Covalence Managed Security
Covalence Managed Security Pack.#
This Integration is part of theTriggers by triaged alerts from endpoint, cloud, and network security monitoring. Contains event details and easy-to-follow mitigation steps. This integration was integrated and tested with version 3.0 of Covalence Managed Security
#
Configure Covalence Managed Security on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Covalence Managed Security.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Credentials True Password True Use system proxy settings False First run time range When fetching incidents for the first time, this parameter specifies in days how far the integration looks for incidents. For instance if set to "2", it will pull all alerts in Covalence for the last 2 days and will create corresponding incidents. False Incident type False Fetch incidents False First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) False None False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
cov-mgsec-get-aroQuery FES Portal for ARO
#
Base Commandcov-mgsec-get-aro
#
InputArgument Name | Description | Required |
---|---|---|
details | if details=true, will return the complete response from Covalence API. | Optional |
query | Portal query, for example: "resolution=Unresolved&type=Recommendation" Available Keys to filter on: - id; eg: "id=<ARO_id> - status; eg: "status=In Triage" or "status=Open" or "status=Closed" - resolution; eg: "resolution=Unresolved" or "resolution=Resolved" or "resolution=Help Requested" or "resolution=Dismissed" - type; eg: "type=Action" or "type=Recommendation" or "type=Observation" - org; eg: "org=<organization_name>" - since; eg: "since=2021-01-31 14:00:00" - until; eg: "until=2021-01-31 14:00:00". | Required |
#
Context OutputPath | Type | Description |
---|---|---|
FESPortal.Aro.ID | String | ID |
FESPortal.Aro.alert_key | String | Alert_key |
FESPortal.Aro.analyst_notes | String | Analyst_notes |
FESPortal.Aro.count | Number | Count |
FESPortal.Aro.creation_time | Date | Creation_time |
FESPortal.Aro.details | String | Details |
FESPortal.Aro.details_markdown | String | Details_markdown |
FESPortal.Aro.display_url | String | Display_url |
FESPortal.Aro.external_bug_id | String | External_bug_id |
FESPortal.Aro.last_updated_time | Date | Last_updated_time |
FESPortal.Aro.notes | String | Notes |
FESPortal.Aro.organization.ID | String | ID |
FESPortal.Aro.organization.email | String | |
FESPortal.Aro.organization.name | String | Name |
FESPortal.Aro.resolution | String | Resolution |
FESPortal.Aro.serial_id | String | Serial_id |
FESPortal.Aro.severity | String | Severity |
FESPortal.Aro.status | String | Status |
FESPortal.Aro.steps.ID | String | ID |
FESPortal.Aro.steps.completed | Boolean | Completed |
FESPortal.Aro.steps.label | String | Label |
FESPortal.Aro.steps.last_updated_time | Date | Last_updated_time |
FESPortal.Aro.template_id | String | Template_id |
FESPortal.Aro.title | String | Title |
FESPortal.Aro.triage_id | String | Triage_id |
FESPortal.Aro.type | String | Type |
#
Command Example!cov-mgsec-get-aro query="resolution=Unresolved"
#
Context Example#
Human Readable Output#
AROs
Organization Resolution Severity Status Title Type ID: 9d4297ea-089e-42bd-884d-51744e31a471
email: foo@bar.com
name: AcmeUnresolved Critical Open test2 Action ID: e0e04c8b-d50c-4379-bfd6-5e0f2b1037cd
email: foo@bar.com
name: Capsule CorpUnresolved High Open Vulnerable Software Detected Recommendation
#
cov-mgsec-list-orgList organizations
#
Base Commandcov-mgsec-list-org
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
FESPortal.Org.ID | String | ID |
FESPortal.Org.email | String | |
FESPortal.Org.email_aro_details | Boolean | Email_aro_details |
FESPortal.Org.name | String | Name |
#
Command Example!cov-mgsec-list-org
#
Context Example#
Human Readable Output#
Organizations
Id Email Aro Details Name 9d4297ea-089e-42bd-884d-51744e31a471 foo@bar.com false Acme e0e04c8b-d50c-4379-bfd6-5e0f2b1037cd foo@bar.com false Capsule Corp