Content digest 21.2.23
  • 22 Feb 2023
  • 4 Minutes to read
  • Dark
    Light

Content digest 21.2.23

  • Dark
    Light

Article Summary

We’ve added the following new integrations, steps, improvements, and templates:

New integration

  • IBM Qradar

New steps

  • Drata
  • Github
  • Google Workspace
  • Jira Cloud
  • LastPass
  • Microsoft Excel
  • SentinelOne
  • VMware vSphere

Improvements

  • Utils/Extraction utils
  • Utils/Forms
  • Threat intel vendors
  • AWS CLI
  • Azure CLI
  • gcloud CLI
  • LastPass
  • Microsoft Excel
  • Orca

New templates

New integrations

Added the following integration.

IBM Qradar

A new IBM Qradar integration is now available on the Integrations page. You can use the integration to work with Ariel databases and offenses.

New steps

Added the following new steps.

Drata

A new step was added to the Drata integration:

  • Run Autopilot Test: Initiates a monitor test using the autopilot feature.
  • Added the requiredIf parameter to the Upload device evidence and Upload user evidence steps for the Drata integration.

GitHub

A new step was added to the GitHub integration:

  • Check If User Is Repository Collaborator: Checks if the given user is a repository collaborator.

Google Workspace

A new step was added to the Google Workspace integration:

  • Set User Archive Status: Updates the given user's archive status.

Jira Cloud

A new step was added to the Jira Cloud integration:

  • Get Issue Changelogs: Lists all of the given issue's changelogs.

LastPass

2 new steps are now available as part of the LastPass integration:

  • Add Users: Adds the given users to your LastPass account.

  • Destroy User Sessions: Destroys the given user's active login sessions.

  • The Add User to Groups step has a new optional parameter:
    LASTPASS_API_CID: Your LastPass account number, which is located on the adoption dashboard of the new Admin Console. For more information, see the LastPass help center.

  • The Delete User step has several new optional parameters:

    • LASTPASS_API_CID: Your LastPass account number, which is located on the adoption dashboard of the new Admin Console. For more information, see https://support.lastpass.com/help/where-can-i-find-the-cid-and-api-secret.

    • USER_USERNAME: The username of the user to delete.

    • LASTPASS_API_SECRET: Your LastPass API secret (provisioning hash). For more information, see the LastPass help center.

    • Retry delay: Initial delay between retries in seconds, each attempt will take 25% longer (exponential backoff). If a response contains Retry-After header, the delay will be overridden by the value of this header.

  • The Add User step has a new optional parameter:
    Max retries: Maximum number of retries. If no value is specified the step will keep retrying until a valid status code is received or for up to 50 seconds.

  • The Deactivate User step has a new optional parameter:
    Max retries: Maximum number of retries. If no value is specified the step will keep retrying until a valid status code is received or for up to 50 seconds.

  • The Add User to Groups step has a new optional parameter:
    Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.

  • The List Users step has a new optional parameter:
    Page number: The number of the results page to return (starting at 0).

Microsoft Excel

A new step was added to the Microsoft Excel integration:

  • Get Worksheet Data: Returns the data of the given worksheet in JSON format. The step will only work on worksheets that contain a single table.

SentinelOne

The following new steps were added to the SentinelOne integration:

  • Create Exclusion: Creates an exclusion to make Agents suppress alerts and mitigation for files or processes originating from the specified path, browser, or file type.
  • Download File from Activity: Dowloads a file from activity using the provided Download URL.

VMware vSphere

The following new steps were added to the VMware vSphere integration:

  • Get Datacenter: Retrieves information about the datacenter with the given ID.

  • Get VM: Returns information about the virtual machine with the given ID.

Improvements

We made the following improvements.

Utils/Extraction utils

The Flatten JSON Object step has a new optional parameter:

  • Input: The JSON object to extract values from.

Threat intel vendors

We added 3 new optional parameters to several threat intel vendors. The parameters help manage steps that might fail due to quotas.

  • Max retries: The maximum number of retries for the step.
  • Retry delay: The initial delay between retries (in seconds).
  • Retry on status: Automatically retry the request on the given HTTP status codes.

Vendors:

  • VirustTotal
  • urlscan.io
  • Logz.io
  • GreyNoise
  • Elastic Security
  • DomainTools
  • Joe Sandbox
  • Perception Point
  • Hunters
  • Recorded Future
  • SafeBreach
  • Scamalytics
  • Taxii Server
  • JupiterOne
  • MxToolbox
  • VMRay
  • Lastline
  • Cybersixgill

AWS CLI

Added optional parameters that enable you to pass authentication credentials so you don't have to store them in and use an AWS integration.

  • AWS access key ID
  • AWS secret access key
  • AWS session token

Azure CLI

Added optional parameters that enable you to pass authentication credentials so you don't have to store them in and use an Azure integration.

  • Azure tenant ID
  • Azure client ID
  • Azure client secret

gcloud CLI

Added an optional parameter that enables you to pass authentication credentials so you don't have to store them in and use a GCP integration.

  • Auth code: Your gcloud auth code, which consists of your credentials file encoded in Base64.

Microsoft Excel

We removed the Get Worksheet Used Range step. You should use the Get Worksheet Used Range Information step instead.

Orca

The Search Alerts step has a new optional parameter:

  • DSL filter: This parameter can be used to filter, search, and sort the items returned in the step output. For more information on the DSL_FILTER syntax see https://docs.orcasecurity.io/docs/detailed-query-api-examples.

New templates

Added the following templates to the template library.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.