- 22 Feb 2023
- 4 Minutes to read
- DarkLight
Content digest 21.2.23
- Updated on 22 Feb 2023
- 4 Minutes to read
- DarkLight
We’ve added the following new integrations, steps, improvements, and templates:
- IBM Qradar
- Drata
- Github
- Google Workspace
- Jira Cloud
- LastPass
- Microsoft Excel
- SentinelOne
- VMware vSphere
- Utils/Extraction utils
- Utils/Forms
- Threat intel vendors
- AWS CLI
- Azure CLI
- gcloud CLI
- LastPass
- Microsoft Excel
- Orca
New integrations
Added the following integration.
IBM Qradar
A new IBM Qradar integration is now available on the Integrations page. You can use the integration to work with Ariel databases and offenses.
New steps
Added the following new steps.
Drata
A new step was added to the Drata integration:
- Run Autopilot Test: Initiates a monitor test using the autopilot feature.
- Added the
requiredIf
parameter to the Upload device evidence and Upload user evidence steps for the Drata integration.
GitHub
A new step was added to the GitHub integration:
- Check If User Is Repository Collaborator: Checks if the given user is a repository collaborator.
Google Workspace
A new step was added to the Google Workspace integration:
- Set User Archive Status: Updates the given user's archive status.
Jira Cloud
A new step was added to the Jira Cloud integration:
- Get Issue Changelogs: Lists all of the given issue's changelogs.
LastPass
2 new steps are now available as part of the LastPass integration:
Add Users: Adds the given users to your LastPass account.
Destroy User Sessions: Destroys the given user's active login sessions.
The Add User to Groups step has a new optional parameter:
LASTPASS_API_CID
: Your LastPass account number, which is located on the adoption dashboard of the new Admin Console. For more information, see the LastPass help center.The Delete User step has several new optional parameters:
LASTPASS_API_CID
: Your LastPass account number, which is located on the adoption dashboard of the new Admin Console. For more information, see https://support.lastpass.com/help/where-can-i-find-the-cid-and-api-secret.USER_USERNAME
: The username of the user to delete.LASTPASS_API_SECRET
: Your LastPass API secret (provisioning hash). For more information, see the LastPass help center.Retry delay
: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response containsRetry-After
header, the delay will be overridden by the value of this header.
The Add User step has a new optional parameter:
Max retries
: Maximum number of retries. If no value is specified the step will keep retrying until a valid status code is received or for up to 50 seconds.The Deactivate User step has a new optional parameter:
Max retries
: Maximum number of retries. If no value is specified the step will keep retrying until a valid status code is received or for up to 50 seconds.The Add User to Groups step has a new optional parameter:
Retry on status
: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.The List Users step has a new optional parameter:
Page number
: The number of the results page to return (starting at0
).
Microsoft Excel
A new step was added to the Microsoft Excel integration:
- Get Worksheet Data: Returns the data of the given worksheet in JSON format. The step will only work on worksheets that contain a single table.
SentinelOne
The following new steps were added to the SentinelOne integration:
- Create Exclusion: Creates an exclusion to make Agents suppress alerts and mitigation for files or processes originating from the specified path, browser, or file type.
- Download File from Activity: Dowloads a file from activity using the provided
Download URL
.
VMware vSphere
The following new steps were added to the VMware vSphere integration:
Get Datacenter: Retrieves information about the datacenter with the given ID.
Get VM: Returns information about the virtual machine with the given ID.
Improvements
We made the following improvements.
Utils/Extraction utils
The Flatten JSON Object step has a new optional parameter:
Input
: The JSON object to extract values from.
Threat intel vendors
We added 3 new optional parameters to several threat intel vendors. The parameters help manage steps that might fail due to quotas.
Max retries
: The maximum number of retries for the step.Retry delay
: The initial delay between retries (in seconds).Retry on status
: Automatically retry the request on the given HTTP status codes.
Vendors:
- VirustTotal
- urlscan.io
- Logz.io
- GreyNoise
- Elastic Security
- DomainTools
- Joe Sandbox
- Perception Point
- Hunters
- Recorded Future
- SafeBreach
- Scamalytics
- Taxii Server
- JupiterOne
- MxToolbox
- VMRay
- Lastline
- Cybersixgill
AWS CLI
Added optional parameters that enable you to pass authentication credentials so you don't have to store them in and use an AWS integration.
AWS access key ID
AWS secret access key
AWS session token
Azure CLI
Added optional parameters that enable you to pass authentication credentials so you don't have to store them in and use an Azure integration.
Azure tenant ID
Azure client ID
Azure client secret
gcloud CLI
Added an optional parameter that enables you to pass authentication credentials so you don't have to store them in and use a GCP integration.
Auth code
: Your gcloud auth code, which consists of your credentials file encoded in Base64.
Microsoft Excel
We removed the Get Worksheet Used Range step. You should use the Get Worksheet Used Range Information step instead.
Orca
The Search Alerts step has a new optional parameter:
DSL filter
: This parameter can be used to filter, search, and sort the items returned in the step output. For more information on theDSL_FILTER
syntax see https://docs.orcasecurity.io/docs/detailed-query-api-examples.
New templates
Added the following templates to the template library.
- Analyze URLs and Files in Triage Sandbox
- Check if IPv4 Address is Part of an AWS IP Network Block
- Add Anti-Virus Evidence in Drata
- Add Auto-Updates Evidence in Drata
- Add Background Check Evidence in Drata
- Add Hard Drive Encryption Evidence in Drata
- Add HIPAA Training Evidence in Drata
- Add MFA on IdP Evidence in Drata
- Add Password Manager Evidence in Drata
- Add Screensaver Lock Evidence in Drata
- Add Security Training Evidence in Drata
- Get Failing Resources for a Test in Drata