- Index
- Integrations
- abuse.ch SSL Blacklist Feed
- AbuseIPDB
- Acalvio ShadowPlex
- Accessdata
- Active Directory Authentication
- Active Directory Query v2
- ActiveMQ
- Aella Star Light
- Agari Phishing Defense
- Akamai WAF
- Akamai WAF SIEM
- Alexa Rank Indicator
- AlienVault OTX TAXII Feed
- AlienVault OTX v2
- AlienVault Reputation Feed
- AlienVault USM Anywhere
- AlphaSOC Network Behavior Analytics
- AlphaSOC Wisdom
- Amazon DynamoDB
- AMP
- Analyst1
- Anomali Match
- Anomali ThreatStream
- Anomali ThreatStream v2
- Ansible Tower
- ANY.RUN
- ArcSight ESM v2
- ArcSight Logger
- ARIA Packet Intelligence
- Atlassian Confluence Server
- Atlassian IAM
- Atlassian Jira v2
- AttackIQ Platform
- Attivo Botsink
- AutoFocus Daily Feed
- AutoFocus Feed
- Awake Security
- AWS - CloudTrail
- AWS - CloudWatchLogs
- AWS - EC2
- AWS - GuardDuty
- AWS - IAM
- AWS - Lambda
- AWS - Route53
- AWS - S3
- AWS - Security Hub
- AWS - SQS
- AWS Feed
- AWS Network Firewall
- AWS Sagemaker
- AWS Simple Notification Service (AWS SNS)
- Axonius
- Azure AD Connect Health Feed
- Azure Compute v2
- Azure Feed
- Azure Kubernetes Services (Beta)
- Azure Log Analytics (Beta)
- Azure Network Security Groups
- Azure Security Center v2
- Azure Sentinel (Beta)
- Azure SQL Management (Beta)
- Azure Web Application Firewall
- Bambenek Consulting Feed
- Barracuda Reputation Block List (BRBL)
- Bastille Networks
- BeyondTrust Password Safe
- BigFix
- BitcoinAbuse Feed
- BitDam
- Bluecat Address Manager
- Blueliv ThreatCompass
- Blueliv ThreatContext
- BMC Helix Remedyforce
- BMC Remedy AR
- Bonusly
- Box v2
- C2sec irisk
- Centreon
- Centrify Vault
- Check Point Firewall (Deprecated)
- Check Point Firewall v2
- CheckPhish
- Cherwell
- Chronicle
- CIRCL
- Cisco ASA
- Cisco Email Security (beta)
- Cisco Firepower
- Cisco ISE
- Cisco Threat Grid
- Cisco Umbrella Cloud Security
- Cisco Umbrella Enforcement
- Cisco Umbrella Investigate
- Claroty
- Cloaken
- CloudConvert
- CloudShare (Beta)
- CloudShark
- Code42
- Cofense Triage (Deprecated)
- Cofense Triage v2
- Cognni
- Coralogix
- Cortex Data Lake
- Cortex XDR - IOC
- CounterCraft Deception Director
- CrowdStrike Falcon
- CrowdStrike Falcon Intel (Deprecated)
- Crowdstrike Falcon Intel Feed
- CrowdStrike Falcon Intel v2
- CrowdStrike Falcon Sandbox
- CrowdStrike Falcon Streaming v2
- CrowdStrike Falcon X
- CrowdStrike Malquery
- Cryptocurrency
- CSV Feed
- Cuckoo Sandbox
- CVE Search v2
- Cyber Triage
- CyberArk AIM (Deprecated)
- CyberArk AIM v2
- CyberArk PAS
- Cybereason
- Cyberint
- CyberTotal
- Cyjax Feed
- Cylance Protect v2
- Cymptom
- Cymulate
- Cyren Threat InDepth Threat Intelligence Feed
- Cyware Threat Intelligence eXchange
- Darktrace
- Deep Instinct
- DeHashed
- Dell Secureworks
- Demisto Lock
- Devo
- Devo v2
- DHS Feed
- Digital Defense FrontlineVM
- Digital Guardian
- dnstwist
- DomainTools Iris
- Druva Ransomware Response
- Duo
- EasyVista
- EclecticIQ Platform
- Elasticsearch Feed
- Elasticsearch v2
- EmailRep.io
- Endace
- EWS Mail Sender
- EWS O365
- EWS v2
- Exabeam
- Exchange 2016 Compliance Search
- Expanse
- Expanse Expander Feed
- Expanse v2
- Export Indicators Service
- ExtraHop Reveal(x) v2
- F5 Application Security Manager (WAF)
- F5 firewall
- FalconHost (Deprecated)
- Farsight DNSDB
- Farsight DNSDB v2
- Fidelis EDR
- Fidelis Elevate Network
- FireEye (AX Series)
- FireEye Detection on Demand
- FireEye ETP
- FireEye Feed
- FireEye Helix
- FireEye HX
- FireEye NX
- Flashpoint
- Forcepoint
- Forescout
- FortiGate
- FortiManager
- FortiSIEM
- Freshdesk
- G Suite Admin
- GCP Whitelist Feed
- Generic SQL
- Generic Webhook
- Genians
- GitHub
- GitHub IAM
- Gmail
- Gmail Single User (Beta)
- Google BigQuery
- Google Calendar
- Google Cloud Compute
- Google Cloud Functions
- Google Cloud Pub/Sub
- Google Cloud Storage
- Google Cloud Translate
- Google Docs
- Google Drive
- Google Kubernetes Engine
- Google Resource Manager
- Google Vault
- GoogleApps API and G Suite
- Gophish
- GraphQL
- Graylog
- GreatHorn
- GreyNoise
- Group-IB TDS Polygon
- GRR
- Gurucul-GRA
- HashiCorp Vault
- Have I Been Pwned? v2
- HelloWorld
- HelloWorldPremium
- Humio
- Hybrid Analysis
- IBM QRadar
- IBM QRadar v2
- IBM Resilient Systems
- IBM X-Force Exchange v2
- Icebrg
- iDefense (Deprecated)
- iDefense Feed
- iDefense v2
- illuminate (Deprecated)
- IllusiveNetworks
- Image OCR
- Indeni
- Infinipoint
- InfoArmor VigilanteATI
- Infoblox
- Infocyte
- Intel471 Actors Feed
- Intel471 Malware Feed
- Intezer v2
- ipinfo
- IronDefense
- Ivanti Heat
- Ja3er
- JARM
- Jask
- Joe Security
- JSON Feed
- JsonWhoIs
- Kafka v2
- Kenna v2
- Lacework
- Lastline v2
- Lockpath KeyLight v2
- LogPoint SIEM Integration
- LogRhythm
- LogRhythmRest
- Logz.io
- Looker
- Mail Listener v2
- Mail Sender (New)
- Majestic Million Feed
- Maltiverse
- Malwarebytes
- Mattermost
- MaxMind GeoIP2
- McAfee Active Response
- McAfee Advanced Threat Defense
- McAfee DAM
- McAfee DXL
- McAfee ePO
- McAfee ESM v10 and v11 (Deprecated)
- McAfee ESM v2
- McAfee NSM
- McAfee Threat Intelligence Exchange
- Microsoft Advanced Threat Analytics
- Microsoft Cloud App Security
- Microsoft Defender for Endpoint
- Microsoft Endpoint Configuration Manager
- Microsoft Graph API
