- 31 May 2023
- 2 Minutes to read
Content digest 30.5.23
- Updated on 31 May 2023
- 2 Minutes to read
We’ve added the following new integrations, steps, improvements, and templates:
- New templates
- Utils/Encoding utils
- Anomali ThreatStream
- Custom Zoom
- Google Drive
- Google Workspace
- Microsoft Active Directory
- Microsoft Outlook
- Orca Security
- TAXII Server
- Generate Graph of Simple JSON Data using Python
- Generate a Dynamic PowerPoint Document based on Slide Data
A new step was added to the Torq integration:
- Retrieve Execution: Returns information about a specific workflow execution.
A new step was added to the Utils/Encoding utils integration:
- Convert JSON to Parquet: Converts a given JSON object to Parquet.
A new step was added to the Anomali Threatstream integration:
- List Threat Intelligence for Indicator: Returns Anomali's Threat Intelligence records for the given indicator. Supported indicator types are domains, emails, ips, md5s, strings, urls.
A new step was added to the Box integration:
- Upload File: Uploads a small file (up to 50MB) to Box.
Several new steps were added to the CrowdStrike integration:
- Add Host to Group: Adds a CrowdStrike host to a specified group.
- List Host Groups: Retrieves a list of host groups.
A new step was added to the Custom Zoom integration:
- Create a Channel: Creates a new chat channel.
A new step was added to the Google Drive integration:
- List Drives: List shared drives belonging to the user.
- A new step was added to the Google Workspace integration:
- Retrieve Workspace Audit Activity: Retrieves activity reports for a specific user, app, or service in Google Workspace. The Drive user parameter is optional.
- The Retrieve Workspace Audit Activity step has several new optional parameters:
Start time: The earliest date of the activities to retrieve, in the format yyyy-MM-ddTHH:mm:ss.SSSZ. Required if End Time is specified.
End time: The maximum time of activities to retrieve, in the format yyyy-MM-ddTHH:mm:ss.SSSZ. Required if StartTime is specified.
Microsoft Active Directory
A new step was added to the Microsoft Active Directory integration:
- Enable Account: Enables an account in Microsoft Active Directory. This step changes the account status from disabled to enabled, allowing the user to log in.
The Send Message step has several new optional parameters:
Recipients: A comma-separated list of recipients (email addresses).
CC recipients: A comma-separated list of CC recipients (email addresses).
The List Alerts step has a new optional parameter:
Risk level: The state risk level used to filter the results.
- A new step was added to the SentinelOne integration:
- Create Firewall Control Rule: Create a Firewall Control Rule for a scope specified by account, site, groups or tenant and specific OS to allow or block network traffic.
- The Get Blacklist Items step has a new optional parameter:
Include children: If set to
true, the results will include the children of the specified site IDs.
A new step was added to the Snyk integration:
- Get Projects: Pulls a list of projects from Snyk.io API.
A new step was added to the Splunk integration:
- Send Batch HTTP Event Collector Data: Send batch JSON formatted data as an HTTP Event Collector (HEC).
The List Objects step has several new optional parameters:
Limit: A single integer value that indicates the maximum number of objects that the client would like to receive in a single response.
Next: A single string value that indicates the next record or set of records in the dataset that the client is requesting. A client would get this value from the TAXII Envelope and would use this value along with the original query/filter parameters to paginate through additional records. This value is opaque to clients and may vary between server implementations.