Content digest 24.1.23

We’ve added the following new integrations, steps, improvements, and templates:

New integrations

• Adaptive Shield
• Azure Log Analytics
• Cortex Xpanse
• Dig Security
• Grip Security

New steps

• Utils
• Cryptographic Utils
• Output Utils
• CircleCI
• GitLab
• Jamf
• Jira Cloud
• Lacework
• Okta
• ThreatFox
• Torq
• Uptycs
• URLhaus

Improvements

• Extraction Utils
• SentinelOne
• Splunk

New templates

New integrations

Added the following integrations.

Adaptive Shield

A new Adaptive Shield trigger integration is now available on the Integrations page. You can use the integration to trigger Torq workflows with events from Adaptive Shield.

Azure Log Analytics

A new Azure Log Analytics steps integration is now available on the Integrations page.

You can use the integration to query analytics.

Cortex Xpanse

New trigger and steps Palo Alto Networks Cortex Xpanse integrations are now available on the Integrations page.

Use the trigger integration to trigger Torq workflows with events from Cortex Xpanse. The steps integration includes steps to manage Cortex Xpanse issues and assets.

Dig Security

A new Dig Security trigger integration is now available on the Integrations page. You can use the integration to trigger Torq workflows with events from Dig Security.

Grip Security

A new Grip Security steps integration is now available on the Integrations page.

Use the steps currently available to remove employee access and start offboarding.

New steps

Added the following new steps.

Utils

A new utility step is now available:

• Get Whois Record: Runs a Whois query on the given input.

Cryptographic Utils

A new utility step is now available:

• Decode JWT: Decodes a given JSON Web Token without its signature.

Output Utils

A new utility step is now available:

• Strip HTML Tags: Strips HTML tags from the given input.

In addition, the Create HTML Table step has 3 new optional parameters that you can use to style the table border.

CircleCI

A new step is now available as part of the CircleCI integration:

• List Environment Variables: Returns the list of environment variables for the given context.

GitLab

A new step is now available as part of the GitLab integration:

• Run GraphQL Query: Runs a GraphQL query in GitLab.

Jamf

6 new steps are now available as part of the Jamf integration:

• Delete Mobile Device by ID
• Find All Mobile Devices
• Find Mobile Device by MAC Address
• Find Mobile Device by Name
• Find Mobile Device by Serial Number
• Search for Mobile Device by String

Jira Cloud

A new step is now available as part of the Jira Cloud integration:

• Set Issue Priority: Sets a new priority for the specified issue.

In addition, the Create Issue step has a new optional parameter: Issue priority. Use the new parameter to set a priority for the new issue.

Lacework

2 new steps are now available as part of the Lacework integration to support Lacework V2 API updates:

• Get Alert Details: Returns details about the specified alert.
• List Alerts: Returns the list of alerts in your Lacework account.

Okta

A new step is now available as part of the Okta integration:

• Clear User Sessions: Removes all active identity provider sessions. This forces the user to authenticate on the next operation.

ThreatFox

A new step is now available as part of the ThreatFox integration:

• Query Recent IOCs: Returns a list of IOCs that were recently first seen in ThreatFox's IOC dataset.

Torq

4 new steps are now available as part of the Torq integration:

• Retrieve a workflow: Returns the details of an existing workflow by ID.
• Retrieve a revision: Returns the content of a workflow revision in YAML format.
• Add a tag: Attaches the specified tag to the given workflow.
• Import a workflow: Imports the provided workflow to the current account.

Uptycs

A new step is now available as part of the Uptycs integration:

• Generate JWT Token: Generates an Uptycs JWT token to use in other Uptycs steps.

URLhaus

2 new steps are now available as part of the URLhaus integration:

• Query Recent Payloads: Returns a list of recent payloads seen by URLhaus.
• Query Recent URLs: Returns a list of URLs that were recently added to URLhaus.

---

Improvements

We made the following improvements.

Extraction Utils

Filter out duplicate results with the new RETURN_UNIQUE optional parameter added to extraction utility steps that can return lists (IP addresses/hashes/domains/etc).

The Extract all domains and Extract first domain steps have a new optional parameter: Domain type. Use the new parameter to specify whether you want to extract subdomains or base domains only.

SentinelOne

The Add Note to Threats and Update Threat Incident steps have a new optional parameter: Agent ids. Use the new parameter to apply the step functionality to threats associated with the specified Agent IDs.

Splunk

The Create New Search Job step has a new optional parameter: Omit search query prefix. Use the new parameter to specify whether the search prefix should be omitted from the search query.

New templates

The following new templates are now available in our template library:

• Remediate Wiz Alert on Azure VM with Open SSH Access - Teams
• Gather CircleCI Global Environment Variables with Creation Date
• Gather CircleCI Environment Variables from GitHub Org Repos
• Gather CircleCI Environment Variables from Bitbucket Repos
• Disable a Specific User in Google Cloud Identity
• Group IoCs from text input
• Disable and Contain a Specific Compromised User in Okta
• Verify Permissions to Execute Workflows - Google Cloud Identity
• Verify Permissions to Execute Specific Workflows - Okta
• Collect Azure Network Security Group Details
• Collect Azure VM and Network Details