Skip to main content

Digital Guardian

This Integration is part of the Digital Guardian Pack.#

#Digital Guardian ARC Watchlist Integration This integration was integrated and tested with version 2.11.0 of Digital Guardian ARC

Configure Digital Guardian in Cortex#

ParameterDescriptionRequired
auth_urlauth_urlTrue
arc_urlarc_urlTrue
insecureAllow Insecure HTTPSFalse
client_idclient_idTrue
client_secretclient_secretTrue
export_profileexport_profileTrue

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

digitalguardian-add-watchlist-entry#


Add Watchlist Entry

Base Command#

digitalguardian-add-watchlist-entry

Input#
Argument NameDescriptionRequired
watchlist_nameWatchlist NameRequired
watchlist_entryWatchlist EntryRequired
Context Output#

There is no context output for this command.

Command Example#

!digitalguardian-add-watchlist-entry watchlist_entry=playbook_test watchlist_name=atac_test

Context Example#
{}
Human Readable Output#

added watchlist entry (playbook_test) to watchlist name (atac_test)

digitalguardian-check-watchlist-entry#


Check Watchlist Entry

Base Command#

digitalguardian-check-watchlist-entry

Input#
Argument NameDescriptionRequired
watchlist_nameWatchlist NameRequired
watchlist_entryWatchlist EntryRequired
Context Output#
PathTypeDescription
DigitalGuardian.Watchlist.FoundbooleanWatchlist Found
Command Example#

!digitalguardian-check-watchlist-entry watchlist_entry=playbook_test watchlist_name=atac_test

Context Example#
{
"DigitalGuardian": {
"Watchlist": {
"Found": true
}
}
}
Human Readable Output#

Watchlist found

digitalguardian-remove-watchlist-entry#


Remove Watchlist Entry

Base Command#

digitalguardian-remove-watchlist-entry

Input#
Argument NameDescriptionRequired
watchlist_nameWatchlist NameRequired
watchlist_entryWatchlist EntryOptional
Context Output#

There is no context output for this command.

Command Example#

!digitalguardian-remove-watchlist-entry watchlist_entry=playbook_test watchlist_name=atac_test

Context Example#
{}
Human Readable Output#

removed watchlist entry (playbook_test) from watchlist name (atac_test)

digitalguardian-add-componentlist-entry#


Add Componentlist Entry

Base Command#

digitalguardian-add-componentlist-entry

Input#
Argument NameDescriptionRequired
componentlist_nameComponentlist NameRequired
componentlist_entryComponentlist EntryRequired
Context Output#

There is no context output for this command.

Command Example#

!digitalguardian-add-componentlist-entry componentlist_entry=email@example.com componentlist_name="Test - JLL - Email Address Blacklist"

Context Example#
{}
Human Readable Output#

added componentlist entry (email@example.com) to componentlist name (Test - JLL - Email Address Blacklist)

digitalguardian-check-componentlist-entry#


Check Componentlist Entry

Base Command#

digitalguardian-check-componentlist-entry

Input#
Argument NameDescriptionRequired
componentlist_nameComponentlist NameRequired
componentlist_entryComponentlist EntryRequired
Context Output#
PathTypeDescription
DigitalGuardian.Componentlist.FoundbooleanComponentlist Found
Command Example#

!digitalguardian-check-componentlist-entry componentlist_entry=email@example.com componentlist_name="Test - JLL - Email Address Blacklist"

Context Example#
{
"DigitalGuardian": {
"Componentlist": {
"Found": true
}
}
}
Human Readable Output#

Componentlist found

digitalguardian-remove-componentlist-entry#


Remove Componentlist Entry

Base Command#

digitalguardian-remove-componentlist-entry

Input#
Argument NameDescriptionRequired
componentlist_nameComponentlist NameRequired
componentlist_entryComponentlist EntryRequired
Context Output#

There is no context output for this command.

Command Example#

!digitalguardian-remove-componentlist-entry componentlist_entry=email@example.com componentlist_name="Test - JLL - Email Address Blacklist"

Context Example#
{}
Human Readable Output#

removed componentlist entry (email@example.com) from componentlist name (Test - JLL - Email Address Blacklist)