Skip to main content

April Content Digest

Discover new integrations, steps, and improvements.

We've added the following new integrations, steps, and improvements:

  • New integrations:

    • AppCheck NG

    • BlackKite

    • Cyberhaven

    • DarkInvader

  • New steps and improvements:

    • Abnormal Security

    • Absolute Software

    • Crowdstrike

    • Reco

    • SailPoint

    • Torq Cases

New Templates

We've added the following template to the template library:


​AppCheck NG

A new AppCheck NG steps integration is now available on the Integrations page. The following steps are available:

  • List Scans

  • List Scan Runs

  • List Vulnerabilities by Run

  • List Vulnerabilities by Scan

  • List Vulnerabilities

  • List Scan Profiles

  • Get Scan Status

  • Get Scan Details

  • Get Run Details

  • Get Vulnerability Details​

BlackKite

A new BlackKite steps integration is now available on the Integrations page. The following steps are available:

  • Download Company Report

  • Check Company Report Status

  • Generate Company Reports

  • Get Patch Management Finding Details

  • Search Active Companies

  • List Monitored Companies

  • Get Monitored Company

  • Get Company Ratings in Bulk

  • Get Company Cyber Ratings

  • Get FocusTag Details

  • Search Monitored Companies

Cyberhaven

A new Cyberhaven steps integration is now available on the Integrations page. The following steps are available:

  • Get Event Lineage

  • List Content Inspection Rules

  • Add User to Risk Group by Alias

  • Get Endpoint by ID

  • Retrieve Risky Dataflows for User

  • Add DSPM Issue Comment

  • Modify List Items

  • List Datasets

  • Get DSPM Issue Comments

  • Update an Incident

  • Remove User from Risk Group by Alias

  • List User Risk Groups

  • List All Stealer Logs

  • List All Leaked Credentials

  • List All Search Results

  • Update a Risk

  • List All Stealer Log Results

DarkInvader

A new DarkInvader steps integration is now available on the Integrations page. The following steps are available:

  • Get Stealer Log By UUID

  • List All Risks

  • List All Stealer Logs

  • List All Stealer Log Results

  • List All Leaked Credentials

  • Get Search Result By UUID

  • Update a Risk

  • List All Search Terms

  • Get Leaked Credential by UUID

  • List All Search Results

Abnormal Security

Several new steps were added to the Abnormal Security integration:

  • Download Email Attachment

  • Get Activity Status

  • Search Email Messages

  • Download EML File

​Absolute Software

Several new steps were added to the Absolute Software integration:

  • Freeze Devices

  • Remove freeze

Crowdstrike

The Update an existing case, Create Session, and Query Intel Indicators steps have a new optional parameter:

  • HTTPS proxy: Your HTTPS proxy URL. If you need to use a SOCKS proxy, set the HTTPS proxy environment variable to `socks5://...`.

The Get Recon Notification, Add alerts as evidence, and Get case IDs matching a query steps have several new optional parameters:

  • Max retries: The maximum number of times a step will be retried. By default (-1), the step will keep retrying for up to 50 seconds.

  • HTTPS proxy: Your HTTPS proxy URL. If you need to use a SOCKS proxy, set the HTTPS proxy environment variable to `socks5://...`.

  • Retry delay: Initial delay before retry attempts in seconds, exponential backoff calculation will be applied over this value.

  • Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.

The Contact FC About a Detection step has several new optional parameters:

  • Retry delay: Initial delay before retry attempts in seconds, exponential backoff calculation will be applied over this value.

  • HTTPS proxy: Your HTTPS proxy URL. If you need to use a SOCKS proxy, set the HTTPS proxy environment variable to `socks5://...`.

  • Recon ID: The ID of the report whose details you wish to retrieve.

Reco

The List Alerts step has several new optional parameters:

  • Start index: The 1-based index of the first result to return. Used for paginating through the alert list.

  • Count: The maximum number of alerts to return in a single response.

  • Sort by: The attribute to sort the returned alerts by.

  • Sort order: The order in which to sort the results.

  • Filters: A SCIM v2 filter expression used to narrow the returned alerts based on attribute values.

SailPoint

Several new steps were added to the SailPoint integration:

  • Get a Source

  • Get a Campaign

  • List Access Requests

  • List All Sources

  • Download Violation Report

  • List Access Profile Entitlements

  • Search Tenant

  • Cancel Access Request

  • List Certification Reviewers

  • List Entitlements

  • Activate a Campaign

  • List Schemas for a Source

  • Test Source Connection

  • List Work Items​

Torq Cases

Several new steps were added to the Torq Cases integration:

  • Map custom fields to event details

  • Update case MITRE ATT&CK

  • Update case event details

Related Articles
Britive
ServiceNow
Creating Custom Steps in Torq: Automate Anything
Urlscan.io
Qualys
Did this answer your question?