Content digest 15.05.23

We’ve added the following new integrations, steps, improvements, and templates:

• New templates
• Utils/forms
• Anomali ThreatStream
• ANY.RUN
• Apiiro
• BigID
• Cisco Secure Email
• Gem
• Google Drive
• Grip Security
• Microsoft Azure AD
• Microsoft Outlook
• OpenAI
• Okta
• PagerDuty
• Reco.ai
• SentinelOne
• ServiceNow
• Webex
• Zscaler ZIA
• Zoom

New templates

Added the following templates to the template library.

• Reset Azure Active Directory MFA Methods and Password on a User
• Handle Wiz Alert for AWS Admin Principals Inactive Over 90 Days
• Assign or Remove Licenses on Users for Microsoft via Graph API
• VirusTotal IOC Lookup with Summary of Results from OpenAI
• Offboard SaaS User from Grip on Trigger from Hibob
• Impossible Travel in Okta Logins
• Issue a Push Challenge with Okta and Wait for a Response

Utils/forms

The Send Form step has a new optional parameter:

• Conclude web form with: If set to continue, the user filling this form will see an indication that another form is expected to load after this one. If set to end, the user will see a message saying the form has been submitted successfully.

Anomali ThreatStream

A new step was added to the Anomali ThreatStream integration:

• Submit Sample to Sandbox: Submits samples (files or URLs) to the ThreatStream-hosted Sandbox.

ANY.RUN

• The Run New URL Analysis step has several new optional parameters:
  • Geolocation: The location where you wish to run the analysis.
  • Use TOR: Whether to enable connection to a TOR network.
• The Run New Download Analysis step has the following new optional parameters:
  • Heavy evasion: Whether to enable kernel-heavy evasion tactics.
  • Privacy settings: The privacy of the task. 
  • Step timeout: The period of time, in seconds, until the step times out (up to 660).
  • Use TOR: Whether to enable connection to a TOR network.

Apiiro

A new step was added to the Apiiro integration:

• List Applications: Returns a list of all applications in the organization.

BigID

• Several new steps were added to the BigID integration:
  • Delete Tag: Deletes the tag with the given ID.
  • List Tags: Returns a list of tags that are configured in BigID.
  • Update Tag: Updates the tag or tag value with the given ID.
  • Untag Objects by Query: Removes tags from the objects in the catalog that match the given query.
• The Delete Tag step has a new optional parameter:
  • BigID session token: A BigID session token, as generated by the Create Session step.
• The List Tags step has a new optional parameter:
  • BigID session token: A BigID session token, as generated by the Create Session step.

Cisco Secure Email

A new step was added to the Cisco Secure Email integration:

• Delete Quarantine Messages: Deletes one or more messages from the provided quarantine.

Gem

A new step was added to the Gem integration:

• List Source IPs Used by Entity: Returns source IP addresses used by the entity with the given ID in the given timeframe, sorted by activity volume.

Google Drive

The List Permissions for File step has several new optional parameters:

• Include permissions for view: Whether to include additional permissions in the response.
• Support all drivers: Whether to include files in both My Drives and shared drives.
• Use domain admin access: Whether to use domain admin access.
• Page size: The maximum number of results to return per page (up to 1000).
• Page token: A token used for pagination. Use the value returned in the previous response of this step, under nextPageToken.
• Support all drives: Whether to include files in both My Drives and shared drives.

Grip Security

A new step was added to the Grip Security integration:

• Get SaaS Applications for User: Returns a list of all applications for the given user.

Microsoft Azure AD

• A new step was added to the Microsoft Azure AD integration:
  • Get User Authentication Method ID: Returns the given user's authentication method according to the given method type, if one exists.
• The Confirm User as Compromised step has several new optional parameters:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Disable User step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
• The Create User step has the following new optional parameters:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Enable User step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Delete User step has a new optional parameter:
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Get History for Risky User step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
• The Get All Users step has a new optional parameter:
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The List Group Members step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
• The List Risk Detections step has a new optional parameter:
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The Remove Group Member step has a new optional parameter:
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The Reset User Passwordstep has a new optional parameter:
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The Search Group by Namestep has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
• The Search Users by Name step has a new optional parameter:
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The Update Group step has a new optional parameter:
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The Update Group step has a new optional parameter:
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Search Users by Email step has a new optional parameter:
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.

Microsoft Outlook

A new step was added to the Microsoft Outlook integration:

• Get Attachment: Returns a single attachment of a specified message. The attachment content will be uploaded to a temporary signed URL.

OpenAI

• The Create Chat Completion step has a new optional parameter:
  • Timeout: The period of time, in seconds, until the step times out.

Okta

Several new steps were added to the Okta integration:

• Verify Push Factor Challenge: Polls for verification transaction completion result after issuing a push factor challenge.
• Upload YubiKey OTP Seed: Uploads a seed for a YubiKey OTP to be enrolled by a user.

PagerDuty

• Several new steps were added to thePagerDutyintegration:
  • Get Team: Returns the details of the team with the given ID.
  • List Users: Returns a list of users in your PagerDuty account.
• The Get Team step has a new optional parameter:
  • PagerDuty token: The token to authenticate the step.
• The List Teams step has a new optional parameter:
  • Query: A query used to filter the retrieved results. Only results that match the given query will be retrieved.

Reco.ai

Several new steps were added to the Reco.ai integration:

• Add User to Risk Management: Adds the given user to the risk management table.
• Get Asset by Incident ID: Retrieves an incident's asset data for the provided incident id.
• Update Timeline: Inserts an incident event into the timeline.

SentinelOne

• Several new steps were added to the SentinelOne integration:
  • Update Firewall Control Rule: Change a Firewall Control Rule based on Rule ID.
  • Delete Firewall Rule by ID: Deletes a Firewall Control Rule that matches the given IDs.
• The Get Agents step has a new optional parameter:
  • Agent UUIDs: A comma-separated list of Agent IDs used to filter the results. Each Agent ID should be enclosed in double-quotes.
• The Create Firewall Rule step has several new optional parameters:
  • Filters: A JSON object containing lists to filter by.
  • Group IDs: A comma-separated list of group IDs used to filter the results. Each group ID should be enclosed in double-quotes.
  • Site IDs: A comma-separated list of site IDs used to filter the results. Each site ID should be enclosed in double-quotes.

ServiceNow

• The Create Incident with Custom Fields step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
• The  Create Incident step has the following new optional parameters:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Delete Incident step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
• The Get Attachment File step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
• The Assign User to Incident step has a new optional parameter:
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Get Attachment Data stephas the following new optional parameters:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The Get Incident Details stephas the following new optional parameters:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Search Incidents step has a new optional parameter:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
• The Resolve Incident step has a new optional parameter:
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
• The Update Incident stephas the following new optional parameters:
  • Max retries: Maximum number of retries. If no value is specified, the step will keep retrying until a valid status code is received or for up to 50 seconds.
  • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.
  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.

Webex

A new step was added to the Webex integration:

• Get actor/people details: Fetch details about an actor (people).

Zscaler ZIA

• Several new steps were added to the Zscaler ZIA integration:
  • List Firewall Filtering Policy Rules: Returns a list of all the rules in the Firewall Filtering policy.
  • Update IP Destination Group: Updates the information of the IP destination group with the given ID.

Zoom

A new step was added to the Zoom integration:

• Get User: Returns information about the specified user.