- Microsoft Graph Applications
- Microsoft Graph Calendar
- Microsoft Graph Device Management (Microsoft Intune)
- Microsoft Graph Files
- Microsoft Graph Groups
- Microsoft Graph Identity & Access
- Microsoft Graph Mail
- Microsoft Graph Mail Single User
- Microsoft Graph Security
- Microsoft Graph User
- Microsoft Management Activity API (O365 Azure Events)
- Microsoft Policy And Compliance (Audit Log)
- Microsoft Teams
- Microsoft Teams Management
- Mimecast v2
- Minerva Labs Anti-Evasion Platform
- MISP v2
- MITRE ATT&CK Feed
- mnemonic MDR - Argus Managed Defence
- MobileIronCLOUD
- MobileIronCORE
- Moloch
- MongoDB
- MongoDB Key Value Store
- MongoDB Log
- Netskope
- nmap
- Nozomi Networks
- NTT Cyber Threat Sensor
- Nutanix Hypervisor
- O365 - EWS - Extension
- O365 - EWS - Extension Online Powershell v2
- O365 - Security And Compliance - Content Search (beta)
- Office 365 Feed
- okta (Deprecated)
- Okta IAM
- Okta v2
- OpenCTI Feed
- OpenLDAP
- OpenPhish v2
- OpsGenie
- Orca
- OTRS
- Packetsled
- PagerDuty v2
- Palo Alto AutoFocus (Deprecated)
- Palo Alto Networks - Prisma Cloud Compute
- Palo Alto Networks AutoFocus v2
- Palo Alto Networks Automatic SLR
- Palo Alto Networks BPA
- Palo Alto Networks Cortex (Deprecated)
- Palo Alto Networks Cortex XDR - Investigation and Response
- Palo Alto Networks Enterprise DLP
- Palo Alto Networks IoT
- Palo Alto Networks IoT 3rd Party
- Palo Alto Networks MineMeld (Deprecated)
- Palo Alto Networks PAN-OS
- Palo Alto Networks PAN-OS EDL Management
- Palo Alto Networks PAN-OS EDL Service
- Palo Alto Networks Threat Vault
- Palo Alto Networks Traps
- Palo Alto Networks WildFire v2
- PassiveTotal v2
- Pentera
- PerceptionPoint
- Perch
- Phish.AI
- PhishLabs IOC
- PhishLabs IOC DRP
- PhishLabs IOC EIR
- PhishTank v2
- PiHole
- Plain Text Feed
- Preempt
- Prisma Access
- Prisma Access Egress IP feed
- Prisma Cloud (RedLock)
- Proofpoint Protection Server (Deprecated)
- Proofpoint Protection Server v2
- Proofpoint TAP v2
- ProtectWise
- Public DNS Feed
- Query.AI
- Quest KACE Systems Management Appliance (Beta)
- Rapid7 InsightIDR
- Rapid7 Nexpose
- Rasterize
- Recorded Future
- Recorded Future RiskList Feed
- Recorded Future v2
- Red Canary
- Remedy On-Demand
- Remote Access
- ReversingLabs A1000
- ReversingLabs Titanium Cloud
- RiskIQ Digital Footprint
- RiskSense
- RSA Archer (Deprecated)
- RSA Archer v2
- RSA NetWitness Endpoint
- RSA NetWitness Packets and Logs
- RSA NetWitness v11.1
- RST Cloud - Threat Feed API
- RTIR
- Rubrik Polaris
- Rundeck
- SafeBreach (Deprecated)
- SafeBreach v2
- SailPoint IdentityIQ
- Salesforce
- Salesforce IAM
- SAML 2.0
- SAML 2.0 - ADFS as IdP
- SAML 2.0 - Okta as IdP
- SCADAfence CNM
- SecBI
- Security Intelligence Services Feed
- SecurityAdvisor
- Securonix
- SentinelOne v2
- Sepio
- Server Message Block (SMB) (Deprecated)
- Server Message Block (SMB) v2
- Service Desk Plus
- Service Desk Plus (On-Premise)
- ServiceNow (Deprecated)
- ServiceNow CMDB
- ServiceNow IAM
- ServiceNow v2
- Signal Sciences WAF
- Silverfort
- Sixgill DarkFeed Enrichment
- Sixgill DarkFeed Threat Intelligence
- Skyformation (Deprecated)
- Slack IAM
- Slack v2
- SlashNext Phishing Incident Response
- SMIME Messaging
- Smokescreen IllusionBLACK
- SNDBOX
- Snowflake
- Sophos Central
- Sophos Firewall
- Spamcop
- Spamhaus Feed
- SplunkPy
- Stealthwatch Cloud
- SumoLogic
- Symantec Blue Coat Content and Malware Analysis (Beta)
- Symantec Data Loss Prevention (Beta)
- Symantec Endpoint Protection v2
- Symantec Managed Security Services
- Symantec Management Center
- Symantec Messaging Gateway
- Synapse
- Syslog
- Syslog Sender
- Talos Feed
- Tanium
- Tanium Threat Response
- Tanium v2
- TAXII 2 Feed
- TAXII Feed
- TAXII Server
- Tenable.io
- Tenable.sc
- Thinkst Canary
- ThreatConnect (Deprecated)
- ThreatConnect Feed
- ThreatConnect v2
- ThreatQ v2
- ThreatX
- Trend Micro Apex
- TrendMicro Cloud App Security
- Tripwire
- TruSTAR (Deprecated)
- TruSTAR v2
- Tufin
- Twinwave
- Unit42 Feed
- Uptycs
- URLhaus
- urlscan.io
- Vectra
- Vectra v2
- Venafi
- Vertica
- VirusTotal
- VirusTotal - Private API
- VMRay
- VMware
- VMware Carbon Black App Control v2
- VMware Carbon Black EDR (Live Response API)
- VMware Carbon Black Endpoint Standard
- VMware Carbon Black Enterprise EDR
- VulnDB
- WhatIsMyBrowser
- Whois
- WootCloud
- Workday
- Workday IAM
- Workday IAM Event Generator (Beta)
- XM Cyber
- xMatters
- XSOAR Mirroring
- Zabbix
- Zimperium
- Zoom
- Zoom Feed
- Zscaler
- Playbooks
- Access Investigation - Generic
- Access Investigation - Generic - NIST
- Access Investigation - QRadar
- Accessdata: Dump memory for malicious process
- Account Enrichment - Generic
- Account Enrichment - Generic v2
- Account Enrichment - Generic v2.1
- Active Directory - Get User Manager Details
- Add Indicator to Miner - Palo Alto MineMeld
- Add Unknown Indicators To Inventory - RiskIQ Digital Footprint
- Agari Message Remediation - Agari Phishing Defense
- Akamai WAF - Activate Network Lists
- Allow IP - Okta Zone
- Anomali Enterprise Forensic Search
- Archer initiate incident
- Arcsight - Get events related to the Case
- Assign Active Incidents to Next Shift V2
- ATD - Detonate File
- Auto Add Assets - RiskIQ Digital Footprint
