Generate a list of all actions provided by Phantom Apps (https://my.phantom.us/4.8/apps/)
1 unique descriptions / Provided by 1 apps
- Activate a device
- Code42
1 unique descriptions / Provided by 1 apps
- Activate a partition
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Activate a user
- Code42
2 unique descriptions / Provided by 2 apps
- Add ACL to an instance
- AWS EC2
- Add a NetworkAcl rule
- AWS Community App 2
1 unique descriptions / Provided by 1 apps
- Add an application security groups in a resource group
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Add a value as a new artifact
- Phantom
1 unique descriptions / Provided by 1 apps
- Uploads vaulted file as attachment to ticket
- Request Tracker
1 unique descriptions / Provided by 1 apps
- Add API-managed category to Forcepoint
- Forcepoint Web Security
1 unique descriptions / Provided by 1 apps
- Add user as a collaborator to repo
- GitHub
3 unique descriptions / Provided by 3 apps
- Add a comment to a ticket
- Jira
- Add a comment to an existing page
- Confluence
- Add work log information to the incident
- BMC Remedy
1 unique descriptions / Provided by 1 apps
- Create a file in the local working directory
- Git
1 unique descriptions / Provided by 1 apps
- Add a firewall rule using netsh
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Add a group
- Okta
1 unique descriptions / Provided by 1 apps
- Add held account to the given hold ID
- Google Vault
1 unique descriptions / Provided by 1 apps
- Add new indicators
- Cybereason
1 unique descriptions / Provided by 1 apps
- Add a new IP to an existing IP set OR a new IP set
- AWS WAF
1 unique descriptions / Provided by 1 apps
- Add label(s) to an issue on the GitHub repository
- GitHub
4 unique descriptions / Provided by 4 apps
- Add an item to a reference set in Qradar
- QRadar
- Add to a list
- LogRhythm SIEM
- Add url/category to local database file
- Symantec Management Center
- Add value to a custom list
- Phantom
2 unique descriptions / Provided by 2 apps
- Add a sender or domain to a Mimecast group
- Mimecast
- Add user in a team
- GitHub
1 unique descriptions / Provided by 1 apps
- Add a network security group in a resource group
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Add an existing node to a pool
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Add Note to the AWS Security Hub aggregated findings specified by the filter attributes
- AWS Security Hub
1 unique descriptions / Provided by 1 apps
- Adds a parameter to the AWS account's Parameter Store
- AWS Systems Manager
1 unique descriptions / Provided by 1 apps
- Grants an AWS service or another account permission to use a function
- AWS Lambda
1 unique descriptions / Provided by 1 apps
- Create a new policy on CB Defense
- Carbon Black Defense
1 unique descriptions / Provided by 1 apps
- Add new role in AWS IAM account
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Add a rule to a policy on CB Defense
- Carbon Black Defense
1 unique descriptions / Provided by 1 apps
- Adds the instance to a security group
- AWS Community App 2
1 unique descriptions / Provided by 1 apps
- Add a server to an upstream
- NGINX
1 unique descriptions / Provided by 1 apps
- Add a static flow rule.
- Floodlight SDN
4 unique descriptions / Provided by 4 apps
- Add a tag to an endpoint
- McAfee ePO
- Add tag to an instance
- AWS EC2
- Adds tag to instances
- AWS Community App 2
- Attach Security Tag
- NSX
1 unique descriptions / Provided by 1 apps
- Create a new assessment target using the ARN of the resource group
- AWS Inspector
3 unique descriptions / Provided by 3 apps
- Add a user to the provided group
- Alibaba RAM
- Add a user to the tenant by creating an organizational account
- Azure AD Graph
- Add user to a group
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Get details on alerts configured and generated by Recorded Future by alert rule ID and/or ...
