diff --git a/_shared_content/automate/library/aws.md b/_shared_content/automate/library/aws.md index 551f0f2bc4..51e80c543a 100644 --- a/_shared_content/automate/library/aws.md +++ b/_shared_content/automate/library/aws.md @@ -65,4 +65,4 @@ Get the last records from FlowLog (deprecated in flavor of Fetch new logs on S3) ## Extra -Module **`AWS` v1.31.6** \ No newline at end of file +Module **`AWS` v1.32.2** \ No newline at end of file diff --git a/_shared_content/automate/library/crowdstrike-falcon.md b/_shared_content/automate/library/crowdstrike-falcon.md index b9d1ab5358..1c9aaf450f 100644 --- a/_shared_content/automate/library/crowdstrike-falcon.md +++ b/_shared_content/automate/library/crowdstrike-falcon.md @@ -18,6 +18,28 @@ Integrates with CrowdStrike Falcon EDR ## Actions +### Add new comment to alert + +Appends a new comment to any existing comments for the specified alerts. + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `ids` | `array` | List of alert IDs to apply action to. | +| `comment` | `string` | New comment to add to the alert. | + +### Update alert status + +Update the status for the specified alerts.. + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `ids` | `array` | List of alert IDs to apply action to. | +| `new_status` | `string` | The new status to apply to the alerts. | + ### Block IOC Block the provided IOC @@ -86,4 +108,4 @@ Enable detections on the provided IOCs: md5 / sha256 file hashes, IPv4/v6 addres ## Extra -Module **`CrowdStrike Falcon` v1.21.0** \ No newline at end of file +Module **`CrowdStrike Falcon` v1.22.0** \ No newline at end of file diff --git a/_shared_content/automate/library/google.md b/_shared_content/automate/library/google.md index ee0e57dc62..baeb6bfb31 100644 --- a/_shared_content/automate/library/google.md +++ b/_shared_content/automate/library/google.md @@ -37,4 +37,4 @@ Execute the given query and return the results ## Extra -Module **`Google` v1.20.9** \ No newline at end of file +Module **`Google` v1.21.3** \ No newline at end of file diff --git a/_shared_content/automate/library/harfanglab.md b/_shared_content/automate/library/harfanglab.md index a742b1fcce..a47b65743f 100644 --- a/_shared_content/automate/library/harfanglab.md +++ b/_shared_content/automate/library/harfanglab.md @@ -17,6 +17,50 @@ HarfangLab is an Endpoint detection and response (EDR) solution certified by ANS ## Actions +### Add comment to Threat + +Add comment to Threat + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `id` | `string` | Threat IDs | +| `comment` | `string` | Comment to add | + +### Create IOCs + +Create IOCs + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `stix_objects_path` | `string` | Filepath of the STIX objects fetched from the collection | +| `sekoia_base_url` | `string` | [Optional] Sekoia base url, used to generate direct links to IOCs | +| `source_id` | `string` | Source ID | +| `block_on_agent` | `boolean` | Block on agent | +| `quarantine_on_agent` | `boolean` | Quarantine on agent | +| `detect_on_agent` | `boolean` | Endpoint detection | + +### Download File from Endpoint + +Download an arbitrary file from an HarfangLab endpoint + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `id` | `string` | Identifier of the endpoint agent | +| `path` | `string` | Absolute path to the file to download from the endpoint | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `path` | `string` | Downloaded file's path | + ### Deisolate an agent Deisolate an agent @@ -152,7 +196,19 @@ Get the list of processes on the systems | `creationtime` | `string` | Creation date of the job | | `parameters` | `object` | Parameters of the job | +### Update Threat status + +Update Threat status + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `threat_ids` | `array` | Threats IDs | +| `new_status` | `string` | New status | +| `update_by_query` | `boolean` | Update by query | + ## Extra -Module **`HarfangLab` v1.23.1** \ No newline at end of file +Module **`HarfangLab` v1.24.0** \ No newline at end of file diff --git