- Auto Update Or Remove Assets - RiskIQ Digital Footprint
- Autofocus Query Samples, Sessions and Tags
- AutoFocusPolling
- Block Account - Generic
- Block Endpoint - Carbon Black Response
- Block File - Carbon Black Response
- Block File - Cybereason
- Block File - Cylance Protect v2
- Block File - Generic
- Block File - Generic v2
- Block Indicators - Generic
- Block Indicators - Generic v2
- Block IOCs from CSV - External Dynamic List
- Block IP - Generic
- Block IP - Generic v2
- Block URL - Generic
- Bonusly - AutoGratitude
- Brute Force Investigation - Generic
- Brute Force Investigation - Generic - SANS
- Bulk Export Devices to ServiceNow - PANW IoT 3rd Party Integration
- Bulk Export to Cisco ISE - PANW IoT 3rd Party Integration
- Bulk Export to SIEM - PANW IoT 3rd Party Integration
- C2SEC-Domain Scan
- Calculate Severity - 3rd-party integrations
- Calculate Severity - Critical assets
- Calculate Severity - Critical Assets v2
- Calculate Severity - Generic
- Calculate Severity - Generic v2
- Calculate Severity - GreyNoise
- Calculate Severity - Indicators DBotScore
- Calculate Severity - Standard
- Calculate Severity By Email Authenticity
- Calculate Severity By Highest DBotScore
- Calculate Severity Highest DBotScore For Egress Network Traffic - GreyNoise
- Calculate Severity Highest DBotScore For Ingress Network Traffic - GreyNoise
- California - Breach Notification
- Carbon Black EDR Search Process
- Carbon black Protection Rapid IOC Hunting
- Carbon Black Rapid IOC Hunting
- Check Indicators For Unknown Assets - RiskIQ Digital Footprint
- Check IP Address For Whitelisting - RiskIQ Digital Footprint
- Checkpoint Firewall Configuration Backup Playbook
- ChronicleAsset Investigation - Chronicle
- ChronicleAssets Investigation And Remediation - Chronicle
- CloudConvert - Convert File
- Code42 Add Departing Employee From Ticketing System
- Code42 Copy File To Ticketing System
- Code42 Exfiltration Playbook
- Code42 File Download
- Code42 File Search
- Code42 Suspicious Activity Action
- Code42 Suspicious Activity Review
- Continuously Process Survey Responses
- Convert file hash to corresponding hashes
- Cortex XDR - Block File
- Cortex XDR - Check Action Status
- Cortex XDR - Isolate Endpoint
- Cortex XDR - Malware Investigation
- Cortex XDR - Port Scan
- Cortex XDR - Port Scan - Adjusted
- Cortex XDR - quarantine file
- Cortex XDR - Retrieve File Playbook
- Cortex XDR Alerts Handling
- Cortex XDR device control violations
- Cortex XDR disconnected endpoints
- Cortex XDR Incident Handling
- Cortex XDR incident handling v2
- Cortex XDR incident handling v3
- Cortex XDR Incident Sync
- Create ServiceNow Ticket
- CrowdStrike Endpoint Enrichment
- CrowdStrike Falcon Sandbox - Detonate file
- CrowdStrike Rapid IOC Hunting
- CrowdStrike Rapid IOC Hunting v2
- CVE Enrichment - Generic
- CVE Enrichment - Generic v2
- CVE Exposure - RiskSense
- CyberTotal Auto Enrichment - CyCraft
- CyberTotal Whois - CyCraft
- D2 - Endpoint data collection
- Darkfeed - malware download from feed
- Darkfeed IOC detonation and proactive blocking
- Darkfeed Threat hunting-research
- DBot Create Phishing Classifier
- DBot Create Phishing Classifier Job
- DBot Create Phishing Classifier V2
- DBot Create Phishing Classifier V2 Job
- DBot Indicator Enrichment - Generic
- Dedup - Generic
- Dedup - Generic v2
- Dedup - Generic v3
- DeDup incidents
- DeDup incidents - ML
- Default
- Demisto Self-Defense - Account policy monitoring playbook
- Detonate File - ANYRUN
- Detonate File - BitDam
- Detonate File - Cuckoo
- Detonate File - FireEye AX
- Detonate File - FireEye Detection on Demand
- Detonate File - Generic
- Detonate File - Group-IB TDS Polygon
- Detonate File - HybridAnalysis
- Detonate File - JoeSecurity
- Detonate File - Lastline
- Detonate File - Lastline v2
- Detonate File - SNDBOX
- Detonate File - ThreatGrid
- Detonate File - ThreatStream
- Detonate File - VMRay
- Detonate File From URL - ANYRUN
- Detonate File From URL - JoeSecurity
- Detonate File From URL - WildFire
- Detonate Remote File from URL - McAfee ATD
- Detonate URL - ANYRUN
- Detonate URL - CrowdStrike
- Detonate URL - Cuckoo
- Detonate URL - Generic
- Detonate URL - Group-IB TDS Polygon
- Detonate URL - JoeSecurity
- Detonate URL - Lastline
- Detonate URL - Lastline v2
- Detonate URL - McAfee ATD
- Detonate URL - Phish.AI
- Detonate URL - ThreatGrid
- Detonate URL - ThreatStream
- Detonate URL - WildFire-v2
- Digital Defense FrontlineVM - Old Vulnerabilities Found
- Digital Defense FrontlineVM - PAN-OS block assets
- Digital Defense FrontlineVM - Scan Asset Not Recently Scanned
- Digital Guardian Demo Playbook
- Domain Enrichment - Generic
- Domain Enrichment - Generic v2
- Email Address Enrichment - Generic
- Email Address Enrichment - Generic v2
- Email Address Enrichment - Generic v2.1
- Employee Offboarding - Delegate
- Employee Offboarding - Gather User Information
- Employee Offboarding - Retain & Delete
- Employee Offboarding - Revoke Permissions
- Employee Status Survey
- Endace Search Archive and Download
- Endace Search Archive Download PCAP
- Endace Search Archive Download PCAP v2
- Endpoint data collection
- Endpoint Enrichment - Cylance Protect v2