- Recorded Future
1 unique descriptions / Provided by 1 apps
- Search for alert rule IDs by name
- Recorded Future
1 unique descriptions / Provided by 1 apps
- Allow an URL
- Blue Coat
1 unique descriptions / Provided by 1 apps
- Manage ingestion details
- QRadar
1 unique descriptions / Provided by 1 apps
- Analyze a file on a computer
- Carbon Black Protection (Bit9)
1 unique descriptions / Provided by 1 apps
- Find information about your API quota, like current usage, quota left, etc
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Archives Amazon GuardDuty findings specified by the detector ID and list of finding IDs
- AWS GuardDuty
1 unique descriptions / Provided by 1 apps
- Archive the AWS Security Hub aggregated findings specified by the filter attributes
- AWS Security Hub
1 unique descriptions / Provided by 1 apps
- Detaches an instance from an auto-scaling group
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Ask a question to a Slack user
- Slack
1 unique descriptions / Provided by 1 apps
- Assign one or more hosts to the static host group
- CrowdStrike OAuth API
1 unique descriptions / Provided by 1 apps
- Assign an instance to a security group
- AWS EC2
1 unique descriptions / Provided by 1 apps
- Assign managed policy to the user
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Assign a role to a user
- Okta
1 unique descriptions / Provided by 1 apps
- Assign the user to an offense
- QRadar
1 unique descriptions / Provided by 1 apps
- Attach an instance to an autoscaling group
- AWS EC2
2 unique descriptions / Provided by 2 apps
- Attach a policy to the provided user, group, or role
- Alibaba RAM
- Attach managed policy to a role
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Create a JSON backup of the Corelight box
- Corelight
2 unique descriptions / Provided by 2 apps
- Add a domain to the bad sender list
- Symantec Messaging Gateway
- Blacklist domain
- NetWitness Endpoint
1 unique descriptions / Provided by 1 apps
- Add an email to the bad sender list
- Symantec Messaging Gateway
6 unique descriptions / Provided by 6 apps
- Add an IP to the Blacklist
- ThreatX
- Add an IP to the bad sender list
- Symantec Messaging Gateway
- Add an IP to the outbound Blacklist
- Arbor APS
- Blacklist IP
- NetWitness Endpoint
- Blacklist IP by adding a rule to every subnet NACL accessible by credentials
- AWS Community App
- Block an IP
- Zscaler
1 unique descriptions / Provided by 1 apps
- Blacklists a specific sender and recipient in Mimecast
- Mimecast
2 unique descriptions / Provided by 2 apps
- Adds URL to a managed URL blacklist
- Mimecast
- Block a URL
- Zscaler
1 unique descriptions / Provided by 3 apps
- Block an application
- Palo Alto Networks Firewall
- Juniper SRX
- Panorama
1 unique descriptions / Provided by 1 apps
- Block ARP packets sourced from this MAC.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Block a device
- Code42
2 unique descriptions / Provided by 2 apps
- Block a domain
- OpenDNS Umbrella
- Block domain
- Infoblox DDI
1 unique descriptions / Provided by 1 apps
- Create a new AppLocker policy to block a file path
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Block network traffic matching flow parameters.
- Floodlight SDN
5 unique descriptions / Provided by 6 apps
- Add a file to the Global Quarantine list
- Cylance
- Add a hash to the Carbon Black Response blacklist
- Carbon Black Response
- Ban the file hash
- Carbon Black Protection (Bit9)
- Block a file hash
- SentinelOne
- CylancePROTECT
- Block hashes on endpoints
- Symantec Endpoint Protection 14
13 unique descriptions / Provided by 25 apps
- Add an IP to the outbound Blacklist
- Arbor APS
- Add an iptables rule to linux server. Requires root privileges. Not supported on OS X.
- SSH
- Block IP
- Infoblox DDI
- Block IP or list of IPs by adding them to the supplied category
- Forcepoint Web Security
- Block an IP
- FortiGate
- Zscaler
- Palo Alto Networks Firewall
- ThreatX
- Forcepoint Firewall
- McAfee Network Security Manager
- NSX
- SonicWALL
- Apresia 26000 series
- TiFRONT
- Juniper SRX
- Cisco ASA
- Panorama
- Block an IP address or network.
- SecureSphere WAF
- Block an IP/subnet
- Check Point Firewall
- Block traffic to/from the matching IP.
- Floodlight SDN
- Blocks an IP
- Cisco Router BGP RTBH
- Blocks an IP address
- F5 BIG-IP
- Blocks an IP address or network
- A10 LADS
- Blocks an IP network
- Cisco Firepower
- Create a firewall rule to block a specified IP
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Block traffic to/from the matching MAC
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Blocks an IP network
- Cisco Router BGP RTBH
1 unique descriptions / Provided by 1 apps
- Block an application port
- NSX
1 unique descriptions / Provided by 1 apps
- Add the sender email into the block list
- EWS for Office 365
1 unique descriptions / Provided by 1 apps
- Block a network service
- SonicWALL
1 unique descriptions / Provided by 1 apps
- Block traffic to/from the matching IP subnet.
