Silverfort
Silverfort Pack.#
This Integration is part of theSilverfort protects organizations from data breaches by delivering strong authentication across entire corporate networks and cloud environments, without requiring any modifications to endpoints or servers. Using patent-pending technology, Silverfort's agentless approach enables multi-factor authentication and AI-driven adaptive authentication even for systems that don’t support it today, including proprietary systems, critical infrastructure, shared folders, IoT devices, and more.
Use Silverfort integration to get & update Silverfort risk severity.
This integration was integrated and tested with Silverfort version 2.12.
#
Silverfort Playbook- Get risk information and block the user if the risk is 'high' or 'critical'
- Update the Silverfort user risk level
#
Use Cases- Consume Silverfort user and server risk levels
- Enrich the Silverfort risk engine and trigger MFA on risky entities
#
Configure Silverfort in CortexParameter | Description | Required |
---|---|---|
Name | a textual name for the integration instance | True |
url | Server URL | True |
apikey | APIKEY | True |
insecure | Trust any certificate (not secure) | False |
- To generate an API token:
- On the Silverfort Admin Console, navigate to the SETTINGS page, and then select Silverfort API.
- Next to the Application User ID field, click Create App User.
- Copy the values of the App User ID and App User Secret.
- Click Save all.
- The API KEY is "App USer ID:App USer Secret". (note the ":" between User ID and Secret) For more information, see the Silverfort documentation.
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
silverfort-get-user-riskUser risk commands - get the user entity risk.
#
Base Commandsilverfort-get-user-risk
#
InputArgument Name | Description | Required |
---|---|---|
upn | The user principal name. | Optional |
The email address. | Optional | |
sam_account | The sam account. | Optional |
domain | The domain. | Optional |
Specify one of the following:
- upn
- email address and domain
- sam account and domain
#
Context OutputPath | Type | Description |
---|---|---|
Silverfort.UserRisk.Risk | String | The risk level. |
Silverfort.UserRisk.Reasons | Unknown | The reasons for the risk. |
Silverfort.UserRisk.UPN | String | The user principal name. |
#
Command Example!silverfort-get-user-risk upn="sfuser@silverfort.io"
#
Context Example#
Human Readable Output#
Silverfort User RiskUPN | Risk | Reasons |
---|---|---|
sfuser@silverfort.io | Medium | Suspicious activity,Password never expires |
#
silverfort-get-resource-riskGets the resource entity risk information.
#
Base Commandsilverfort-get-resource-risk
#
InputArgument Name | Description | Required |
---|---|---|
resource_name | The hostname. | Required |
domain_name | The domain. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Silverfort.ResourceRisk.Risk | String | The risk level. |
Silverfort.ResourceRisk.Reasons | Array | The reasons for the risk. |
Silverfort.ResourceRisk.ResourceName | String | The hostname. |
#
Command Example!silverfort-get-resource-risk resource_name="SF-DC-1" domain_name="silverfort.io"
#
Context Example#
Human Readable Output#
Silverfort Resource RiskResourceName | Risk | Reasons |
---|---|---|
SF-DC-1 | Low | Unconstrained Delegation |
#
silverfort-update-user-riskUpdates the user entity risk.
#
Base Commandsilverfort-update-user-risk
#
InputArgument Name | Description | Required |
---|---|---|
upn | The user principal name. | Optional |
risk_name | The risk name. | Required |
severity | The severity. | Required |
valid_for | The number of hours that the risk will be valid for. | Required |
description | The risk description. | Required |
The email address. | Optional | |
sam_account | The sam account. | Optional |
domain | The domain. | Optional |
Specify one of the following:
- upn
- email address and domain
- sam account and domain
#
Context OutputThere is no context output for this command.
#
Command Example!silverfort-update-user-risk upn="sfuser@silverfort.io" risk_name="activity_risk" severity=medium valid_for=1 description="Suspicious activity"
#
Context Example#
Human Readable Outputok
#
silverfort-update-resource-riskUpdate the resource entity risk.
#
Base Commandsilverfort-update-resource-risk
#
InputArgument Name | Description | Required |
---|---|---|
resource_name | The hostname. | Required |
domain_name | The domain name. | Required |
risk_name | The risk name. | Required |
severity | The severity. | Required |
valid_for | The number of hours the severity will be relevant for. | Required |
description | A short description about the risk. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!silverfort-update-resource-risk resource_name="SF-DC-1" domain_name="silverfort.io" risk_name="malware_risk" severity="high" valid_for=1 description="Malware detected"
#
Context Example#
Human Readable Outputok