Skip to main content

appNovi

This Integration is part of the AppNovi Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Search across meshed network, security, and business data in appNovi to make efficient informed security decisions for risk management and incident response. Gain immediate intelligence on assets, visualize risk and threats across your network, and undertake interactive investigations across the network to reduce MTTR for incident response.

This integration was integrated and tested with appNovi v2.0

Configure appNovi in Cortex#

ParameterDescriptionRequired
Full URL of appNovi instance API.True
API TokenappNovi token URL for authenticationTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

search-appnovi-components#


Search for Components by name or value

Base Command#

search-appnovi-components

Input#

Argument NameDescriptionRequired
search_termThe string to use to search for Components.Required
max_resultsNumber of results. Default is 25.Optional

Context Output#

PathTypeDescription
appnovi.components.nameStringName of thing
appnovi.components.collStringCollection containing thing
appnovi.components.u._idStringappNovi Database ID.
appnovi.components.u._keyStringappNovi Database Key.
appnovi.components.u.identity.companyStringCompany ID
appnovi.components.u.identity.typeStringThing type
appnovi.components.u.identity.valueStringThing name
appnovi.components.u.identity.datacenterStringDatacenter ID
appnovi.components.u.identity.domainStringDomain ID
appnovi.components.u.lastSeenDateTime thing was last seen.
appnovi.components.u.sourceDateThis is information about the source of the entity.
appnovi.components.u.userPropertiesStringThese are the custom properties of the entity.
appnovi.components.connectionsNumberNumber of connections.
appnovi.timeNumberQuery time (for diagnostics)

search-appnovi-connected#


Search for Components connected to supplied identity

Base Command#

search-appnovi-connected

Input#

Argument NameDescriptionRequired
identityappNovi identifier key-value or use key "_id" when searching via appNovi ID.Required
categoryOptional category of components to return. Possible values are: BaseComponent, Identity, IPAddress, Interface, Server, Storage, Hypervisor, CloudInfra, CloudService, NetworkInfra, Cluster, Container, MessageQueue, Vulnerability, CVE, Employee, Client, Software, Policy, Databases.Optional
typeOptional type of components to return. Possible values are: genericcomponent, genericmetadata, rdns, user, machine, iamrole, iamuser, ip, ipv4, ipv6, mac, eni, interface, vmwarevm, ec2, azurevm, vm, server, physical, s3, datastore, bucket, storage, esx, vcenter, hypervisor, vpc, subscription, account, resourcegroup, region, availabilityzone, autoscalinggroup, elasticloadbalancer, org, folder, project, vnet, rds, ecr, lambda, redshift, dynamodbtable, router, firewall, switch, loadbalancer, proxy, middleware, kubernetes, aks, eks, swarm, mesos, nomad, docker, containerd, messagetopic, messageserver, vulnerability, cve, employee, contractor, desktop, laptop, pc, vdi, mobile, client, software, ami, securitygroup, iampolicy, column, database, table, view.Optional
max_resultsNumber of results. Default is 25.Optional

Context Output#

PathTypeDescription
appnovi._keyStringappNovi database key
appnovi._idStringappNovi database ID.
appnovi.categoryStringappNovi Category (e.g. Interface, Server)
appnovi.firstSeenDateWhen was this Thing first seen?
appnovi.identity.companyStringCompany ID
appnovi.identity.datacenterStringDatacenter ID
appnovi.identity.domainStringDomain ID
appnovi.identity.typeStringThing type
appnovi.identity.valueStringIdentity value
appnovi.lastSeenDateLast time thing was seen
appnovi.nameStringName of entity.
appnovi.sourceUnknownThis is information about the source of the entity.
appnovi.userPropertiesStringThese are the custom properties of the entity.
appnovi.applicationsStringList of applications

search-appnovi-cve#


Search for servers with matching CVE

Base Command#

search-appnovi-cve

Input#

Argument NameDescriptionRequired
cveCVE e.g. "CVE-2017-0143".Required

Context Output#

PathTypeDescription
appnovi._keyStringappNovi database key
appnovi._idStringappNovi database ID.
appnovi.categoryStringappNovi Category (e.g. Interface, Server)
appnovi.firstSeenDateWhen was this Thing first seen?
appnovi.identity.companyStringCompany ID
appnovi.identity.datacenterStringDatacenter ID
appnovi.identity.domainStringDomain ID
appnovi.identity.typeStringThing type
appnovi.identity.valueStringIdentity value
appnovi.lastSeenDateLast time thing was seen
appnovi.nameStringName of entity.
appnovi.sourceUnknownThis is information about the source of the entity.
appnovi.userPropertiesStringThese are the custom properties of the entity.
appnovi.applicationsStringList of applications

search-appnovi-component-property#


Search for Components by property and value

Base Command#

search-appnovi-component-property

Input#

Argument NameDescriptionRequired
propertyName of property.Required
valueValue of property.Required
max_resultsNumber of results. Default is 25.Optional

Context Output#

PathTypeDescription
appnovi.components.nameStringName of thing
appnovi.components.collStringCollection containing thing
appnovi.components.u._idStringappNovi Database ID.
appnovi.components.u._keyStringappNovi Database Key.
appnovi.components.u.identity.companyStringCompany ID
appnovi.components.u.identity.typeStringThing type
appnovi.components.u.identity.valueStringThing name
appnovi.components.u.identity.datacenterStringDatacenter ID
appnovi.components.u.identity.domainStringDomain ID
appnovi.components.u.lastSeenDateTime thing was last seen.
appnovi.components.u.sourceDateThis is information about the source of the entity.
appnovi.components.u.userPropertiesStringThese are the custom properties of the entity.
appnovi.components.connectionsNumberNumber of connections.
appnovi.timeNumberQuery time (for diagnostics)

search-appnovi-server-by-ip#


Search for servers using IP address

Base Command#

search-appnovi-server-by-ip

Input#

Argument NameDescriptionRequired
ipServer IP to search.Required

Context Output#

PathTypeDescription
appnovi._keyStringappNovi database key
appnovi._idStringappNovi database ID.
appnovi.categoryStringappNovi Category (e.g. Interface, Server)
appnovi.firstSeenDateWhen was this Thing first seen?
appnovi.identity.companyStringCompany ID
appnovi.identity.datacenterStringDatacenter ID
appnovi.identity.domainStringDomain ID
appnovi.identity.typeStringThing type
appnovi.identity.valueStringIdentity value
appnovi.lastSeenDateLast time thing was seen
appnovi.nameStringName of entity.
appnovi.sourceUnknownThis is information about the source of the entity.
appnovi.userPropertiesStringThese are the custom properties of the entity.
appnovi.applicationsStringList of applications