- Floodlight SDN
3 unique descriptions / Provided by 6 apps
- Block URL or list of URLs by adding them to the supplied category
- Forcepoint Web Security
- Block a URL
- Zscaler
- Block an URL
- Palo Alto Networks Firewall
- SonicWALL
- Blue Coat
- Panorama
1 unique descriptions / Provided by 1 apps
- Cancel the sending of a notifcation
- AlertFind
1 unique descriptions / Provided by 1 apps
- Cancel a job
- Verodin
1 unique descriptions / Provided by 1 apps
- Move a user to specific organization
- Code42
1 unique descriptions / Provided by 1 apps
- Change the OU of a computer/system
- LDAP
1 unique descriptions / Provided by 1 apps
- Verify whether a host is Deceptive
- Attivo
1 unique descriptions / Provided by 1 apps
- Check the results for 202
- Corelight
3 unique descriptions / Provided by 3 apps
- Check status of sample (file or URL) submitted in the Falcon Sandbox
- Falcon Sandbox
- Check status of sample file or URL submitted for analysis
- Joe Sandbox v2
- Check the status of an action
- Symantec ATP
1 unique descriptions / Provided by 1 apps
- Determine a SHA256 that an online file or URL submission will have when being processed ...
- Falcon Sandbox
1 unique descriptions / Provided by 1 apps
- Verify whether a user is Deceptive
- Attivo
1 unique descriptions / Provided by 1 apps
- Remove all static flow rules.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Clone the repo
- Git
1 unique descriptions / Provided by 1 apps
- Close an alert in the IntSights dashboard
- IntSights
1 unique descriptions / Provided by 1 apps
- Move a matter to the CLOSED state
- Google Vault
1 unique descriptions / Provided by 1 apps
- Close an active offense, marking status=CLOSED
- QRadar
1 unique descriptions / Provided by 1 apps
- Adds a comment to an Alert within IronDefense
- IronNet
1 unique descriptions / Provided by 1 apps
- Create an RSA Key pair for SSH connectivity
- Git
1 unique descriptions / Provided by 1 apps
- Query Threat Response for Context
- Cisco Threat Response
1 unique descriptions / Provided by 3 apps
- Copy an email to a folder
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
- MS Graph for Office 365
1 unique descriptions / Provided by 1 apps
- Run the copy command on the Windows Endpoint
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Create Adversary in ThreatQ
- ThreatQ
3 unique descriptions / Provided by 3 apps
- Create a new alert
- Axonius Cybersecurity Asset Management
- Create an alert/watchlist
- Carbon Black Response
- Upload one or more indicators that you want CrowdStrike to watch
- Falcon Host API
1 unique descriptions / Provided by 1 apps
- Upload annotations to specific scope
- Cisco Tetration Analytics
1 unique descriptions / Provided by 1 apps
- Prepare the breadcrumb file for installation
- Cymmetria MazeRunner
1 unique descriptions / Provided by 1 apps
- Create a bucket
- AWS S3
1 unique descriptions / Provided by 1 apps
- Enrolls a certificate in Venafi
- Venafi
1 unique descriptions / Provided by 1 apps
- Create a comment for an issue on the GitHub repository
- GitHub
1 unique descriptions / Provided by 1 apps
- Create a new local or remote connection
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Create a new container on a Phantom instance
- Phantom
1 unique descriptions / Provided by 1 apps
- Create a new custom device on the ExtraHop
- ExtraHop
3 unique descriptions / Provided by 3 apps
- Create (trigger) an event in xMatters
- xMatters
- Create a new event in MISP
- MISP
- Create event based on current container
- ThreatQ
1 unique descriptions / Provided by 1 apps
- Perform a search based on the provided criteria and create an export for the search ...
- Google Vault
1 unique descriptions / Provided by 1 apps
- Creates a new filter on the instance
- Ixia Network Packet Broker
2 unique descriptions / Provided by 2 apps
- Create a folder
- Microsoft OneDrive
- Create a new folder
- G Suite for Drive
1 unique descriptions / Provided by 1 apps
- Create Security Group
- NSX
1 unique descriptions / Provided by 1 apps
- Create a hold within the given matter ID
- Google Vault
3 unique descriptions / Provided by 3 apps
- Create an incident in ThreatStream
- ThreatStream
- Create an incident on PagerDuty
- PagerDuty
- Create incident on VictorOps
- VictorOps
1 unique descriptions / Provided by 1 apps
- Creates an AWS instance from an image id
