- 27 Nov 2023
- 2 Minutes to read
- DarkLight
Armis
- Updated on 27 Nov 2023
- 2 Minutes to read
- DarkLight
Armis is an agentless, enterprise-class device security platform. It's designed to protect organizations from cyber threats created by unmanaged IoT devices.
Use the Armis integration to trigger Torq workflows and run queries, manage tags for devices, and get information about devices in Armis.
Torq provides several templates for Armis.
Use Armis events to trigger Torq workflows
To ingest Armis events in Torq, you need to create an Armis trigger integration and use the generated webhook URL (Torq endpoint) to create a Torq integration in Armis.
Create an Armis trigger integration in Torq
- Go to Integrations > Triggers.
- Locate Armis and click Add.
- Type a meaningful name for the integration instance and click Add.
Create a Torq integration in Armis
- Log in to your Armis portal.
- Go to Settings > Integrations.
- Click Connect Integration.
- Locate the Torq card and click Connect.
- Give the integration a meaningful name.
- In the Trigger Integration Endpoint URL field, enter the endpoint URL you generated in Torq.
Use Armis steps in workflows
To use Armis steps in workflows, you'll need an Armis API secret key and the URL of your Armis instance. All Armis steps require authenticating with an access token, that's passed as an input parameter. Before using Armis steps in a workflow, you need to add the step Generate access token in order to generate the token that will be passed to subsequent steps.
Get your Armis API secret key
- Log in to your Armis portal.
- Go to Settings > API Management.
- Click Create and copy the API secret key.
Create an Armis steps integration in Torq
- Log in to Torq.
- Go to the Integrations page and locate the Armis card under Steps.
- Click Add.
- Give the integration a meaningful name.
- Enter the Armis API secret key you created earlier.
- Enter the URL of your Armis instance. For example, https://<my-company>.armis.com.
- Click Add.
Use Armis steps
- Add the Armis Generate access token step on the designer and select the Armis steps integration you created earlier.
- Run the step to generate the access token. You'll pass this token in subsequent Armis steps.
- Add an Armis step to the designer.
- In the ARMIS_ACCESS_TOKEN field, select the path to the access token you generated.
- Select the Armis integration you created earlier.
- Complete any other parameters you need.
The output includes information about the device, sources that detected the device, and more.
Premade steps
These are the premade steps for Armis. Don't see the step you need? No problem, you can easily create custom steps.
- Add tags to a device
- Remove tags from a device
- Get information about devices
- Run a search query
- Generate an access token
Available templates
- Update Jira status and user on a device with CVE tag
- Hunt for specific CVE and attempt remediation
- Handle high-level CNC threat detected on a network
- Detected RDP session from the server to an external IP
- CVE search in Wiz, Snyk, and Armis with Jira issue tracking