Digital Guardian

#Digital Guardian ARC Watchlist Integration This integration was integrated and tested with version 2.11.0 of Digital Guardian ARC

Configure Digital Guardian on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Digital Guardian.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
auth_urlauth_urlTrue
arc_urlarc_urlTrue
insecureAllow Insecure HTTPSFalse
client_idclient_idTrue
client_secretclient_secretTrue
export_profileexport_profileTrue
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

digitalguardian-add-watchlist-entry


Add Watchlist Entry

Base Command

digitalguardian-add-watchlist-entry

Input
Argument NameDescriptionRequired
watchlist_nameWatchlist NameRequired
watchlist_entryWatchlist EntryRequired
Context Output

There is no context output for this command.

Command Example

!digitalguardian-add-watchlist-entry watchlist_entry=playbook_test watchlist_name=atac_test

Context Example
{}
Human Readable Output

added watchlist entry (playbook_test) to watchlist name (atac_test)

digitalguardian-check-watchlist-entry


Check Watchlist Entry

Base Command

digitalguardian-check-watchlist-entry

Input
Argument NameDescriptionRequired
watchlist_nameWatchlist NameRequired
watchlist_entryWatchlist EntryRequired
Context Output
PathTypeDescription
DigitalGuardian.Watchlist.FoundbooleanWatchlist Found
Command Example

!digitalguardian-check-watchlist-entry watchlist_entry=playbook_test watchlist_name=atac_test

Context Example
{
"DigitalGuardian": {
"Watchlist": {
"Found": true
}
}
}
Human Readable Output

Watchlist found

digitalguardian-remove-watchlist-entry


Remove Watchlist Entry

Base Command

digitalguardian-remove-watchlist-entry

Input
Argument NameDescriptionRequired
watchlist_nameWatchlist NameRequired
watchlist_entryWatchlist EntryOptional
Context Output

There is no context output for this command.

Command Example

!digitalguardian-remove-watchlist-entry watchlist_entry=playbook_test watchlist_name=atac_test

Context Example
{}
Human Readable Output

removed watchlist entry (playbook_test) from watchlist name (atac_test)

digitalguardian-add-componentlist-entry


Add Componentlist Entry

Base Command

digitalguardian-add-componentlist-entry

Input
Argument NameDescriptionRequired
componentlist_nameComponentlist NameRequired
componentlist_entryComponentlist EntryRequired
Context Output

There is no context output for this command.

Command Example

!digitalguardian-add-componentlist-entry componentlist_entry=email@example.com componentlist_name="Test - JLL - Email Address Blacklist"

Context Example
{}
Human Readable Output

added componentlist entry (email@example.com) to componentlist name (Test - JLL - Email Address Blacklist)

digitalguardian-check-componentlist-entry


Check Componentlist Entry

Base Command

digitalguardian-check-componentlist-entry

Input
Argument NameDescriptionRequired
componentlist_nameComponentlist NameRequired
componentlist_entryComponentlist EntryRequired
Context Output
PathTypeDescription
DigitalGuardian.Componentlist.FoundbooleanComponentlist Found
Command Example

!digitalguardian-check-componentlist-entry componentlist_entry=email@example.com componentlist_name="Test - JLL - Email Address Blacklist"

Context Example
{
"DigitalGuardian": {
"Componentlist": {
"Found": true
}
}
}
Human Readable Output

Componentlist found

digitalguardian-remove-componentlist-entry


Remove Componentlist Entry

Base Command

digitalguardian-remove-componentlist-entry

Input
Argument NameDescriptionRequired
componentlist_nameComponentlist NameRequired
componentlist_entryComponentlist EntryRequired
Context Output

There is no context output for this command.

Command Example

!digitalguardian-remove-componentlist-entry componentlist_entry=email@example.com componentlist_name="Test - JLL - Email Address Blacklist"

Context Example
{}
Human Readable Output

removed componentlist entry (email@example.com) from componentlist name (Test - JLL - Email Address Blacklist)