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Create IOC in ThreatQ
- ThreatQ
1 unique descriptions / Provided by 1 apps
- Create an issue for the GitHub repository
- GitHub
1 unique descriptions / Provided by 1 apps
- Create a new label
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Create a matter with OPEN state
- Google Vault
1 unique descriptions / Provided by 1 apps
- Create a new node
- F5 BIG-IP LTM
2 unique descriptions / Provided by 2 apps
- Create a new Salesforce object
- Salesforce
- Create an object
- AWS S3
1 unique descriptions / Provided by 1 apps
- Create a page in the space
- Confluence
1 unique descriptions / Provided by 1 apps
- Create a stager in Empire
- Empire
1 unique descriptions / Provided by 1 apps
- Create a new pool
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Create a new project
- Tala
1 unique descriptions / Provided by 1 apps
- Add an IOC to a report
- Carbon Black ThreatHunter
1 unique descriptions / Provided by 1 apps
- Create a resource
- CRITs
1 unique descriptions / Provided by 1 apps
- Create a new listener
- Empire
1 unique descriptions / Provided by 1 apps
- Create sighting in EclecticIQ TIP
- EclecticIQ app
1 unique descriptions / Provided by 1 apps
- Capture a new snapshot
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Create a new suppression rule
- Tanium Detect
2 unique descriptions / Provided by 2 apps
- Create Security Tag
- NSX
- Create or update a tag
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Create Task
- TheHive
13 unique descriptions / Provided by 15 apps
- Create a Ticket
- Zendesk
- Create a case
- ArcSight ESM
- Create a new Case
- Salesforce
- Create a new case submission
- PhishLabs
- Create a new ticket
- RSA Archer
- Ivanti ITSM
- Create a new ticket/record
- ServiceNow
- Create a ticket
- Request Tracker
- Create a ticket (incident)
- RemedyForce
- Create a ticket (issue)
- Jira
- TheHive
- Create an incident
- Cherwell
- Create incident
- BMC Remedy
- Create ticket
- OTRS
- Report cyber event
- Cyware
1 unique descriptions / Provided by 1 apps
- Create a new pipeline trigger for a GitLab project
- GitLab
1 unique descriptions / Provided by 1 apps
- Create a VPC with the specified IPv4 CIDR block
- AWS EC2
1 unique descriptions / Provided by 1 apps
- Deactivate a device
- Code42
1 unique descriptions / Provided by 1 apps
- Deactivate a partition
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Deactivate a user
- Code42
1 unique descriptions / Provided by 1 apps
- Shut down the virtual machine and release the compute resources. You are not billed for ...
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Deauthorize a device
- Code42
1 unique descriptions / Provided by 1 apps
- Decodes URL that was rewritten by Mimecast for on-click protection
- Mimecast
1 unique descriptions / Provided by 1 apps
- Deflates an item from the vault
- Phantom
1 unique descriptions / Provided by 1 apps
- Deisolate endpoint after threats are removed
- Malwarebytes Cloud
2 unique descriptions / Provided by 2 apps
- Delete an alert by ID
- Tanium Detect
- Delete an indicator that is being watched
- Falcon Host API
1 unique descriptions / Provided by 1 apps
- Delete alerts
- Axonius Cybersecurity Asset Management
1 unique descriptions / Provided by 1 apps
- Clear all annotations of specific scope
- Cisco Tetration Analytics
1 unique descriptions / Provided by 1 apps
- Delete API-managed category
- Forcepoint Web Security
1 unique descriptions / Provided by 1 apps
- Deletes connection
- Tanium Threat Response
2 unique descriptions / Provided by 2 apps
- Delete documents which match a given filter
- MongoDB
- Perform a REST DELETE call to the server
- HTTP
1 unique descriptions / Provided by 4 apps
- Delete emails
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
- MS Graph for Office 365
- G Suite for GMail
6 unique descriptions / Provided by 6 apps
- Delete a downloaded file from Tanium Threat Response
- Tanium Threat Response
- Delete a file
- G Suite for Drive
- Delete a file from an endpoint
- Symantec ATP
- Delete a file from the local working directory
- Git
- Delete file
- Microsoft OneDrive
- Run the delete command on the Windows Endpoint
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Remove a filter from the instance
- Ixia Network Packet Broker
3 unique descriptions / Provided by 3 apps
- Delete a firewall rule.
