- Cisco Umbrella
- Cisco Secure Endpoint
- Cisco SecureX
- Cisco Secure Malware Analytics
- Cisco Webex
- Cisco Secure Email
- TheHive
- NumVerify
- YouTube
- Notes
- Cisco-Umbrella-Get-Last-security-event-Table link
- Get Security event from Cisco Umbrella Reporting API from a starting date (input variable)
- Output :
- Table with Category, Hostname, Obsevable
- Last event date
- Raw json output
-
Cisco-Secure-EP-Get-critical-cloud-IOC Link*
- Get Cisco Secure EP detection events (filter on eventid) from a starting date (input variable)
- Output :
- Table with Event Description, Target Endpoint Hostname, Observable
- Last event date
- Raw json output
- Output :
- Get Cisco Secure EP detection events (filter on eventid) from a starting date (input variable)
-
Secure-EP-Get-Cloud-IOCs-Full-List Link
- Query Cisco Secure Endpoint to get the full list of available Talos Cloud IOCs
- Output :
- IOCs List with name/id and description (Table And/Or Json format)
- Output :
- Query Cisco Secure Endpoint to get the full list of available Talos Cloud IOCs
-
Secure-EP-Get-SCD-List Link
- Get Cisco Secure Endpoint configured Simple Custom Detection Lists*
- Input :
- Output Table Enable : True/False
- Output :
- Json Output
- Table with GUID and name if set to true
- Input :
- Get Cisco Secure Endpoint configured Simple Custom Detection Lists*
-
Secure-EP-Add-Hash-To-SCD Link
- Add a hash to a simple custom detection list
- Input :
- Observable Type and value
- SCD GUID
- Description
- Input :
- Add a hash to a simple custom detection list
-
Secure-EP-Remove-Hash-from-SCD Link
- Remove a hash from a simple custom detection list
- Input :
- Observable Type and value
- SCD GUID
- Input :
- Remove a hash from a simple custom detection list
-
Securee-EP-Get-Inbox Link
- Get Endpoints in Inbox (Unresolved)
- Input :
- Table Output Enable true/false
- Output : ** Json and Table with hostname and guid(if enable)
- Input :
- Get Endpoints in Inbox (Unresolved)
-
CTR-Get Incident DetailsLink
- Get content of an Incident ID in SecureX (private CTIA)
- Output :
- Raw Json result
- Output :
- Get content of an Incident ID in SecureX (private CTIA)
-
CTR Update Incident Link*
- Update an existing incident in SecureX
- Input :
- Field to Update
- New value
- Incident ID
- Input :
- Update an existing incident in SecureX
-
SX-TR-Post-Judgement-to-private-Intelligence Link
- Post a judgement about an observable in your SecureX Private Intelligence
- Input :
- Observable Type and Value
- Disposition Name and Number
- Reasons
- Expiration delay in days
- Input :
- Post a judgement about an observable in your SecureX Private Intelligence
-
Core-Get-List-Table-with-unique-Values Link
- From a list of multiple values, get a list or/and a table with only unique values
- Input :
- Input json
- Column wanted from input json
- Output Tables : True/False
- Output :
- List of unique value
- Table with unique value if set to True
- Input :
- From a list of multiple values, get a list or/and a table with only unique values
- Cisco-Malware-Analytics-TG-Collect-Feed Link
- Collect Curated Hourly Feeds from Threat Grid Cloud
- Input :
- Feed Name and Format
- Output Table Enable : True/False
- Output :
- Raw feed in selected format
- Table with parsed data if enable and format JSON
- Input :
- Collect Curated Hourly Feeds from Threat Grid Cloud
-
Webex-Teams-Send-Simple-Adaptive-Card Link *
- Deprecated version - incorrect field label - maintain for compatibility with existing workflow*
- Send a pre-formated adaptive Card in Cisco Webex
- Input :
- Button Action Link
- Image URL : Url link for the Image/Logo
- Notification Type
- Text 2 : Message title
- Text 1 : Message Text - part 1
- Title : Message Text - part 2
- Room ID and Webex Token
- Input :
-
Webex-Teams-Send-Simple-Adaptive-Card-V2 Link *
- Send a pre-formated adaptive Card in Cisco Webex
- Input :
- Button Text
- Button Action Link
- Image/Logo URL
- Notification Type
- Message Title
- Message Text
- Room ID and Webex Token
- Input :
- Send a pre-formated adaptive Card in Cisco Webex
- Cisco-Secure-Email-Get-Verdict-Update Link
- Query Cisco Secure Email (ESA/CES) for the last X hour(s) AMP File Verdict Update
- Input :
- Delay (in hour, min 1)
- Secure Email JWT Token
- Output Table enable : True/False
- Output :
- Full Json output
- Table with hash if enable
- Input :
- Query Cisco Secure Email (ESA/CES) for the last X hour(s) AMP File Verdict Update
-
Create Incident Link
- Create an incident in TheHive
- Input :
- Title
- Description
- Observable type and value
- Output :
- TheHive Case ID
- Input :
- Create an incident in TheHive
-
TheHive - add Observables to TheHive Case 🐝 Link
- Update an existing incident in TheHive with a new observable
- Input :
- Observable Type and Value
- TheHive Case ID
- Input :
- Update an existing incident in TheHive with a new observable
- (Atomic-NumVerify-ValidatePhoneNumber Link
- Verify a phone number using NumVerify
- Input :
- Phone number with country code (ex : 33612121212 for the french mobile number +33 (0) 612 121 212)
- output :
- Valid, Carrier, Line Type, Country
- Input :
- Verify a phone number using NumVerify
- Search a video
- Search on youtube video based on a keyword
- Input :
- Keyword
- Output :
- Video Title and Video ID
- Input :
- Search on youtube video based on a keyword
- Please test this properly before implementing in a production environment.
Authors : Ivan Berlinson, Sven Kutzer (Cisco)