- Endpoint Enrichment - Generic
- Endpoint Enrichment - Generic v2
- Endpoint Enrichment - Generic v2.1
- Endpoint Enrichment - XM Cyber
- Endpoint Malware Investigation - Generic
- Enrich DXL with ATD verdict
- Enrich DXL with ATD verdict v2
- Enrich Incident With Asset Details - RiskIQ Digital Footprint
- Enrich McAfee DXL using 3rd party sandbox
- Enrich McAfee DXL using 3rd party sandbox v2
- Entity Enrichment - Generic
- Entity Enrichment - Generic v2
- Entity Enrichment - Generic v3
- Entity Enrichment - Phishing v2
- Exchange 2016 Search and Delete
- Expanse Attribution
- Expanse Behavior Severity Update
- Expanse Enrich Cloud Assets
- Expanse Find Cloud IP Address Region and Service
- Expanse Load-Create List
- Export Single Alert to ServiceNow - PANW IoT 3rd Party Integration
- Export Single Asset to SIEM - PANW IoT 3rd Party Integration
- Export Single Vulnerability to ServiceNow - PANW IoT 3rd Party Integration
- Extract and Enrich Expanse Indicators
- Extract Indicators - Generic
- Extract Indicators From File - Generic
- Extract Indicators From File - Generic v2
- ExtraHop - CVE-2019-0708 (BlueKeep)
- ExtraHop - Default
- ExtraHop - Get Peers by Host
- ExtraHop - Ticket Tracking v2
- Failed Login Playbook - Slack v2
- Field Polling - Generic
- File Enrichment - File reputation
- File Enrichment - Generic
- File Enrichment - Generic v2
- File Enrichment - Virus Total Private API
- FireEye Helix Archive Search
- FireEye Red Team Tools Investigation and Response
- GDPR Breach Notification
- GenericPolling
- Get File Sample By Hash - Carbon Black Enterprise Response
- Get File Sample By Hash - Cylance Protect
- Get File Sample By Hash - Cylance Protect v2
- Get File Sample By Hash - Generic
- Get File Sample By Hash - Generic v2
- Get File Sample By Hash - Generic v3
- Get File Sample From Path - Carbon Black Enterprise Response
- Get File Sample From Path - D2
- Get File Sample From Path - Generic
- Get File Sample From Path - Generic V2
- Get File Sample From Path - VMware Carbon Black EDR - Live Response API
- Get Original Email - EWS
- Get Original Email - Generic
- Get Original Email - Gmail
- Get the binary file from Carbon Black by its MD5 hash
- Google Vault - Display Results
- Google Vault - Search Drive
- Google Vault - Search Groups
- Google Vault - Search Mail
- Handle Darktrace Model Breach
- Handle Expanse Incident
- Handle Expanse Incident - Attribution Only
- Handle Hello World Alert
- Handle Hello World Premium Alert
- Handle Shadow IT Incident
- Handle TD events
- HelloWorld Scan
- HIPAA - Breach Notification
- Hostname And IP Address Investigation And Remediation - Chronicle
- Humio QueryJob Poll
- Hunt Extracted Hashes
- Hunt Extracted Hashes V2
- Hunt for bad IOCs
- Hunting C&C Communication Playbook
- Hybrid-analysis quick-scan
- IAM - App Sync
- IAM - Configuration
- IAM - New Hire
- IAM - Rehire User
- IAM - Sync User
- IAM - Terminate User
- IAM - Test Instances
- IAM - Update User
- Illinois - Breach Notification
- Illusive - Data Enrichment
- Illusive - Incident Escalation
- Illusive-Collect-Forensics-On-Demand
- Illusive-Retrieve-Incident
- Impossible Traveler
- Incremental Export Devices to ServiceNow - PANW IoT 3rd Party Integration
- Incremental Export to Cisco ISE - PANW IoT 3rd Party Integration
- Incremental Export to SIEM - PANW IoT 3rd Party Integration
- Indicator Pivoting - DomainTools Iris
- Integrations and Incidents Health Check - Running Scripts
- Intezer - Analyze by hash
- Intezer - Analyze Uploaded file
- Intezer - scan host
- Investigate On Bad Domain Matches - Chronicle
- IP Enrichment - External - Generic v2
- IP Enrichment - Generic
- IP Enrichment - Generic v2
- IP Enrichment - Internal - Generic v2
- IP Enrichment - XM Cyber
- IP Reputation-GreyNoise
- IP Whitelist - AWS Security Group
- IP Whitelist - GCP Firewall
- IP Whitelist And Exclusion - RiskIQ Digital Footprint
- Isolate Endpoint - Cybereason
- Isolate Endpoint - Generic
- IT - Employee Offboarding
- IT - Employee Offboarding - Manual
- JOB - Cortex XDR query endpoint device control violations
- JOB - Integrations and Incidents Health Check
- JOB - Integrations and Incidents Health Check - Lists handling
- JOB - XSOAR - Export Selected Custom Content
- JOB - XSOAR - Simple Dev to Prod
- Launch Scan - Tenable.sc
- List Device Events - Chronicle
- Logz.Io Handle Alert
- Logz.io Indicator Hunting
- Lost / Stolen Device Playbook
- LSASS Credential Dumpin
- Malware Investigation - Generic
- Malware Investigation - Generic - Setup
- Malware Investigation - Manual
- Malware Playbook - Manual
- MAR - Endpoint data collection
- McAfee ePO Endpoint Compliance Playbook
- McAfee ePO Endpoint Compliance Playbook v2
- McAfee ePO Endpoint Connectivity Diagnostics Playbook v2
- McAfee ePO Repository Compliance Playbook
- McAfee ePO Repository Compliance Playbook v2
- Mirror ServiceNow Ticket
- NetOps - Firewall Version and Content Upgrade
- NetOps - Upgrade PAN-OS Firewall Device
- New York - Breach Notification
- Nexpose - Create and Download Report
- NIST - Handling an Incident Template
- NIST - Lessons Learned
- O365 - Security And Compliance - Search
- O365 - Security And Compliance - Search Action - Delete