- Floodlight SDN
- Delete a firewall rule. Requires root privileges. Not supported on OS X
- SSH
- Remove a firewall rule using netsh
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Delete a folder
- Microsoft OneDrive
1 unique descriptions / Provided by 1 apps
- Delete a hold
- Google Vault
1 unique descriptions / Provided by 1 apps
- Delete incident in ThreatStream by ID number
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Delete indicators based on the key provided
- Cybereason
1 unique descriptions / Provided by 1 apps
- Delete the identified intel document by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Delete IOC value from a report
- Carbon Black ThreatHunter
1 unique descriptions / Provided by 1 apps
- Removes IP from an existing IP set
- AWS WAF
1 unique descriptions / Provided by 1 apps
- Delete an existing label by ID. Will fail if label is used in group configurations
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Delete a local snapshot
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Move a matter to the DELETED state
- Google Vault
1 unique descriptions / Provided by 1 apps
- Delete a node
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Delete one notification by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Delete an object
- Salesforce
1 unique descriptions / Provided by 1 apps
- Delete the specified PCAP
- Endace
2 unique descriptions / Provided by 2 apps
- Delete a policy on CB Defense
- Carbon Black Defense
- Delete an AppLocker policy
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Delete a project
- Tala
1 unique descriptions / Provided by 1 apps
- Delete a property of a host
- ForeScout CounterACT
1 unique descriptions / Provided by 1 apps
- Delete a cloned repository
- Git
1 unique descriptions / Provided by 1 apps
- Remove an IOC from a report
- Carbon Black ThreatHunter
2 unique descriptions / Provided by 2 apps
- Delete a rule from a policy on CB Defense
- Carbon Black Defense
- remove a rule from an existing map based on rule id
- Gigamon Application for Phantom
1 unique descriptions / Provided by 1 apps
- Delete a simulation
- Verodin
1 unique descriptions / Provided by 1 apps
- Delete single feed
- Carbon Black ThreatHunter
1 unique descriptions / Provided by 1 apps
- Delete a snapshot
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Delete an existing source by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Remove a static flow rule.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Delete one suppression rule
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Delete the assessment target
- AWS Inspector
2 unique descriptions / Provided by 2 apps
- Delete a Case
- Salesforce
- Delete ticket (issue)
- Jira
1 unique descriptions / Provided by 1 apps
- Delete user from AWS IAM account
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Delete a VM
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Delete a zone
- Verodin
1 unique descriptions / Provided by 1 apps
- Bring up a network decoy system
- Attivo
2 unique descriptions / Provided by 2 apps
- Deploy a patch
- BigFix
- Deploy patch
- Microsoft SCCM
2 unique descriptions / Provided by 2 apps
- Deregister an instance from AWS Elastic Load Balance
- AWS EC2
- Deregister instance from AWS Elastic Load Balance
- AWS Community App 2
1 unique descriptions / Provided by 1 apps
- Fetches the details of a specified filter
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- List all policies and users details for the provided group name
- Alibaba RAM
3 unique descriptions / Provided by 3 apps
- Describe one or more instances
- AWS EC2
- Describes one or more of your instances
- AWS Community App 2
- Describes your AWS instance, including the instance's platform type
- AWS Systems Manager
1 unique descriptions / Provided by 1 apps
- Get information about a node
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Get information about an upstream server
- NGINX
1 unique descriptions / Provided by 1 apps
- Retrieve settings for trails associated with the current region and the multi-region trails
- AWS CloudTrail
1 unique descriptions / Provided by 1 apps
- Fetch the user details, details of the associated user groups, and user policies
- Alibaba RAM
2 unique descriptions / Provided by 2 apps
- Detach an instance from an autoscaling group
- AWS EC2
- Detaches an instance from an autoscaling group
- AWS Community App 2
2 unique descriptions / Provided by 2 apps
- Detach a policy from the provided user, group, or role
- Alibaba RAM
- Detach managed policy from a role
- AWS IAM
17 unique descriptions / Provided by 21 apps
- Analyze the file in the A1000 Advanced Malware Analysis Appliance and retrieve the analysis results
- RL A1000
- Analyze the file in the TISCALE Advanced Malware Analysis Appliance and retrieve the analysis results
- RL TitaniumScale Enterprise File Visibility
- Detonate file in ThreatStream
- ThreatStream
- Detonate file in the VMRay Analyzer
- VMRay
- Detonate the file in the Falcon Sandbox
- Falcon Sandbox
- Retrieve detonation analysis results for file
- Joe Sandbox v2
- Run file in Symantec CAS sandbox and retrieve analysis results
- Symantec CAS
- Run the file in the Cyphort sandbox and retrieve the analysis results.
- Cyphort
- Run the file in the FireEye sandbox and retrieve the analysis results.
- FireEye
- Run the file in the Lastline sandbox and retrieve the analysis results
- Lastline
- Run the file in the Malware Analysis Service instance and, if possible, retrieve the analysis ...
- Malware Analysis Service
- Run the file in the Threat Grid sandbox and retrieve the analysis results
- Threat Grid
- Run the file in the WildFire sandbox and retrieve the analysis results.
- WildFire
- Run the file in the sandbox and retrieve part of the analysis results.
- Malwr
- Run the file in the sandbox and retrieve the analysis results
- DarkPoint
- Intezer Analyze
- Cuckoo
- Koodous
- McAfee Advanced Threat Defense (ATD)
- Upload a file to Polyswarm and retrieve analysis results
- PolySwarm
- Upload a file to Virus Total and retrieve the analysis results
- VirusTotal
1 unique descriptions / Provided by 1 apps
- Detonate an online file in the Falcon Sandbox
- Falcon Sandbox
13 unique descriptions / Provided by 13 apps
- Detonate URL in ThreatStream
- ThreatStream
- Detonate a URL at urlscan.io
- urlscan.io
- Detonate a URL in the Falcon Sandbox
- Falcon Sandbox
- Detonate a url in the VMRay Analyzer
- VMRay
- Load a URL in the Cuckoo sandbox and retrieve the analysis results
- Cuckoo
- Load a URL in the FireEye sandbox and retrieve the analysis results.
