Tessian
Tessian Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
Tessian is an email security platform that allows organizations to protect their users from inbound phishing threats, outbound data loss (both malicious and accidental) and account takeovers.
#
Configure Tessian in CortexParameter | Description | Required |
---|---|---|
Portal URL | The URL that you use to access the Tessian Portal. Please include the extension, e.g. "example.tessian-platform.com" or "example.tessian-app.com" | True |
API Key | The API Key to use to connect to the Tessian API. This can be found under "Security Integrations" in your Tessian Portal (/0/admin/integrations/api/tokens) | True |
Trust any certificate (not secure) | False | |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
tessian-list-eventsThis command allows you to pull Tessian event data into your XSOAR instance.
#
Base Commandtessian-list-events
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of events you would like Tessian to return per call. The maximum value is 100. The minimum value is 2. | Optional |
after_checkpoint | If provided, this parameter must be set to the checkpoint returned by a previous request to this endpoint. When provided, events from the previous request will not be included in the response from this request. If the new checkpoint returned by this request is used in yet another call to this endpoint events from both previous requests will not be included in the response (and so on). By making a number of consecutive requests to this endpoint where the checkpoint from the previous request is provided, clients can get all events from the Tessian platform, even when there are many more than can be returned in a single request. This process is often referred to as pagination. If an event is updated, it will no longer be excluded from subsequent requests. | Optional |
created_after | Only include events that were created after this time. For example, 2020-02-02T19:00:00Z. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Tessian.EventsOutput.checkpoint | String | This value can be provided to a subsequent request via the after_checkpoint query parameter to ensure that events from this request are not returned in future responses. This allows clients to paginate through results. |
Tessian.EventsOutput.additional_results | Boolean | True if there may be more events that can be immediately retrieved. |
Tessian.EventsOutput.results | Unknown | The events returned by this request. |
#
Command example!tessian-list-events limit=2
#
Context Example#
Human Readable Output#
Tessian Events#
Checkpoint: eyJzb3J0X3ZhbHVlcyI6IFsxNjkxNTkyNTc4Mjg4LCAiaW5ib3VuZC1lNWI1MmQyYWQ3ZGQ4MTdhMGRhYmVhZjgzMDhhYWMwMDhkZDY3ZDg1ZTQ3MTk1NDE4NTZmMzRkN2JlY2Y4ZTNlIl0sICJyZXZlcnNlIjogZmFsc2V9#
Additional Results: True#
Number of events returned: 2#
Results
Event ID Event Type Event Created At Event Updated At Portal Link string string 2019-08-24T14:15:22Z 2019-08-24T14:15:22Z string string string 2019-08-24T14:15:22Z 2019-08-24T14:15:22Z string
#
tessian-release-from-quarantineThis command allows you to release a quarantined emails associated with an event from Tessian.
#
Base Commandtessian-release-from-quarantine
#
InputArgument Name | Description | Required |
---|---|---|
event_id | The ID of the event you would like to release from quarantine. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Tessian.ReleaseFromQuarantineOutput.number_of_actions_attempted | String | The number of users that release from quarantine actions were attempted for. |
Tessian.ReleaseFromQuarantineOutput.number_of_actions_succeeded | String | The number of users that the release from quarantine action was successful for. |
Tessian.ReleaseFromQuarantineOutput.results | Unknown | The results of the release action. This is an array of objects mapping the email address of users to the result of the release action. |
Tessian.ReleaseFromQuarantineOutput.event_id | String | The event ID that was submitted for release. |
#
Command example!tessian-release-from-quarantine event_id="string"
#
Context Example#
Human Readable Output#
Release from Quarantine Action#
Event ID: string#
Number of Release Actions Successfully Initiated: 1#
Number of Release Actions Failed: 1#
Errors
Recipient Error test_user2@example.com EMAIL_ALREADY_REMEDIATED
#
tessian-delete-from-quarantineThis command allows you to delete quarantined emails associated with an event from Tessian.
#
Base Commandtessian-delete-from-quarantine
#
InputArgument Name | Description | Required |
---|---|---|
event_id | The ID of the event you would like to delete from quarantine. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Tessian.DeleteFromQuarantineOutput.number_of_actions_attempted | String | The number of users that delete from quarantine actions were attempted for. |
Tessian.DeleteFromQuarantineOutput.number_of_actions_succeeded | String | The number of users that the delete from quarantine action was successful for. |
Tessian.DeleteFromQuarantineOutput.results | Unknown | The results of the delete action. This is an array of objects mapping the email address of users to the result of the delete action. |
Tessian.DeleteFromQuarantineOutput.event_id | String | The event ID that was submitted for deletion. |
#
Command example!tessian-delete-from-quarantine event_id="string"
#
Context Example#
Human Readable Output#
Delete from Quarantine Action#
Event ID: string#
Number of Delete Actions Successfully Initiated: 1#
Number of Delete Actions Failed: 1#
Errors
Recipient Error test_user2@example.com EMAIL_ALREADY_REMEDIATED
#
tessian-delete-from-inboxThis command allows you to delete emails associated with a Tessian event from your inbox.
#
Base Commandtessian-delete-from-inbox
#
InputArgument Name | Description | Required |
---|---|---|
event_id | The ID of the event you would like to delete from inbox. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Tessian.DeleteFromQuarantineOutput.number_of_actions_attempted | String | The number of users that delete from inbox actions were attempted for. |
Tessian.DeleteFromQuarantineOutput.number_of_actions_succeeded | String | The number of users that the delete from inbox action was successful for. |
Tessian.DeleteFromQuarantineOutput.results | Unknown | The results of the delete action. This is an array of objects mapping the email address of users to the result of the delete action. |
Tessian.DeleteFromQuarantineOutput.event_id | String | The event ID that was submitted for deletion. |
#
Command example!tessian-delete-from-inbox event_id="string"
#
Context Example#
Human Readable Output#
Delete from Inbox Action#
Event ID: string#
Number of Delete Actions Successfully Initiated: 1#
Number of Delete Actions Failed: 1#
Errors
Recipient Error test_user2@example.com ALREADY_DELETED