We’ve added the following new integrations, steps, improvements, and templates:
Ansible Tower
Anvilogic
BitSight
Censys
Cisco Umbrella
CrowdStrike
Cybereason
DarkTrace
Duo
Extraction Utils
File Utils
Google Chronicle
Google Sheets
Google Workspace
Microsoft Excel
Microsoft OneDrive
Microsoft SharePoint
Palo Alto Networks PAN OS
PlanHat
Qualys
SentinelOne
Veriti
VMRay
Zammad
Zscaler Internet Access
New templates
Added the following templates to the template library.
Ansible Tower
The List Hosts and List Job Templates steps have a new optional parameter:
Skip SSL verification: If set, request will not verify SSL certificates. Where applicable, it might be better to provide a self-signed certificate using the
CUSTOM_CERTIFICATES_PEMparameter.
Anvilogic
A new Anvilogic steps integration is now available on the Integrations page.
The following steps are available:
Get Event Detail by Event IDs: Get an event or set of events based on the Event IDs.
Get Technique Priorities: Get a list of prioritized techniques defined for your organization.
Get Top EOI Summary: Retrieve the top EOIs during a time period.
Get EOIs Summary by Date Range: Retrieve EOIs between a specific date range with an optional include or exclude filter.
Get Event Summary by Event ID: Get the summary of an event or a set of events based on the event ID.
Get Threat Priorities: Get a list of all threat priorities defined in your organization.
BitSight
A new BitSight steps integration is now available on the Integrations page.
The following steps are available:
BitSight Search: Search for a company in the Bitsight inventory by name or domain.
Censys
A new Censys steps integration is now available on the Integrations page.
The following steps are available:
Search Hosts: Accepts queries for host or service attributes provided in the Censys Search Language and returns a list of matching hosts with some summary fields.
Cisco Umbrella
The List Destination Lists step has several new optional parameters:
LIMIT: Maximum number of results. Default value is 500.
ACCESS_TOKEN: Your Umbrella access token, as generated by the Generate Access Token step.
The Delete Destination List step has a new optional parameter:
ACCESS_TOKEN: Your Umbrella access token, as generated by the Generate Access Token step.
The Rename Destination List step has a new optional parameter:
ACCESS_TOKEN: Your Umbrella access token, as generated by the Generate Access Token step.
The List Destinations in Destination List step has a new optional parameter:
PAGE: Page number. Default value is *
The Add Destination to Destination List step has several new optional parameters:
DESTINATION_LIST_ID: The ID of the destination list from which you wish to remove a destination.
DESTINATION_ID: The destination to add to the destination list.
CrowdStrike
All steps have a new optional parameter:
Additional headers
Cybereason
All steps have a new optional parameter:
Additional headers
DarkTrace
A new DarkTrace steps integration is now available on the Integrations page.
The following steps are available:
List Models: Returns a list of all models that currently exist on the Threat
Visualizer, including custom models and de-activated models.List Devices: List of devices identified by DarkTrace or details of a specific device given a time window.
Get Device Summary: Get contextual information for a device, aggregated from /devices, /similardevices/, /modelbreaches, /deviceinfo, and /details.
Duo
A new step was added to the Duo integration:
Retrieve Phone Details: Returns a paged list of phones.
Extraction Utils
The Extract all using a regex group, Extract all using a regex pattern, and Extract first expression steps have a new optional parameter:
INPUT: The text we would like to search in. Can be a plain text, base64 encoded string or a remote file URL.
File Utils
The Add File to Zip Archive step has a new optional parameter:
PASSWORD: The password to use to unzip the file.
Google Chronicle
A new step was added to the Google Chronicle integration:
Get Log: Returns a single raw log given the UID for the event.
The List Events step has a new optional parameter:
Page size: Specify the maximum number of events to return. You can specify between 1 and 10,000. The default is 10,000.
Google Sheets
The List Spreadsheets step has a new optional parameter:
Next page token: The token for continuing a previous list request on the next page. This should be set to the value of 'nextPageToken' from the previous response.
Google Workspace
The List Account Groups step has a new optional parameter:
User identifier: Email or immutable ID of the user if only those groups are to be listed, the given user is a member of.
Microsoft Excel
A new step was added to the Microsoft Excel integration:
Update Range: Updates the contents of the specified range in the given Excel table. A range can be a number of rows and columns or just a single Cell. Use this step to update Excel spreadsheets which don't contain Tables.
Microsoft OneDrive
A new step was added to the Microsoft OneDrive integration:
Search Drive Items: Get a list of all items found in a specified drive by Drive ID.
The Search Items and Upload Item steps have several new optional parameters:
User group or site ID: The ID of the specified user, group, or site. Make sure to choose the matching value in the
Users groups or sitesfield.Users groups or sites: Choose between Users, Groups and Sites.
Additionally, the List Items and Upload Item steps have these new optional parameters:
Max retries: The maximum number of times a step will be retried. By default (-1), the step will keep retrying for up to 50 seconds.
Retry on status: If set, the step will automatically retry the request on the specified status codes. The maximum retry duration is 50 seconds.
Retry delay: Initial delay before retry attempts in seconds, exponential backoff calculation will be applied over this value.
Microsoft SharePoint
Several new steps were added to the Microsoft SharePoint integration:
Upload File to Sharepoint Drive: Uploads the given file to the specified location. This step supports small files only.
List subsites for a site: Get a collection of subsites defined for a site.
Palo Alto Networks PAN OS
A new step was added to the Palo Alto Networks PAN OS integration:
Edit Security Rule: Updates an existing security policy rule for a virtual system.
PlanHat
A new PlanHat steps integration is now available on the Integrations page.
The following steps are available:
Get Custom Fields: Retrieves a list of custom fields from PlanHat.
Qualys
A new step was added to the Qualys integration:
Fetch Vulnerability Scan Result: Download scan results when scan has status Finished, Canceled, Paused or Error.
SentinelOne
All steps have a new optional parameter:
Additional headers
Veriti
A new step was added to the Veriti integration:
Generate Access Token: Generates an access token for Veriti's steps.
The Insight Remediation step has several new optional parameters:
VERITI_API_KEY
VERITI_ACCESS_TOKEN: Veriti access token is generated by the 'Generate Access Token' step.
INSIGHT_UID: The Insight UID to be remediated can be found in the trigger event at path $.event.insightUid
VMRay
Several new steps were added to the VMRay integration:
Get Analysis Summary JSON v2: Download the analysis summary JSON v2 details.
Submit a URL Sample: Submit a URL to VMRay for Analysis.
Get Analysis by ID: Get Analysis details by ID
Zammad
A new step was added to the Zammad integration:
List Specific Article: Lists a specific article.
Zscaler Internet Access
Several new steps were added to the Zscaler Internet Access integration:
Get Sandbox Report: Retrieves a full (i.e., complete) or summary detail report for an MD5 hash of a file that was analyzed by ZIA Sandbox.
Get Custom MD5s Blocked by Sandbox Quota: Gets the used and unused quota for blocking MD5 file hashes with Sandbox.