- FireEye
- Load a URL in the Lastline sandbox and retrieve the analysis results
- Lastline
- Load a URL in the Threat Grid sandbox and retrieve the analysis results
- Threat Grid
- Load a URL to Polyswarm and retrieve analysis results
- PolySwarm
- Load a URL to Virus Total and retrieve analysis results
- VirusTotal
- Retrieve detonation analysis results for URL
- Joe Sandbox v2
- Send a URL to DarkPoint and retrieve the analysis results
- DarkPoint
- URL link is processed inside analyzer VM and retrieve the analysis results
- McAfee Advanced Threat Defense (ATD)
1 unique descriptions / Provided by 1 apps
- Disables an AWS IAM user account
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Disable the firewall.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Disable the instance from being terminated via API
- AWS Community App 2
1 unique descriptions / Provided by 1 apps
- Disable a node
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Disable a server
- NGINX
1 unique descriptions / Provided by 1 apps
- Invalidate all active refresh tokens for a user in an Azure AD environment
- Azure AD Graph
3 unique descriptions / Provided by 4 apps
- Disable a user
- Azure AD Graph
- Disable login profile and access keys of a user
- AWS IAM
- Disables the specified user
- Okta
- LDAP
1 unique descriptions / Provided by 1 apps
- Disallow an URL
- Blue Coat
1 unique descriptions / Provided by 1 apps
- Returns tags for a given domain
- SecurityTrails
1 unique descriptions / Provided by 1 apps
- Find IP addresses this domain has resolved to
- ZETAlytics
1 unique descriptions / Provided by 1 apps
- Lists out specific historical information about the given domain parameter
- SecurityTrails
1 unique descriptions / Provided by 1 apps
- Get threat intelligence for a domain
- Recorded Future
17 unique descriptions / Provided by 20 apps
- Checks Domain against CriticalStack Domain lists
- CriticalStack Intel
- Determine the reputation of a domain
- Safe Browsing
- Evaluates the risk of a given domain
- DomainTools Iris
- DomainTools
- Get a quick indicator of the risk associated with a domain
- Recorded Future
- Get attributes, related indicators, and related adversaries
- ThreatQ
- Get domain info/reputation
- PassiveTotal
- Get domain reputation
- DeepSight
- Get information about a given domain
- ThreatStream
- Looks up information about domains in Kaspersky Threat Intelligence Portal
- Kaspersky Threat Intelligence
- Queries Polyswarm for Domain reputation info
- PolySwarm
- Queries URLVoid for domain info.
- URLVoid
- Queries VirusTotal for domain info
- VirusTotal
- Queries domain info
- EclecticIQ app
- ZETAlytics
- APIvoid
- Queries for domain reputation information
- AlienVault OTX
- Query OpenDNS for domain info
- OpenDNS Investigate
- Query for domain reputation
- Malware Domain List
- Returns domain reputation report
- IBM XForce
1 unique descriptions / Provided by 1 apps
- Filter and search specific records using this endpoint
- SecurityTrails
1 unique descriptions / Provided by 1 apps
- Returns subdomains for a given domain
- SecurityTrails
1 unique descriptions / Provided by 1 apps
- Download webpage HTML against a previous URL Scan request
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Download webpage screenshot against a previous URL Scan request
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Download webpage text against a previous URL Scan request
- SlashNext Phishing Incident Response
3 unique descriptions / Provided by 3 apps
- Get attributes, related indicators, and related adversaries
- ThreatQ
- Get information about a given email
- ThreatStream
- Queries email info
- EclecticIQ app
1 unique descriptions / Provided by 1 apps
- Enable EC2 Access for a given IAM user
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Enables an AWS IAM user account
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Enable the firewall.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Enable a node
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Enable a server
- NGINX
1 unique descriptions / Provided by 1 apps
- Enable Security Group Access for a given IAM user
- AWS Community App
3 unique descriptions / Provided by 4 apps
- Enable a user
- Azure AD Graph
- Enable login profile and access keys of a user
- AWS IAM
- Enables the specified user
- Okta
- LDAP
3 unique descriptions / Provided by 3 apps
- Execute Tanium action (package)
- Tanium
- Execute an action on a list of entities
- Axonius Cybersecurity Asset Management
- Execute an action on the Tanium server
- Tanium REST
1 unique descriptions / Provided by 1 apps
- Execute a module or run a shell command in Empire
- Empire
3 unique descriptions / Provided by 3 apps
- Execute a process
- Carbon Black Response
- Executes a program on the remote machine
- SSH
- Runs shell script command on a managed instance
- AWS Systems Manager
1 unique descriptions / Provided by 1 apps
