Skip to main content

February Content Digest

Discover new integrations, steps, improvements, and templates.

Updated today

We've added the following new integrations, steps, and improvements:

  • New integrations:

    • Illumio

    • IPQS

    • Vectraq QUX

    • Vorlon

    • Wiz MCP Server

  • New steps and improvements:

    • APIVoid

    • Crowdstrike

    • Recorded Future

    • Replica

    • ThreatConnect

    • Microsoft 365

    • Wiz

New Templates

We've added the following template to the template library:

Illumio

A new Illumio steps integration is now available on the Integrations page. The following steps are available:

  • Create Label

  • Get Label Details

  • List All Labels

  • List Label Groups

  • Update Service

  • Create IP List

  • List Events

  • Get Specific Event Details

  • List Vulnerabilities

  • Delete a Workload

  • Create a Workload

  • Update Workload

  • Get a Workload

  • Get Workload Ransomware Details

IPQS

A new IPQS steps integration is now available on the Integrations page. The following steps are available:

  • Submit URL to the Malicious URL Scanner API

  • Submit IP address to the Proxy Detection API

Vectraq QUX

A new Vectra QUX steps integration is now available on the Integrations page. The following steps are available:

  • Add Detection Note

  • Get Detection

  • Update Detection Note

  • Get Host

  • Search Detections

Vorlon

A new Vorlon steps integration is now available on the Integrations page. The following steps are available:

  • Query Traffic

  • Update Alert Status

  • Get Identity Details

  • List Linked Alerts

Wiz MCP Server

A new Wiz MCP Server steps integration is now available on the Integrations page. The following steps are available:

  • Create Session

  • Generic Tool Call

  • List tools

APIVoid

Several new steps were added to the APIVoid integration:

  • Get URL Reputation V2

  • Get Domain Reputation V2

  • Verify Email V2
    ​​

CrowdStrike

Several new steps were added to the CrowdStrike integration:

  • Execute RTR Command Admin

  • Download File From Quarantine

Recorded Future

Several new steps were added to the Recorded Future integration:

  • Query Threat Detection Profiles

  • Publish Reports

  • Query Threat Hunt Profiles

  • Get Threat Prevention Profile Indicators

The Get Threat Detection Profile Detection Rules step has several new optional parameters:

  • Threat detection profile ID: The Threat Automation Profile ID.

  • Filter type: Decides what detection rule types are included in the results

The Get Threat Hunt Job Indicators step has several new optional parameters:

  • Report objects: An array of report objects. See documentation for more details and restrictions on each field.

  • Threat hunt job ID: The Threat Hunt Job ID.

The Get Source step has several new optional parameters:

  • Profile integration: Profile integration to filter by.

  • Offset: Used for pagination.

​The Get Pending Threat Hunt Jobs step has a new optional parameter:

  • Integration ID: The identity of the integration.

Replica

Several new steps were added to the Replica integration:

  • Reset Password

  • Update Account Information

ThreatConnect

A new step was added to the ThreatConnect integration:

  • Get Indicator by Name

Microsoft 365

Several new steps were added to the Microsoft 365 integration:

  • Update Incident

  • Update Alert v2

  • List Incidents

  • Get Incident

  • Create Incident Comment

  • Get Alert v2

The Get Incident step has several new optional parameters:

  • Custom tags: JSON array of custom tag strings to associate with the incident.

  • Orderby: OData orderby expression. Defaults to 'createdDateTime desc'.

The Get Alert v2 step has several new optional parameters:

  • Select: OData $select. Comma-separated list of properties to return. E.g., id, title, severity, status, evidence.

  • Count: OData $count. Set to true to include total matching record count in the response.

Wiz

The Create Issues Report step has several new optional parameters:

  • Report parameters: A JSON object containing vulnerability report parameters to narrow down your report's results.

  • Compression method: The type of compression to apply to the report content.

  • Run interval hours: The time between each report, measured in hours. Required for incremental reports.

  • Riun start time: The date when the scheduling starts. Required for incremental reports. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z'

  • Project ID: Specify the Wiz project ID to scope this report. Required for project-scoped integrations. Use * to include all projects.

The Create Inventory Report step has several new optional parameters:

  • Project ID: Specify the Wiz project ID to scope this report. Required for project-scoped integrations. Use * to include all projects.

  • Run interval hours: The time between each report, measured in hours. Required for incremental reports.

  • Run start time: The date when the scheduling starts. Required for incremental reports. DateTime format: yyyy-MM-dd'T'HH:mm:ss'Z'

  • CSV delimiter: The CSV delimiter to use in the report.

  • Format: The format of the report.

  • Compression method: The type of compression to apply to the report content.

  • Cloud resource parameters: Use the filters object to filter the cloud resources included in the report.

The List Issues step has a new optional parameter:

  • Resolution reason: The reason for resolving the issue as `REJECTED` is used to filter the results.

Related Articles
Armis
Workflow Template: Open a TheHive case triggered by SentinelOne findings
Workflow Template: Enrich SentinelOne Incident with Threat Intelligence from Intezer
Microsoft 365 Defender
CrowdStrike (Legacy)
Did this answer your question?