- O365 - Security And Compliance - Search Action - Preview
- O365 - Security And Compliance - Search And Delete
- Office 365 Search and Delete
- Palo Alto Networks - Endpoint Malware Investigation
- Palo Alto Networks - Endpoint Malware Investigation v2
- Palo Alto Networks - Endpoint Malware Investigation v3
- Palo Alto Networks - Hunting And Threat Detection
- Palo Alto Networks - Malware Remediation
- PAN-OS - Add Static Routes
- PAN-OS - Block Destination Service
- PAN-OS - Block Domain - External Dynamic List
- PAN-OS - Block IP - Custom Block Rule
- PAN-OS - Block IP - Static Address Group
- PAN-OS - Block IP and URL - External Dynamic List
- PAN-OS - Block IP and URL - External Dynamic List v2
- PAN-OS - Block URL - Custom URL Category
- PAN-OS - Create Or Edit Rule
- PAN-OS - Delete Static Routes
- PAN-OS Commit Configuration
- PAN-OS DAG Configuration
- PAN-OS EDL Service Configuration
- PAN-OS EDL Setup
- PAN-OS EDL Setup v3
- PAN-OS Log Forwarding Setup And Configuration
- PAN-OS Query Logs For Indicators
- Panorama Query Logs
- PanoramaQueryTrafficLogs
- PANW - Hunting and threat detection by indicator type
- PANW - Hunting and threat detection by indicator type V2
- PANW IoT Incident Handling with ServiceNow
- PANW IoT ServiceNow Tickets Check
- PANW Threat Vault - Signature Search
- PCAP Analysis
- PCAP File Carving
- PCAP Parsing And Indicator Enrichment
- PCAP Search
- Pentera Filter And Create Incident
- Pentera Run Scan
- Pentera Run Scan and Create Incidents
- Phishing - Core
- Phishing Investigation - Generic
- Phishing Investigation - Generic v2
- Phishing Playbook - Manual
- PhishingDemo-Onboarding
- PhishLabs - Populate Indicators
- PhishLabs - Whitelist false positives
- PII Check - Breach Notification
- Port Scan - External Source
- Port Scan - Generic
- Port Scan - Internal Source
- Prisma Access - Logout User
- Prisma Access - Connection Health Check
- Prisma Access Whitelist Egress IPs on SaaS Services
- Prisma Cloud - Find AWS Resource by FQDN
- Prisma Cloud - Find AWS Resource by Public IP
- Prisma Cloud - Find Azure Resource by FQDN
- Prisma Cloud - Find Azure Resource by Public IP
- Prisma Cloud - Find GCP Resource by FQDN
- Prisma Cloud - Find GCP Resource by Public IP
- Prisma Cloud - Find Public Cloud Resource by FQDN
- Prisma Cloud - Find Public Cloud Resource by Public IP
- Prisma Cloud Compute - Audit Alert
- Prisma Cloud Compute - Cloud Discovery Alert
- Prisma Cloud Compute - Compliance Alert
- Prisma Cloud Compute - Vulnerability Alert
- Prisma Cloud Correlate Alerts
- Prisma Cloud Remediation - AWS CloudTrail is not Enabled on the Account
- Prisma Cloud Remediation - AWS EC2 Instance Misconfiguration
- Prisma Cloud Remediation - AWS EC2 Security Group Misconfiguration
- Prisma Cloud Remediation - AWS IAM Password Policy Misconfiguration
- Prisma Cloud Remediation - AWS IAM Policy Misconfiguration
- Prisma Cloud Remediation - AWS Inactive Users For More Than 30 Days
- Prisma Cloud Remediation - AWS Security Groups Allows Internet Traffic To TCP Port
- Prisma Cloud Remediation - GCP Kubernetes Engine Cluster Misconfiguration
- Prisma Cloud Remediation - GCP Kubernetes Engine Misconfiguration
- Prisma Cloud Remediation - GCP VPC Network Firewall Misconfiguration
- Prisma Cloud Remediation - GCP VPC Network Misconfiguration
- Prisma Cloud Remediation - GCP VPC Network Project Misconfiguration
- Process Email - Add custom fields
- Process Email - Core
- Process Email - EWS
- Process Email - Generic
- Process Survey Response
- QRadar - Get offense correlations
- QRadar - Get offense correlations v2
- QRadar Indicator Hunting V2
- QRadarCorrelationLog
- QRadarFullSearch
- Quarantine Device in Cisco ISE - PANW IoT 3rd Party Integration
- Ransomware Exposure - RiskSense
- Ransomware Playbook - Manual
- Rapid IOC Hunting Playbook
- Recorded Future CVE Intelligence
- Recorded Future CVE Reputation
- Recorded Future Domain Intelligence
- Recorded Future Domain Reputation
- Recorded Future File Intelligence
- Recorded Future File Reputation
- Recorded Future IOC Reputation
- Recorded Future IP Intelligence
- Recorded Future IP Reputation
- Recorded Future Threat Assessment
- Recorded Future URL Intelligence
- Recorded Future URL Reputation
- Remediate Message - Agari Phishing Defense
- Residents Notification - Breach Notification
- Retrieve Email Data - Agari Phishing Defense
- Retrieve File from Endpoint - Generic
- Retrieve File from Endpoint - Generic V2
- RiskIQAsset Enrichment - RiskIQ Digital Footprint
- Rubrik Polaris - Anomaly Analysis
- Run Panorama Best Practice Assessment
- Rundeck-job-execute-Generic
- SafeBreach - Compare and Validate Insight Indicators
- SafeBreach - Create Incidents per Insight and Associate Indicators
- SafeBreach - Process Non-Behavioral Insights Feed
- SafeBreach - Rerun Insights
- SafeBreach - Rerun Single Insight
- SailPoint IdentityIQ Disable User Account Access
- SANS - Incident Handler's Handbook Template
- SANS - Incident Handlers Checklist
- SANS - Lessons Learned
- Scan and Isolate - XM Cyber
- Scan Assets - Nexpose
- Scan Site - Nexpose
- Search And Delete Emails - EWS
- Search And Delete Emails - Generic
- Search Endpoints By Hash - Carbon Black Protection
- Search Endpoints By Hash - Carbon Black Response