- Export local container to the configured Phantom asset
- Phantom
1 unique descriptions / Provided by 1 apps
- Extract email data from Outlook MSG files
- MSG File Parser
1 unique descriptions / Provided by 1 apps
- Create IOC artifacts from a file in the vault or raw text
- Parser
1 unique descriptions / Provided by 1 apps
- Get threat intelligence for a file identified by its hash
- Recorded Future
16 unique descriptions / Provided by 18 apps
- Checks file against CriticalStack file hashes
- CriticalStack Intel
- Get a quick indicator of the risk associated with a file identified by its hash
- Recorded Future
- Get attributes, related indicators, and related adversaries
- ThreatQ
- Get file reputation
- DeepSight
- Get information about a file
- ThreatStream
- Gets information about a hash
- Cymon
- Metadefender
- Looks up information about hashes in Kaspersky Threat Intelligence Portal
- Kaspersky Threat Intelligence
- Queries Polyswarm for file reputation info
- PolySwarm
- Queries ReversingLabs for file info
- ReversingLabs
- Queries ReversingLabs for file reputation info
- RL TitaniumCloud File Reputation
- Queries ThreatCrowd for file reputation
- ThreatCrowd
- Queries VirusTotal for file reputation info
- VirusTotal
- Queries for file info
- Intezer Analyze
- EclecticIQ app
- Queries for file reputation information
- AlienVault OTX
- Query Joe Sandbox for file reputation
- Joe Sandbox v2
- Returns malware report for a given hash.
- IBM XForce
1 unique descriptions / Provided by 1 apps
- Find artifacts containing a CEF value
- Phantom
1 unique descriptions / Provided by 1 apps
- Find value in a custom list
- Phantom
1 unique descriptions / Provided by 1 apps
- Execute the malfind volatility plugin to find injected code/dlls in user mode memory
- Volatility
1 unique descriptions / Provided by 1 apps
- Finds a member of a specified Mimecast group
- Mimecast
1 unique descriptions / Provided by 1 apps
- Set the state of the virtual machine to be generalized
- Microsoft Azure Compute
1 unique descriptions / Provided by 2 apps
- Generates a token
- Microsoft Azure Compute
- MS Graph for Office 365
1 unique descriptions / Provided by 2 apps
- Geolocate a domain
- HackerTarget
- ipstack
4 unique descriptions / Provided by 4 apps
- Geolocate an ip
- HackerTarget
- Queries MaxMind for IP location info
- MaxMind
- Queries Service for IP location info
- ipstack
- Queries service for IP location info
- IP Info
1 unique descriptions / Provided by 1 apps
- Get one or more network ACLs
- AWS EC2
1 unique descriptions / Provided by 1 apps
- Get status of file acquisition
- FireEye HX
1 unique descriptions / Provided by 1 apps
- Find the results of a presviously run action
- Phantom
1 unique descriptions / Provided by 1 apps
- Get admin consent
- Microsoft Teams
1 unique descriptions / Provided by 1 apps
- Get an alarm
- LogRhythm SIEM
4 unique descriptions / Provided by 4 apps
- Get information about an alert
- Carbon Black Defense
- Get the full definition of one or more indicators that are being watched
- Falcon Host API
- Retrieve a specific alert from the alerts database.
- FireEye
- Show a single alert by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- List alert counts for the last N days, in UTC by default
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Get configured alerts
- Axonius Cybersecurity Asset Management
1 unique descriptions / Provided by 1 apps
- Get a list of feeds available
- Carbon Black ThreatHunter
1 unique descriptions / Provided by 1 apps
- Download attachment to vault
- Request Tracker
1 unique descriptions / Provided by 1 apps
- List all of the attachments on a given incident
- Cherwell
1 unique descriptions / Provided by 1 apps
- Get attributes for a specific event
- MISP
1 unique descriptions / Provided by 1 apps
- Retrieve matching regex in a client's browser cache
- GRR Rapid Response
1 unique descriptions / Provided by 1 apps
- Execute the iehistory volatility plugin
- Volatility
1 unique descriptions / Provided by 1 apps
- Get information about a bucket
- AWS S3
1 unique descriptions / Provided by 1 apps
- Fetch detailed information for a given campaign
- Proofpoint TAP
1 unique descriptions / Provided by 1 apps
- Fetch detailed information for a given campaign (deprecated)
- Proofpoint TAP
1 unique descriptions / Provided by 1 apps
- Return the category list contents
- Forcepoint Web Security
1 unique descriptions / Provided by 1 apps
- Queries certification info
- APIvoid
1 unique descriptions / Provided by 1 apps
- Downloads specified certificate to the vault
- Venafi
1 unique descriptions / Provided by 1 apps
- Get children process tree for a process instance
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Execute the cmdscan volatility plugin
- Volatility
4 unique descriptions / Provided by 5 apps
- Get Corelight full configuration
- Corelight
- Gets the current running config of the device.
