- 10 Apr 2023
- 3 Minutes to read
- DarkLight
Content digest 4.4.23
- Updated on 10 Apr 2023
- 3 Minutes to read
- DarkLight
We’ve added the following new integrations, steps, improvements, and templates:
- Scripting
- Afi
- Automox
- Britive
- Custom Slack
- GitHub
- Google Chronicle
- Jamf
- LogicMonitor
- Microsoft Excel
- Microsoft Teams Bot v2
- Palo Alto Networks Cortex XDR
- Palo Alto Networks Prisma Cloud Platform
- runZero
Scripting
The Run an inline Python script step has a new optional parameter:
Output filename
: The name of the file in which the output will be saved.
Afi
The following new steps were added to the Afi integration.
- Get Task Status: Returns the status of the task with the given ID. You must allow exponentially growing timeouts between steps when polling the status of a task, starting from a minimum of 15 seconds and up to 4 minutes (e.g., 15 seconds, then 30, 60, 120, and 240).
- List Protections: Returns a list of protections assigned to the given tenant.
- List Resources: Returns a list of resources available for the given tenant.
- Protect Resource: Assigns the given policy to the given resource. Only one policy can be assigned to a resource by default.
- List Installations: Returns a list of installations (tenant IDs and organization IDs) for the application of the authenticated user.
Automox
The following new steps were added to the Automox integration:
- List Organization Users: Returns a list of all users with access to the organization with the given ID.
- List All Policy Objects: Retrieves a list of all policy objects for the authenticated user.
- List Policy Objects: Retrieves a list of policy objects for the authenticated user.
- List Devices: Returns a list of all devices for the authenticated user.
Britive
A new step was added to the Britive integration:
- Run Britive CLI Command: Runs the given command on the Britive CLI.
Custom Slack
The following new steps were added to the Custom Slack integration:
- Rename Channel: Renames the channel with the given ID.
- Get Conversation Replies: Retrieves a thread of messages posted to a conversation.
- Open View: Opens a view for a user using the provided
Trigger ID
orInteractivity Pointer
.
GitHub
A new step was added to the GitHub integration:
- Get artifact: Returns information about the artifact with the given ID.
Google Chronicle
A new step was added to the Google Chronicle integration:
- Generate Google Chronicle Token: Generates a Service Account OAuth2 token for Google Chronicle, impersonating a specific user.
Jamf
A new step was added to the Jamf integration:
- Get Computer FileVault: Returns FileVault information for the specified computer.
LogicMonitor
The following new steps were added to the LogicMonitor integration:
- Get Device Instance Data: Returns data associated with the device with the given instance ID from the specified graph. For more information, see the LogicMonitor documentation.
- List Device Alerts: Returns the list of alerts of the device with the given ID.
- List Device Groups: Returns a list of the device groups in your account.
Microsoft Excel
A new step was added to the microsoft_excel integration:
- Update Row: Updates the contents of the specified row in the given Excel table.
Microsoft Teams Bot v2
The Post Message in Conversation V2 step has a new optional parameter:
Recipient
: The recipient of the message. Can either be<group>/<conversation_name>
, a user email or a conversation ID.
Palo Alto Networks Cortex XDR
The following new steps were added to the Cortex XDR integration:
- Get XQL Query Quota: Retrieves the amount of query quota available and used.
- Run XQL Query: Runs the given XQL Query.
Palo Alto Networks Prisma Cloud Platform
The following new steps were added to the Prisma Cloud Platform integration:
- Get Alert Search Data: Returns search data that can be used to investigate the alert with the specified ID.
- Perform Network Search: Performs a search against flow logs with the given RQL query.
runZero
The following new steps were added to the runZero integration:
- List Assets: Returns a list of assets in the given organization. You may filter the list using the
SEARCH_TERM
parameter. - List Sites: Returns a list of sites in the given organization.
A new step was added to the WhatsApp integration:
- Mark Message as Read: Marks the message with the given ID as read.
New templates
- Verify User's Group Membership in Ping via Slack Command
- Monitor an Outlook Mailbox for Phishing with Recorded Future (Advanced)
- Just-in-time access to Group Membership in PingOne
- Just-In-Time Access to Group Membership in Active Directory
- Label Google Drive Files Containing PII Identified by BigID
- Okta Exposed Passwords in Failed Login Attempts (Intermediate)