- Search Endpoints By Hash - Carbon Black Response V2
- Search Endpoints By Hash - CrowdStrike
- Search Endpoints By Hash - Cybereason
- Search Endpoints By Hash - Generic
- Search Endpoints By Hash - Generic V2
- Search Endpoints By Hash - TIE
- Send Investigation Summary Reports
- Send Investigation Summary Reports Job
- Sentinel One - Endpoint data collection
- ServiceNow Ticket State Polling
- Set up a Shift handover meeting
- Shift handover
- Slack - General Failed Logins v2.1
- SolarStorm and SUNBURST Hunting and Response Playbook
- Splunk Indicator Hunting
- Tanium - Ask Question
- Tanium - Get Saved Question Result
- Tanium Demo Playbook
- Tenable.io Scan
- Threat Hunting - Chronicle
- TIE - IOC Hunt
- TIM - Add All Indicator Types To SIEM
- TIM - Add Bad Hash Indicators To SIEM
- TIM - Add Domain Indicators To SIEM
- TIM - Add IP Indicators To SIEM
- TIM - Add Url Indicators To SIEM
- TIM - ArcSight Add Bad Hash Indicators
- TIM - ArcSight Add Domain Indicators
- TIM - ArcSight Add IP Indicators
- TIM - ArcSight Add Url Indicators
- TIM - Indicator Auto Processing
- TIM - Indicators Exclusion By Related Incidents
- TIM - Process AWS indicators
- TIM - Process Azure indicators
- TIM - Process CIDR Indicators By Size
- TIM - Process Domain Age With Whois
- TIM - Process Domain Registrant With Whois
- TIM - Process Domains With Whois
- TIM - Process File Indicators With File Hash Type
- TIM - Process Indicators - Fully Automated
- TIM - Process Indicators - Manual Review
- TIM - Process Indicators Against Approved Hash List
- TIM - Process Indicators Against Business Partners Domains List
- TIM - Process Indicators Against Business Partners IP List
- TIM - Process Indicators Against Business Partners URL List
- TIM - Process Indicators Against Organizations External IP List
- TIM - Process Office365 indicators
- TIM - QRadar Add Bad Hash Indicators
- TIM - QRadar Add Domain Indicators
- TIM - QRadar Add IP Indicators
- TIM - QRadar Add Url Indicators
- TIM - Review Indicators Manually
- TIM - Review Indicators Manually For Whitelisting
- TIM - Run Enrichment For All Indicator Types
- TIM - Run Enrichment For Domain Indicators
- TIM - Run Enrichment For Hash Indicators
- TIM - Run Enrichment For IP Indicators
- TIM - Run Enrichment For Url Indicators
- Traps Blacklist File
- Traps Isolate Endpoint
- Traps Quarantine Event
- Traps Retrieve And Download Files
- Traps Scan Endpoint
- TrendMicro Malware Alert Playbook
- Tufin - Enrich IP Address(es)
- Tufin - Enrich Source & Destination IP Information
- Tufin - Get Application Information from SecureApp
- Tufin - Get Network Device Info by IP Address
- Tufin - Investigate Network Alert
- Un-quarantine Device in Cisco ISE - PANW IoT 3rd Party Integration
- Update Or Remove Assets - RiskIQ Digital Footprint
- Uptycs - Bad IP Incident
- Uptycs - Outbound Connection to Threat IOC Incident
- URL Enrichment - Generic
- URL Enrichment - Generic v2
- US - Breach Notification
- Vulnerability Handling - Nexpose
- Vulnerability Handling - Qualys
- Vulnerability Handling - Qualys - Add custom fields to default layout
- Vulnerability Management - Nexpose (Job)
- Vulnerability Management - Qualys (Job)
- Vulnerability Scan - RiskIQ Digital Footprint - Tenable.io
- Wait Until Datetime
- WildFire - Detonate file
- xMatters - Example Conditional Actions
- xMatters - Wait for Response
- Scripts
- AbuseIPDBPopulateIndicators
- ActiveUsersD2
- AddEvidence
- AddKeyToList
- ADGetUser
- AlgosecCreateTicket
- AlgosecGetApplications
- AlgosecGetNetworkObject
- AlgosecGetTicket
- AlgosecQuery
- AnalyzeMemImage
- AnalyzeOSX
- AquatoneDiscover
- ArcherCreateSecurityIncident
- ArcherUpdateSecurityIncident
- AreValuesEqual
- AssignAnalystToIncident
- AssignAnalystToIncidentOOO
- AssignToNextShiftOOO
- ATDDetonate
- Autoruns
- AwsCreateImage
- AwsCreateVolumeSnapshot
- AwsGetInstanceInfo
- AwsRunInstance
- AwsStartInstance
- AwsStopInstance
- Base64Encode
- Base64EncodeV2
- Base64ListToFile
- BetweenDates
- BetweenHours
- BinarySearchPy
- BlockIP
- BMCHelixRemedyforceCreateIncident
- BMCHelixRemedyforceCreateServiceRequest
- BuildEWSQuery
- CalculateEntropy
- CalculateTimeDifference
- CBAlerts
- CBEvents
- CBLiveFetchFiles
- CBLiveGetFile_V2
- CBLiveProcessList
- CBPApproveHash
- CBPBanHash
- CBPCatalogFindHash
- CBPFindComputer
- CBPFindRule
- CBSensors
- CBSessions
- CBWatchlists
- CEFParser
- CertificateExtract
- CertificateReputation
- CertificatesTroubleshoot
- ChangeRemediationSLAOnSevChange
- CheckContextValue
- CheckFieldValue
- CheckPointDownloadBackup
- CheckpointFWBackupStatus
- CheckpointFWCreateBackup
- CheckSender
- CheckSenderDomainDistance
- checkValue
- ChronicleAssetEventsForHostnameWidgetScript
- ChronicleAssetEventsForIPWidgetScript
- ChronicleAssetEventsForMACWidgetScript
- ChronicleAssetEventsForProductIDWidgetScript
- ChronicleAssetIdentifierScript
- ChronicleDBotScoreWidgetScript
- ChronicleDomainIntelligenceSourcesWidgetScript
- ChronicleIsolatedHostnameWidgetScript
- ChronicleIsolatedIPWidgetScript
- ChronicleListDeviceEventsByEventTypeWidgetScript
- ChroniclePotentiallyBlockedIPWidgetScript
- ClassifierNotifyAdmin
- CloseInvestigationAsDuplicate
- CloseTaskSetContext
