appNovi
AppNovi Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
Search across meshed network, security, and business data in appNovi to make efficient informed security decisions for risk management and incident response. Gain immediate intelligence on assets, visualize risk and threats across your network, and undertake interactive investigations across the network to reduce MTTR for incident response.
This integration was integrated and tested with appNovi v2.0
#
Configure appNovi in CortexParameter | Description | Required |
---|---|---|
Full URL of appNovi instance API. | True | |
API Token | appNovi token URL for authentication | True |
Trust any certificate (not secure) | False | |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
search-appnovi-componentsSearch for Components by name or value
#
Base Commandsearch-appnovi-components
#
InputArgument Name | Description | Required |
---|---|---|
search_term | The string to use to search for Components. | Required |
max_results | Number of results. Default is 25. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
appnovi.components.name | String | Name of thing |
appnovi.components.coll | String | Collection containing thing |
appnovi.components.u._id | String | appNovi Database ID. |
appnovi.components.u._key | String | appNovi Database Key. |
appnovi.components.u.identity.company | String | Company ID |
appnovi.components.u.identity.type | String | Thing type |
appnovi.components.u.identity.value | String | Thing name |
appnovi.components.u.identity.datacenter | String | Datacenter ID |
appnovi.components.u.identity.domain | String | Domain ID |
appnovi.components.u.lastSeen | Date | Time thing was last seen. |
appnovi.components.u.source | Date | This is information about the source of the entity. |
appnovi.components.u.userProperties | String | These are the custom properties of the entity. |
appnovi.components.connections | Number | Number of connections. |
appnovi.time | Number | Query time (for diagnostics) |
#
search-appnovi-connectedSearch for Components connected to supplied identity
#
Base Commandsearch-appnovi-connected
#
InputArgument Name | Description | Required |
---|---|---|
identity | appNovi identifier key-value or use key "_id" when searching via appNovi ID. | Required |
category | Optional category of components to return. Possible values are: BaseComponent, Identity, IPAddress, Interface, Server, Storage, Hypervisor, CloudInfra, CloudService, NetworkInfra, Cluster, Container, MessageQueue, Vulnerability, CVE, Employee, Client, Software, Policy, Databases. | Optional |
type | Optional type of components to return. Possible values are: genericcomponent, genericmetadata, rdns, user, machine, iamrole, iamuser, ip, ipv4, ipv6, mac, eni, interface, vmwarevm, ec2, azurevm, vm, server, physical, s3, datastore, bucket, storage, esx, vcenter, hypervisor, vpc, subscription, account, resourcegroup, region, availabilityzone, autoscalinggroup, elasticloadbalancer, org, folder, project, vnet, rds, ecr, lambda, redshift, dynamodbtable, router, firewall, switch, loadbalancer, proxy, middleware, kubernetes, aks, eks, swarm, mesos, nomad, docker, containerd, messagetopic, messageserver, vulnerability, cve, employee, contractor, desktop, laptop, pc, vdi, mobile, client, software, ami, securitygroup, iampolicy, column, database, table, view. | Optional |
max_results | Number of results. Default is 25. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
appnovi._key | String | appNovi database key |
appnovi._id | String | appNovi database ID. |
appnovi.category | String | appNovi Category (e.g. Interface, Server) |
appnovi.firstSeen | Date | When was this Thing first seen? |
appnovi.identity.company | String | Company ID |
appnovi.identity.datacenter | String | Datacenter ID |
appnovi.identity.domain | String | Domain ID |
appnovi.identity.type | String | Thing type |
appnovi.identity.value | String | Identity value |
appnovi.lastSeen | Date | Last time thing was seen |
appnovi.name | String | Name of entity. |
appnovi.source | Unknown | This is information about the source of the entity. |
appnovi.userProperties | String | These are the custom properties of the entity. |
appnovi.applications | String | List of applications |
#
search-appnovi-cveSearch for servers with matching CVE
#
Base Commandsearch-appnovi-cve
#
InputArgument Name | Description | Required |
---|---|---|
cve | CVE e.g. "CVE-2017-0143". | Required |
#
Context OutputPath | Type | Description |
---|---|---|
appnovi._key | String | appNovi database key |
appnovi._id | String | appNovi database ID. |
appnovi.category | String | appNovi Category (e.g. Interface, Server) |
appnovi.firstSeen | Date | When was this Thing first seen? |
appnovi.identity.company | String | Company ID |
appnovi.identity.datacenter | String | Datacenter ID |
appnovi.identity.domain | String | Domain ID |
appnovi.identity.type | String | Thing type |
appnovi.identity.value | String | Identity value |
appnovi.lastSeen | Date | Last time thing was seen |
appnovi.name | String | Name of entity. |
appnovi.source | Unknown | This is information about the source of the entity. |
appnovi.userProperties | String | These are the custom properties of the entity. |
appnovi.applications | String | List of applications |
#
search-appnovi-component-propertySearch for Components by property and value
#
Base Commandsearch-appnovi-component-property
#
InputArgument Name | Description | Required |
---|---|---|
property | Name of property. | Required |
value | Value of property. | Required |
max_results | Number of results. Default is 25. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
appnovi.components.name | String | Name of thing |
appnovi.components.coll | String | Collection containing thing |
appnovi.components.u._id | String | appNovi Database ID. |
appnovi.components.u._key | String | appNovi Database Key. |
appnovi.components.u.identity.company | String | Company ID |
appnovi.components.u.identity.type | String | Thing type |
appnovi.components.u.identity.value | String | Thing name |
appnovi.components.u.identity.datacenter | String | Datacenter ID |
appnovi.components.u.identity.domain | String | Domain ID |
appnovi.components.u.lastSeen | Date | Time thing was last seen. |
appnovi.components.u.source | Date | This is information about the source of the entity. |
appnovi.components.u.userProperties | String | These are the custom properties of the entity. |
appnovi.components.connections | Number | Number of connections. |
appnovi.time | Number | Query time (for diagnostics) |
#
search-appnovi-server-by-ipSearch for servers using IP address
#
Base Commandsearch-appnovi-server-by-ip
#
InputArgument Name | Description | Required |
---|---|---|
ip | Server IP to search. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
appnovi._key | String | appNovi database key |
appnovi._id | String | appNovi database ID. |
appnovi.category | String | appNovi Category (e.g. Interface, Server) |
appnovi.firstSeen | Date | When was this Thing first seen? |
appnovi.identity.company | String | Company ID |
appnovi.identity.datacenter | String | Datacenter ID |
appnovi.identity.domain | String | Domain ID |
appnovi.identity.type | String | Thing type |
appnovi.identity.value | String | Identity value |
appnovi.lastSeen | Date | Last time thing was seen |
appnovi.name | String | Name of entity. |
appnovi.source | Unknown | This is information about the source of the entity. |
appnovi.userProperties | String | These are the custom properties of the entity. |
appnovi.applications | String | List of applications |