Skip to main content

Silverfort

This Integration is part of the Silverfort Pack.#

Silverfort protects organizations from data breaches by delivering strong authentication across entire corporate networks and cloud environments, without requiring any modifications to endpoints or servers. Using patent-pending technology, Silverfort's agentless approach enables multi-factor authentication and AI-driven adaptive authentication even for systems that don’t support it today, including proprietary systems, critical infrastructure, shared folders, IoT devices, and more.

Use Silverfort integration to get & update Silverfort risk severity.

This integration was integrated and tested with Silverfort version 2.12.

Silverfort Playbook#


  • Get risk information and block the user if the risk is 'high' or 'critical'
  • Update the Silverfort user risk level

Use Cases#


  • Consume Silverfort user and server risk levels
  • Enrich the Silverfort risk engine and trigger MFA on risky entities

Configure Silverfort on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Silverfort.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
Namea textual name for the integration instanceTrue
urlServer URLTrue
apikeyAPIKEYTrue
insecureTrust any certificate (not secure)False
  1. Click Test to validate the URLs, token, and connection.
  • To generate an API token:
    1. From the Silverfort Admin Console, navigate to Settings > Advanced.
    2. In the Authentication Tokens section, click Generate Token.
    3. Copy the generated token and save it in a safe place.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

silverfort-get-user-risk#


User risk commands - get the user entity risk.

Base Command#

silverfort-get-user-risk

Input#
Argument NameDescriptionRequired
upnThe user principal name.Optional
emailThe email address.Optional
sam_accountThe sam account.Optional
domainThe domain.Optional

Specify one of the following:

  • upn
  • email address and domain
  • sam account and domain
Context Output#
PathTypeDescription
Silverfort.UserRisk.RiskStringThe risk level.
Silverfort.UserRisk.ReasonsUnknownThe reasons for the risk.
Silverfort.UserRisk.UPNStringThe user principal name.
Command Example#

!silverfort-get-user-risk upn="sfuser@silverfort.io"

Context Example#
{
"Silverfort": {
"UserRisk": {
"Reasons": [
"Suspicious activity",
"Password never expires"
],
"Risk": "Medium",
"UPN": "sfuser@silverfort.io"
}
}
}
Human Readable Output#

Silverfort User Risk#

UPNRiskReasons
sfuser@silverfort.ioMediumSuspicious activity,Password never expires

silverfort-get-resource-risk#


Gets the resource entity risk information.

Base Command#

silverfort-get-resource-risk

Input#
Argument NameDescriptionRequired
resource_nameThe hostname.Required
domain_nameThe domain.Required
Context Output#
PathTypeDescription
Silverfort.ResourceRisk.RiskStringThe risk level.
Silverfort.ResourceRisk.ReasonsArrayThe reasons for the risk.
Silverfort.ResourceRisk.ResourceNameStringThe hostname.
Command Example#

!silverfort-get-resource-risk resource_name="SF-DC-1" domain_name="silverfort.io"

Context Example#
{
"Silverfort": {
"ResourceRisk": {
"Reasons": [
"Unconstrained Delegation"
],
"ResourceName": "SF-DC-1",
"Risk": "Low"
}
}
}
Human Readable Output#

Silverfort Resource Risk#

ResourceNameRiskReasons
SF-DC-1LowUnconstrained Delegation

silverfort-update-user-risk#


Updates the user entity risk.

Base Command#

silverfort-update-user-risk

Input#
Argument NameDescriptionRequired
upnThe user principal name.Optional
risk_nameThe risk name.Required
severityThe severity.Required
valid_forThe number of hours that the risk will be valid for.Required
descriptionThe risk description.Required
emailThe email address.Optional
sam_accountThe sam account.Optional
domainThe domain.Optional

Specify one of the following:

  • upn
  • email address and domain
  • sam account and domain
Context Output#

There is no context output for this command.

Command Example#

!silverfort-update-user-risk upn="sfuser@silverfort.io" risk_name="activity_risk" severity=medium valid_for=1 description="Suspicious activity"

Context Example#
{}
Human Readable Output#

ok

silverfort-update-resource-risk#


Update the resource entity risk.

Base Command#

silverfort-update-resource-risk

Input#
Argument NameDescriptionRequired
resource_nameThe hostname.Required
domain_nameThe domain name.Required
risk_nameThe risk name.Required
severityThe severity.Required
valid_forThe number of hours the severity will be relevant for.Required
descriptionA short description about the risk.Required
Context Output#

There is no context output for this command.

Command Example#

!silverfort-update-resource-risk resource_name="SF-DC-1" domain_name="silverfort.io" risk_name="malware_risk" severity="high" valid_for=1 description="Malware detected"

Context Example#
{}
Human Readable Output#

ok