- Code42DownloadFile
- Code42FileSearch
- Code42GetDepartingEmployees
- Code42GetHighRiskEmployees
- Code42UsernameSearch
- commentsToContext
- CommonD2
- CommonServerUserPowerShell
- CommonServerUserPython
- CommonUserServer
- ConferIncidentDetails
- ConferSetSeverity
- ContainsCreditCardInfo
- ContextContains
- ContextFilter
- ContextGetEmails
- ContextGetHashes
- ContextGetIps
- ContextGetPathForString
- ContextSearchForString
- ConvertDatetoUTC
- ConvertDomainToURLs
- ConvertKeysToTableFieldFormat
- ConvertTableToHTML
- ConvertXmlFileToJson
- ConvertXmlToJson
- CopyFileD2
- CopyLinkedAnalystNotes
- CopyNotesToIncident
- CountArraySize
- CreateArray
- CreateCertificate
- CreateChannelWrapper
- CreateEmailHtmlBody
- CreateIndicatorsFromSTIX
- CrowdStrikeApiModule
- CrowdStrikeStreamingPreProcessing
- CrowdStrikeUrlParse
- CryptoCurrenciesFormat
- CSVFeedApiModule
- CuckooDetonateFile
- CuckooDetonateURL
- CuckooDisplayReport
- CuckooGetReport
- CuckooGetScreenshot
- CuckooTaskStatus
- CustomContentBundleWizardry
- Cut
- cveReputation
- CybereasonPreProcessingExample
- CYFileRep
- CyrenCountryLookup
- CyrenThreatInDepthRandomHunt
- CyrenThreatInDepthRelatedWidget
- CyrenThreatInDepthRelatedWidgetQuick
- CyrenThreatInDepthRenderRelated
- D2ActiveUsers
- D2Autoruns
- D2Drop
- D2Exec
- D2ExecuteCommand
- D2GetFile
- D2GetSystemLog
- D2Hardware
- D2O365ComplianceSearch
- D2O365SearchAndDelete
- D2PEDump
- D2Processes
- D2RegQuery
- D2Rekall
- D2Services
- D2Users
- D2Winpmem
- DamSensorDown
- DataDomainReputation
- DBotAverageScore
- DBotClosedIncidentsPercentage
- DBotPredictPhishingEvaluation
- DBotPredictTextLabel
- DBotPreparePhishingData
- DBotTrainTextClassifier
- DecodeMimeHeader
- DefaultIncidentClassifier
- DeleteContext
- DemistoCreateList
- DemistoGetIncidentTasksByState
- DemistoLeaveAllInvestigations
- DemistoLinkIncidents
- DemistoLogsBundle
- DemistoSendInvite
- DemistoUploadFile
- DemistoUploadFileToIncident
- DisplayCVEChartScript
- DisplayEmailHtml
- DisplayHTML
- DockerHardeningCheck
- DomainReputation
- DT
- DumpJSON
- EmailAskUser
- EmailAskUserResponse
- EmailDomainSquattingReputation
- emailFieldTriggered
- EmailReputation
- EncodeToAscii
- EPOFindSystem
- EsmExample
- ExampleJSScript
- ExchangeAssignRole
- ExchangeDeleteMail
- ExchangeSearchMailbox
- ExifRead
- Exists
- ExpanseAggregateAttributionDevice
- ExpanseAggregateAttributionIP
- ExpanseAggregateAttributionUser
- ExpanseEnrichAttribution
- ExpanseEvidenceDynamicSection
- ExpanseGenerateIssueMapWidgetScript
- ExpansePrintSuggestions
- ExpanseRefreshIssueAssets
- ExportToCSV
- ExportToXLSX
- ExposeIncidentOwner
- ExtFilter
- ExtractDomainFromIOCDomainMatchRes
- ExtractHTMLTables
- FailedInstances
- FeedRelatedIndicatorsWidget
- FetchFileD2
- FetchIndicatorsFromFile
- FileCreateAndUpload
- FileReputation
- findIncidentsWithIndicator
- FireEyeDetonateFile
- FPDeleteRule
- FPSetRule
- GenerateInvestigationSummaryReport
- GeneratePANWIoTDeviceTableQueryForServiceNow
- GeneratePassword
- GenerateRandomString
- GenerateRandomUUID
- GenerateSummaryReports
- GenericPollingScheduledTask
- GetCiscoISEActiveInstance
- GetDomainDNSDetails
- GetFailedTasks
- GetIndicatorDBotScore
- GetInstances
- GetListRow
- getMlFeatures
- GetNumberOfUsersOnCall
- GetOnCallHoursPerUser
- GetRolesPerShift
- GetShiftsPerUser
- GetStringsDistance
- GetTime
- GetUsersOnCall
- GetUsersOOO
- GoogleappsRevokeUserRole
- GoogleAuthURL
- GrrGetFiles
- GrrGetFlows
- GrrGetHunt
- GrrGetHunts
- GrrSetFlows
- GrrSetHunts
- GSuiteApiModule
- HelloWorldPremiumScript
- HelloWorldScript
- hideFieldsOnNewIncident
- HighlightWords
- http
- HTTPFeedApiModule
- IAMApiModule
- If-Then-Else
- ImpSfListEndpoints
- ImpSfRevokeUnaccessedDevices
- ImpSfScheduleTask
- ImpSfSetEndpointStatus
- IncapGetAppInfo
- IncapGetDomainApproverEmail
- IncapListSites
- IncapScheduleTask
- IncapWhitelistCompliance
- IncidentAddSystem
- IncidentsCheck-NumberofIncidentsNoOwner
- IncidentsCheck-NumberofIncidentsWithErrors
- IncidentsCheck-NumberofTotalEntriesErrors
- IncidentsCheck-PlaybooksFailingCommands
- IncidentsCheck-PlaybooksHealthNames
- IncidentsCheck-Widget-CommandsNames
- IncidentsCheck-Widget-CreationDate
- IncidentsCheck-Widget-IncidentsErrorsInfo
- IncidentsCheck-Widget-NumberFailingIncidents
- IncidentsCheck-Widget-NumberofErrors
- IncidentsCheck-Widget-PlaybookNames
- IncidentsCheck-Widget-UnassignedFailingIncidents
- IncreaseIncidentSeverity
- IndicatorMaliciousRatioCalculation
- InRange
- InstancesCheck-FailedCategories
- InstancesCheck-NumberofEnabledInstances
- InstancesCheck-NumberofFailedInstances
- IntegrationsCheck-Widget-IntegrationsCategory
- IntegrationsCheck-Widget-IntegrationsErrorsInfo
- IntegrationsCheck-Widget-NumberChecked
- IntegrationsCheck-Widget-NumberFailingInstances
- IntezerRunScanner
- iot-security-alert-post-processing
- iot-security-check-servicenow
- iot-security-get-raci
- iot-security-vuln-post-processing
- IPReputation
- IPToHost
- IsDemistoRestAPIInstanceAvailable
- IsEmailAddressInternal
- isError
- IsGreaterThan
- IsIntegrationAvailable
- IsInternalHostName
- IsIPInRanges
- IsListExist
- IsMaliciousIndicatorFound
- IsTrue
- IsValueInArray
- JiraCreateIssue-example
- JIRAPrintIssue
- jmespath