a/_shared_content/automate/library/microsoft-active-directory.md b/_shared_content/automate/library/microsoft-active-directory.md index f33926baa0..a24dad9c2e 100644 --- a/_shared_content/automate/library/microsoft-active-directory.md +++ b/_shared_content/automate/library/microsoft-active-directory.md @@ -52,7 +52,26 @@ Reset a user's password. You will need a strong password for that otherwise enab | `basedn` | `string` | The starting point an LDAP server uses when searching for users authentication within your Directory. (e.g DC=example-domain,DC=com) | | `new_password` | `string` | New password, required to reset the old one of course. | +### Search in AD + +Search in AD + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `search_filter` | `string` | LDAP filter to run your query on see https://ldap3.readthedocs.io/en/latest/searches.html#the-ldap-filter) | +| `basedn` | `string` | The starting point an LDAP server uses when searching for users authentication within your Directory. (e.g DC=example-domain,DC=com) | +| `attributes` | `` | Attributes you want to retrieve (default will be ALL) | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `search_result` | `array` | | + ## Extra -Module **`Microsoft Active Directory` v1.3.0** \ No newline at end of file +Module **`Microsoft Active Directory` v1.3.7** \ No newline at end of file diff --git a/_shared_content/automate/library/microsoft-entra-id.md b/_shared_content/automate/library/microsoft-entra-id.md index ecf3143384..d8927fee0f 100644 --- a/_shared_content/automate/library/microsoft-entra-id.md +++ b/_shared_content/automate/library/microsoft-entra-id.md @@ -146,4 +146,4 @@ Invalidates all the refresh tokens issued to applications for a user. Requires t ## Extra -Module **`Microsoft Entra ID` v2.8.4** \ No newline at end of file +Module **`Microsoft Entra ID` v2.8.5** \ No newline at end of file diff --git a/_shared_content/automate/library/sekoia-io.md b/_shared_content/automate/library/sekoia-io.md index b70e63e3f7..b018695815 100644 --- a/_shared_content/automate/library/sekoia-io.md +++ b/_shared_content/automate/library/sekoia-io.md @@ -307,6 +307,26 @@ Adds a key to an asset | `uuid` | `string` | | | `name` | `string` | | +### Merge Assets + +Merge a list of assets into a targeted asset + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `destination` | `string` | | +| `sources` | `array` | | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `status_code` | `integer` | | +| `headers` | `object` | | +| `text` | `string` | | + ### Attach Alerts to Case Attach one or more alerts to a specific case @@ -453,6 +473,64 @@ Create a new asset | `community_uuid` | `string` | | | `category` | `object` | | +### Create Asset (V2) + +Create a new asset + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `uuid` | `` | | +| `community_uuid` | `string` | | +| `entity_uuid` | `` | | +| `name` | `string` | | +| `description` | `string` | | +| `type` | `string` | | +| `category` | `['string', 'null']` | | +| `criticality` | `integer` | | +| `props` | `['object', 'null']` | Attach contextual properties | +| `atoms` | `['object', 'null']` | Attach detection properties | +| `tags` | `array` | | +| `reviewed` | `boolean` | Mark the asset as reviewed | +| `source` | `string` | | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `uuid` | `string` | The identifier of the asset | +| `entity_uuid` | `` | | +| `community_uuid` | `string` | The community of the asset | +| `name` | `string` | The name of the asset | +| `type` | `string` | The type of the asset | +| `category` | `['object', 'string', 'null']` | The category of the asset | +| `criticality` | `['integer', 'null']` | | +| `created_at` | `` | The creation date of the asset | +| `created_by` | `` | | +| `created_by_type` | `['string', 'null']` | | +| `updated_at` | `` | The modification date of the asset | +| `first_seen` | `` | | +| `last_seen` | `` | | +| `nb_events` | `['integer', 'null']` | | +| `nb_alerts` | `['integer', 'null']` | | +| `nb_atoms` | `integer` | | +| `atoms` | `['object', 'null']` | | +| `props` | `['object', 