Microsoft Graph Calendar
Use the Microsoft Graph Calendar integration to create and manage different calendars and events according to your requirements.
Lockpath KeyLight v2
Use the LockPath KeyLight integration to manage GRC tickets in the Keylight platform.
Flashpoint
Use the Flashpoint integration to reduce business risk.
Infoblox
Use the Infoblox integration to to receive metadata about IPs in your network, and manage the DNS Firewall by configuring RPZs.
PhishLabs IOC DRP
Use the PhishLabs IOC DRP integration to retrieve live feeds of Digital Risk Protection from PhishLabs.
McAfee DXL
Use the McAfee DXL integration to enable different products to communicate via a standard API.
SecBI
Use the SecBI integration, a threat, intelligence, and investigation platform, to enable automation of detection and investigation, including remediation and prevention policy, the enforcements on all integrated appliances.
Akamai WAF SIEM
Use the Akamai WAF SIEM integration to retrieve security events from Akamai Web Application Firewall (WAF) service.
OpenLDAP (Beta)
Use the OpenLDAP (Beta) integration to authenticate using Open LDAP.
Extracts all matches from a specified regular expression pattern from a provided string. Returns an array of results and
all matches of a specified pattern, not just specific groups. Useful for extraction, using a pattern where the content of the source string is indeterminate, such as extracting all email addresses. The 'regex' library is used and supports more advanced regex functionality than the standard 're' library.
The following arguments have been added.
The convenience argument, which enhances usability, multi-line, ignore_case, and period_matches_newline.
The error_if_no_match argument. The script will not throw an error if a match is not found. If it does not use a transformer within a playbook, you might want to throw an error if the expression doesn't match.
GetMLModelEvaluation
Finds a threshold for the ML model and performs an evaluation based on it.
PrettyPrint
Pretty-print data using Python's pprint library. This is useful for seeing the structure of an incident and context data.
KeylightCreateIssue
Use this script to simplify the process of creating or updating a record in Keylight v2.
CVE Enrichment - Generic v2
Performs CVE Enrichment using the following integrations.
VulnDB
CVE Search
IBM X-Force Exchange
Active Directory - Get User Manager Details
Takes an email address or a username of a user account in an Active Directory, and returns the email address of the user's manager.
PANW - Hunting and threat detection by indicator type
This is a multipurpose playbook used for hunting and threat detection. The playbook receives inputs based on file hashes, IP addresses, or domain names provided manually or taken from outputs of other playbooks.
Block IOCs from CSV - External Dynamic List
Parses a CSV file with IOCs and blocks them using Palo Alto Networks External Dynamic Lists.
QRadar Indicator Hunting
Queries QRadar SIEM for indicators, such as file hashes, IP addresses, domains, and URLs.