The status of your scan |
scanResult
| Name | Path | Type | Description |
|---|---|---|---|
|
scanID
|
scanID | string |
The unique identifier of your Houdin scan |
|
status
|
status | string |
The current status for your scan |
|
artifact
|
artifact | string |
The scanned artifact |
|
scanOn
|
scanOn | array of string |
Array of scanners involved in the Houdin scan |
|
summary
|
scanResults.mesmer.summary | string |
The MesmerAI threat report for your artifact |
|
globalScore
|
scanResults.mesmer.globalScore | string |
The MesmerAI global score for your artifact |
|
relatedIOCs
|
scanResults.mesmer.relatedIOCs | array of string |
The MesmerAI list of IOCs in relationship with your artifact |
|
tags
|
scanResults.mesmer.tags | array of string |
The MesmerAI list of context tags for your artifact |
|
vt
|
scanResults.vt | object |
Object containing VirusTotal results |
|
urlscan
|
scanResults.urlscan | object |
Object containing URLScan results |
|
alienvault
|
scanResults.alienvault | object |
Object containing AlienVault results |
|
abuseipdb
|
scanResults.abuseipdb | object |
Object containing AbuseIPDB results |
|
scanTime
|
scanTime | string |
Date and time at which the scan was launched |
|
expiresAfter
|
expiresAfter | string |
Expiration date for the Houdin scan |