'null']` | | +| `tags` | `array` | | +| `revoked` | `boolean` | | +| `revoked_at` | `` | | +| `revoked_by` | `` | | +| `reviewed` | `boolean` | | +| `reviewed_at` | `` | | +| `reviewed_by` | `` | | +| `source` | `string` | | +| `rule_uuid` | `` | | +| `rule_version` | `['string', 'null']` | | +| `criticity` | `['object', 'null']` | The criticality of the asset | +| `asset_type` | `['object', 'null']` | The type of the asset | + ### Delete rule Delete a rule @@ -474,6 +552,52 @@ Delete the requested asset | --------- | ------- | --------------------------- | | `uuid` | `string` | The identifier of the asset | +### Delete an asset (V2) + +Delete the requested asset + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `uuid` | `string` | The identifier of the asset | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `uuid` | `string` | The identifier of the asset | +| `entity_uuid` | `` | | +| `community_uuid` | `string` | The community of the asset | +| `name` | `string` | The name of the asset | +| `type` | `string` | The type of the asset | +| `category` | `['object', 'string', 'null']` | The category of the asset | +| `criticality` | `['integer', 'null']` | | +| `created_at` | `` | The creation date of the asset | +| `created_by` | `` | | +| `created_by_type` | `['string', 'null']` | | +| `updated_at` | `` | The modification date of the asset | +| `first_seen` | `` | | +| `last_seen` | `` | | +| `nb_events` | `['integer', 'null']` | | +| `nb_alerts` | `['integer', 'null']` | | +| `nb_atoms` | `integer` | | +| `atoms` | `['object', 'null']` | | +| `props` | `['object', 'null']` | | +| `tags` | `array` | | +| `revoked` | `boolean` | | +| `revoked_at` | `` | | +| `revoked_by` | `` | | +| `reviewed` | `boolean` | | +| `reviewed_at` | `` | | +| `reviewed_by` | `` | | +| `source` | `string` | | +| `rule_uuid` | `` | | +| `rule_version` | `['string', 'null']` | | +| `criticity` | `['object', 'null']` | The criticality of the asset | +| `asset_type` | `['object', 'null']` | The type of the asset | + ### Deny Countermeasure Mark as denied a countermeasure @@ -1004,6 +1128,37 @@ Return a list of assets according to the filters | `direction` | `string` | The direction to sort the list | +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `items` | `array` | | +| `total` | `integer` | | + +### List Assets (V2) + +Return a list of assets according to the filters + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `search` | `['string', 'null']` | Search assets by name | +| `uuids` | `` | Filter by comma-separated list of asset UUIDs | +| `community_uuids` | `` | Filter by comma-separated list of community UUIDs | +| `type` | `` | Filter by comma-separated list of asset types | +| `category` | `` | Filter by comma-separated list of asset categories | +| `source` | `` | Filter by comma-separated list of asset sources | +| `reviewed` | `['boolean', 'null']` | Filter reviewed assets only | +| `criticality` | `['integer', 'null']` | Filter assets with higher criticality | +| `sort` | `` | Sort criterion | +| `direction` | `` | Sort order | +| `rule_uuid` | `` | Rule Uuid | +| `rule_version` | `` | Rule Version | +| `offset` | `integer` | The position of the first asset to return | +| `limit` | `integer` | The number of assets to return | + + **Outputs** | Name | Type | Description | @@ -1210,6 +1365,73 @@ Return an asset according its identifier | `community_uuid` | `string` | | | `category` | `object` | | +### Get Asset (V2) + +Return an asset according to its identifier + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `uuid` | `string` | The identifier of the asset | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `uuid` | `string` | The identifier of the asset | +| `entity_uuid` | `` | | +| `community_uuid` | `string` | The community of the asset | +| `name` | `string` | The name of the asset | +| `type` | `string` | The type of the asset | +| `category` | `['object', 'string', 'null']` | The category of the asset | +| `criticality` | `['integer', 'null']` | | +| `created_at` | `` | The