- JoinIfSingleElementOnly
- JSONFeedApiModule
- JSONtoCSV
- LanguageDetect
- LCMAcknowledgeHost
- LCMDetectedEntities
- LCMDetectedIndicators
- LCMHosts
- LCMIndicatorsForEntity
- LCMPathFinderScanHost
- LCMResolveHost
- LCMSetHostComment
- LessThanPercentage
- LinkIncidentsWithRetry
- ListDeviceEvents
- listExecutedCommands
- LoadJSON
- MaliciousRatioReputation
- ManageOOOusers
- MapValues
- MapValuesTransformer
- MarkAsEvidenceBySearch
- MarkAsNoteBySearch
- MarkAsNoteByTag
- MarkRelatedIncidents
- MatchIPinCIDRIndicators
- MatchRegex
- MatchRegexV2
- MathUtil
- MattermostAskUser
- MicrosoftApiModule
- MicrosoftTeamsAsk
- MimecastFindEmail
- MimecastQuery
- MITREIndicatorsByOpenIncidents
- ModifyDateTime
- NetwitnessQuery
- NetwitnessSAAddEventsToIncident
- NetwitnessSACreateIncident
- NetwitnessSAGetAvailableAssignees
- NexposeCreateIncidentsFromAssets
- NexposeEmailParser
- NexposeEmailParserForVuln
- NexposeVulnExtractor
- NotInContextVerification
- O365SearchEmails
- OnboardingCleanup
- OnionURLReputation
- OSQueryBasicQuery
- OSQueryLoggedInUsers
- OSQueryOpenSockets
- OSQueryProcesses
- OSQueryUsers
- Osxcollector
- OutOfOfficeListCleanup
- PagerDutyAlertOnIncident
- PagerDutyAssignOnCallUser
- ParseCSV
- ParseEmailFiles
- ParseExcel
- ParseJSON
- ParseWordDoc
- PcapFileExtractor
- PCAPMiner
- PcapMinerV2
- PDFUnlocker
- PortListenCheck
- PreprocessEmail
- PrintContext
- PrintErrorEntry
- PrintRaw
- PrismaCloudAttribution
- PTEnrich
- PublishEntriesToContext
- PWEventPcapDownload
- PWObservationPcapDownload
- QRadarFetchedEventsSum
- QRadarMagnitude
- QRadarPrintAssets
- QRadarPrintEvents
- QualysCreateIncidentFromReport
- ReadPDFFileV2
- RecordedFutureDomainRiskList
- RecordedFutureHashRiskList
- RecordedFutureIPRiskList
- RecordedFutureURLRiskList
- RecordedFutureVulnerabilityRiskList
- RegCollectValues
- RegPathReputationBasicLists
- RegProbeBasic
- RemoteExec
- RemoveKeyFromList
- ResolveShortenedURL
- ReverseList
- RiskIQDigitalFootprintAssetDetailsWidgetScript
- RiskIQPassiveTotalComponentsScript
- RiskIQPassiveTotalComponentsWidgetScript
- RiskIQPassiveTotalHostPairChildrenScript
- RiskIQPassiveTotalHostPairParentsScript
- RiskIQPassiveTotalHostPairsChildrenWidgetScript
- RiskIQPassiveTotalHostPairsParentsWidgetScript
- RiskIQPassiveTotalPDNSScript
- RiskIQPassiveTotalPDNSWidgetScript
- RiskIQPassiveTotalSSLForIssuerEmailWidgetScript
- RiskIQPassiveTotalSSLForSubjectEmailWidgetScript
- RiskIQPassiveTotalSSLScript
- RiskIQPassiveTotalSSLWidgetScript
- RiskIQPassiveTotalTrackersScript
- RiskIQPassiveTotalTrackersWidgetScript
- RiskIQPassiveTotalWhoisScript
- RiskIQPassiveTotalWhoisWidgetScript
- RiskSenseGetRansomewareCVEScript
- RSAArcherManualFetch
- RubrikSonarSensitiveHits
- RunDockerCommand
- RunPollingCommand
- SalesforceAskUser
- SandboxDetonateFile
- SbDownload
- SbQuery
- SbQuota
- SbUpload
- ScheduleCommand
- ScheduleGenericPolling
- SCPPullFiles
- SearchIncidentsV2
- SearchIndicators
- SendAllPANWIoTAssetsToSIEM
- SendAllPANWIoTDevicesToCiscoISE
- SendAllPANWIoTDevicesToServiceNow
- SendEmailOnSLABreach
- SendEmailReply
- SendMessageToOnlineUsers
- SendPANWIoTDevicesToCiscoISE
- SEPCheckOutdatedEndpoints
- ServiceNowApiModule
- ServiceNowCreateIncident
- ServiceNowIncidentStatus
- ServiceNowQueryIncident
- ServiceNowUpdateIncident
- Set
- SetByIncidentId
- SetDateField
- SetGridField
- SetMultipleValues
- SetSeverityByScore
- SetTagsBySearch
- SetTime
- ShowOnMap
- ShowScheduledEntries
- SixgillSearchIndicators
- SlackAsk
- Sleep
- SplunkEmailParser
- SSDeepReputation
- StaticAnalyze
- StixCreator
- StopScheduledTask
- StringContainsArray
- StringLength
- StringReplace
- Strings
- TaniumFilterComputersByIndexQueryFileDetails
- TAXII2ApiModule
- TextFromHTML
- ticksToTime
- TimeStampCompare
- TimeStampToDate
- TimeToNextShift
- TopMaliciousRatioIndicators
- ToTable
- TrendmicroAlertStatus
- TrendmicroAntiMalwareEventRetrieve
- TrendMicroClassifier
- TrendMicroGetHostID
- TrendMicroGetPolicyID
- TrendmicroHostAntimalwareScan
- TrendmicroHostRetrieveAll
- TrendmicroSecurityProfileAssignToHost
- TrendmicroSecurityProfileRetrieveAll
- TrendmicroSystemEventRetrieve
- UnEscapeIPs
- UnEscapeURLs
- UnPackFile
- UnzipFile
- URLDecode
- URLNumberOfAds
- URLReputation
- UrlscanGetHttpTransactions
- URLSSLVerification
- UserEnrichAD
- UtilAnyResults
- ValidateContent
- VerifyHumanReadableContains
- VerifyJSON
- VolApihooks
- Volatility
- VolConnscan
- VolDlllist
- VolGetProcWithMalNetConn
- VolImageinfo
- VolJson
- VolLDRModules
- VolMalfind
- VolMalfindDumpAgent
- VolNetworkConnections
- VolPSList
- VolRaw
- VolRunCmds
- WaitForKey
- WhereFieldEquals
- XBInfo
- XBLockouts
- XBNotable
- XBTimeline
- XBTriggeredRules
- XBUser
- YaraScan
- ZipFile
- Content Release Notes
- 21.3.0
- 21.2.1
- 21.2.0
- 21.1.1
- 21.1.0
- 20.12.1
- 20.12.0
- 20.11.1
- 20.11.0
- 20.10.1
- 20.10.0
- 20.9.2
- 20.9.1
- 20.9.0
- 20.8.2
- 20.8.1
- 20.8.0
- 20.7.2
- 20.7.1
- 20.7.0
- 20.6.1
- 20.6.0
- 20.5.3
- 20.5.2
- 20.5.1
- 20.5.0
- 20.4.1
- 20.4.0
- 20.3.4
- 20.3.3
- 20.3.2
- 20.3.1
- 20.2.4
- 20.2.3
- 20.2.2
- 20.2.1
- 20.2.0
- 20.1.2
- 20.1.1
- 20.1.0
- 19.12.1
- 19.12.0
- 19.11.1
- 19.11.0
- 19.10.3
- 19.10.2
- 19.10.1
- 19.10.0
- 19.9.1
- 19.9.0