creation date of the asset | +| `created_by` | `` | | +| `created_by_type` | `['string', 'null']` | | +| `updated_at` | `` | The modification date of the asset | +| `first_seen` | `` | | +| `last_seen` | `` | | +| `nb_events` | `['integer', 'null']` | | +| `nb_alerts` | `['integer', 'null']` | | +| `nb_atoms` | `integer` | | +| `atoms` | `['object', 'null']` | | +| `props` | `['object', 'null']` | | +| `tags` | `array` | | +| `revoked` | `boolean` | | +| `revoked_at` | `` | | +| `revoked_by` | `` | | +| `reviewed` | `boolean` | | +| `reviewed_at` | `` | | +| `reviewed_by` | `` | | +| `source` | `string` | | +| `rule_uuid` | `` | | +| `rule_version` | `['string', 'null']` | | +| `criticity` | `['object', 'null']` | The criticality of the asset | +| `asset_type` | `['object', 'null']` | The type of the asset | + +### Synchronize Assets with AD + +Create, merge and edit asset to synchronize asset with ad + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `community_uuid` | `string` | | +| `user_ad_data` | `object` | | +| `asset_synchronization_configuration` | `object` | | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `found_assets` | `object` | | +| `created_asset` | `boolean` | | +| `destination_asset` | `string` | | + ### Update Alert Status Triggers an action on an alert to update its status @@ -1309,4 +1531,4 @@ Update a rule ## Extra -Module **`Sekoia.io` v2.64.4** \ No newline at end of file +Module **`Sekoia.io` v2.65.4** \ No newline at end of file diff --git a/_shared_content/automate/library/sentinelone.md b/_shared_content/automate/library/sentinelone.md index bee218ca93..4189910c84 100644 --- a/_shared_content/automate/library/sentinelone.md +++ b/_shared_content/automate/library/sentinelone.md @@ -29,6 +29,13 @@ Push IOCs in the Threat Intelligence API of SentinelOne | `stix_objects_path` | `string` | Filepath of the STIX objects fetched from the collection | | `filters` | `object` | Filter where to add iocs | + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `indicators` | `array` | All indicators pushed | + ### Create Threat Note Create a threat note in SentinelOne @@ -199,4 +206,4 @@ Update a threat incident in SentinelOne ## Extra -Module **`SentinelOne` v1.18.5** \ No newline at end of file +Module **`SentinelOne` v1.18.6** \ No newline at end of file diff --git a/_shared_content/automate/library/shodan.md b/_shared_content/automate/library/shodan.md index 0f2cb5b17a..8f4389aa7e 100644 --- a/_shared_content/automate/library/shodan.md +++ b/_shared_content/automate/library/shodan.md @@ -134,4 +134,4 @@ Search Shodan using the same query syntax as the website and use facets to get s ## Extra -Module **`Shodan` v1.25.0** \ No newline at end of file +Module **`Shodan` v1.26.1** \ No newline at end of file diff --git a/_shared_content/automate/library/sophos.md b/_shared_content/automate/library/sophos.md index 009d2ca345..8acc2c9a58 100644 --- a/_shared_content/automate/library/sophos.md +++ b/_shared_content/automate/library/sophos.md @@ -52,4 +52,4 @@ Turn on endpoint isolation ## Extra -Module **`Sophos` v1.17.1** \ No newline at end of file +Module **`Sophos` v1.17.2** \ No newline at end of file diff --git a/_shared_content/automate/library/utils.md b/_shared_content/automate/library/utils.md index 8843aae90c..8dd951f1eb 100644 --- a/_shared_content/automate/library/utils.md +++ b/_shared_content/automate/library/utils.md @@ -59,6 +59,26 @@ Read the XML file and return its content evaluated against specified xpath | `output` | `object` | Content read from file | | `output_path` | `object` | Path to the file with the content | +### GroupBy + +GroupBy + +**Arguments** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `group_key` | `string` | GroupBy element by value for a specific key | +| `filter_key` | `string` | GroupBy element with filter for a specific key | +| `filter_value` | `string` | GroupBy element with a filter for a specific value on a specific key | +| `input` | `array` | Input Data to sort | + + +**Outputs** + +| Name | Type | Description | +| --------- | ------- | --------------------------- | +| `results` | `array` | | + ### Password Generator Generate a password securely based on specified parameters @@ -109,4 +129,4 @@ Wait ## Extra -Module **`Utils` v1.4.0** \ No newline at end of file +Module **`Utils` v1.4.3** \ No newline at end of file diff --git a/_shared_content/automate/library/withsecure.md b/_shared_content/automate/library/withsecure.md index a507113abd..facb915f6c 100644 --- a/_shared_content/automate/library/withsecure.md +++ b/_shared_content/automate/library/withsecure.md @@ -206,4 +206,4 @@ Update status on Incident. ## Extra -Module **`WithSecure` v2.16.0** \ No newline at end of file +Module **`WithSecure` v2.16.1** \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 14afb84c21..69d21d3368 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -29,10 +29,6 @@ markdown_extensions: - markdown_include.include - pymdownx.snippets - plugins.custom_lightgallery -validation: - omitted_files: ignore - links: - absolute_links: relative_to_docs nav: - Getting started: - Overview: getting_started/index.md @@ -215,6 +211,7 @@ nav: - Operators: tip/features/automate/operators.md - Actions: tip/features/automate/actions.md - Actions Library: + - Overview: tip/features/automate/library/overview.md - Applicative: - Mandrill: tip/features/automate/library/mandrill.md - Mattermost: tip/features/automate/library/mattermost.md @@ -229,11 +226,10 @@ nav: - ServiceNow: tip/features/automate/library/servicenow.md - The Hive: tip/features/automate/library/the-hive.md - The Hive V5: tip/features/automate/library/the-hive-v5.md - - Email: - - Vade Secure: tip/features/automate/library/vade-secure.md - Endpoint: - CrowdStrike Falcon: tip/features/automate/library/crowdstrike-falcon.md - HarfangLab: tip/features/automate/library/harfanglab.md + - MicrosoftDefender: tip/features/automate/library/microsoftdefender.md - Panda Security: tip/features/automate/library/panda-security.md - SentinelOne: tip/features/automate/library/sentinelone.md - Sophos: tip/features/automate/library/sophos.md @@ -250,7 +246,6 @@ nav: - Network: - Fortigate Firewalls: tip/features/automate/library/fortigate-firewalls.md - Zscaler: tip/features/automate/library/zscaler.md - - Overview: tip/features/automate/library/overview.md - Threat Intelligence: - BinaryEdge's API: tip/features/automate/library/binaryedge-s-api.md - Censys: tip/features/automate/library/censys.md @@ -485,6 +480,7 @@ nav: - WatchGuard Firebox: integration/categories/network_security/watchguard_firebox.md - Zscaler Internet Access: integration/categories/network_security/zscaler_zia.md - List of Playbooks Actions: + - Overview: integration/action_library/overview.md - Applicative: - Mandrill: integration/action_library/mandrill.md - Mattermost: integration/action_library/mattermost.md @@ -499,12 +495,10 @@ nav: - ServiceNow: integration/action_library/servicenow.md - The Hive: integration/action_library/the-hive.md - The Hive V5: integration/action_library/the-hive-v5.md - - Email: - - Vade Secure: integration/action_library/vade-secure.md - Endpoint: - CrowdStrike Falcon: integration/action_library/crowdstrike-falcon.md - HarfangLab: integration/action_library/harfanglab.md - - Microsoft Defender: integration/action_library/microsoftdefender.md + - MicrosoftDefender: integration/action_library/microsoftdefender.md - Panda Security: integration/action_library/panda-security.md - SentinelOne: integration/action_library/sentinelone.md - Sophos: integration/action_library/sophos.md @@ -521,7 +515,6 @@ nav: - Network: - Fortigate Firewalls: integration/action_library/fortigate-firewalls.md - Zscaler: integration/action_library/zscaler.md - - Overview: integration/action_library/overview.md - Threat Intelligence: - BinaryEdge's API: integration/action_library/binaryedge-s-api.md - Censys: integration/action_library/censys.md @@ -824,3 +817,7 @@ theme: logo: assets/sekoiaio.svg name: material search_index_only: false +validation: + links: + absolute_links: relative_to_docs + omitted_files: ignore