- Cisco Catalyst
- Cisco ASA
- Return the list of brands and case types currently configured in PhishLabs
- PhishLabs
- Returns the list of indices and types currently configured on the ElasticSearch instance
- Elasticsearch
1 unique descriptions / Provided by 1 apps
- Gets connection information
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Get a cookbook and add it to vault
- Joe Sandbox v2
1 unique descriptions / Provided by 1 apps
- List alert counts grouped by computer name or intel id
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Get compromised credentials stored in Empire
- Empire
1 unique descriptions / Provided by 1 apps
- Retrieve available cron jobs
- GRR Rapid Response
3 unique descriptions / Provided by 3 apps
- Download, parse and save a paste from PasteBin
- PasteBin
- Get data from the database
- MongoDB
- Perform a REST GET call to the server
- HTTP
1 unique descriptions / Provided by 1 apps
- Queries detailed information about indicator
- Kaspersky Threat Intelligence
1 unique descriptions / Provided by 1 apps
- Retrieve detections
- Vectra Active Enforcement
1 unique descriptions / Provided by 1 apps
- Get device by ID
- Axonius Cybersecurity Asset Management
1 unique descriptions / Provided by 1 apps
- List endpoints in a host set
- FireEye HX
1 unique descriptions / Provided by 1 apps
- Get the importance value of a device
- Interset AI
5 unique descriptions / Provided by 5 apps
- Get device details from ExtraHop
- ExtraHop
- Get information about a device given its connector GUID
- FireAMP
- Get information about an endpoint
- McAfee ePO
- Get information about device
- Microsoft SCOM
- Get the properties of a host
- ForeScout CounterACT
1 unique descriptions / Provided by 1 apps
- Get a device's risk value as determined by Interset analytics
- Interset AI
2 unique descriptions / Provided by 2 apps
- Get a list of newly discovered devices
- ExtraHop
- Query devices
- Axonius Cybersecurity Asset Management
1 unique descriptions / Provided by 1 apps
- Retrieve disk usage from endpoint
- SSH
5 unique descriptions / Provided by 7 apps
- Downloads the raw email attachment for the report that matches the specified report ID
- Cofense Triage
- Get an email from the server
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
- MS Graph for Office 365
- Get an email from the server or container
- IMAP
- Retrieves the associated abuse e-mail
- RIPE
- Returns message information for a tracked message
- Mimecast
1 unique descriptions / Provided by 2 apps
- Get information about an endpoint
- Malwarebytes Cloud
- SentinelOne
1 unique descriptions / Provided by 1 apps
- Get high-level Entity information
- ThreatX
1 unique descriptions / Provided by 1 apps
- Get all Entity IP addresses
- ThreatX
1 unique descriptions / Provided by 1 apps
- Get the Entity notes
- ThreatX
1 unique descriptions / Provided by 1 apps
- Get the latest Entity risk score
- ThreatX
3 unique descriptions / Provided by 3 apps
- Get information about a single event
- xMatters
- Get information about an event
- Carbon Black Defense
- Run a search query to get event on the Starlight installation based on the on_poll ...
- Aella Data Starlight
4 unique descriptions / Provided by 4 apps
- Build a query to get events of a certain type from a connection
- Tanium Threat Response
- Get an alarm's events
- LogRhythm SIEM
- Get events belonging to an offense
- QRadar
- Pull Attivo events based on source IP and timeframe
- Attivo
1 unique descriptions / Provided by 1 apps
- Return counts of each type of event
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Get information of an export from the given matter ID
- Google Vault
1 unique descriptions / Provided by 1 apps
- Get reports for a single feed
- Carbon Black ThreatHunter
19 unique descriptions / Provided by 20 apps
- Copy a file from the Windows Endpoint to the Vault
- Windows Remote Management
- Download a file and add it to the vault
- Carbon Black ThreatHunter
- Download a file from Carbon Black Response and add it to the vault
- Carbon Black Response
- Download a file from Tanium Threat Response to the Phantom Vault
- Tanium Threat Response
- Download a file from server and add it to the vault
- Microsoft OneDrive
- Download a file from the VMRay Analyzer and add it to the vault
- VMRay
- Download a file to the vault
- Cylance
- CylancePROTECT
- Download a quarantined file and upload it to the vault
- Netskope
- Download a sample from WildFire and add it to the vault.
- WildFire
- Download sample result data from Falcon Sandbox and add it to vault
- Falcon Sandbox
- Downloads a file from Polyswarm and adds it to the vault
- PolySwarm
- Downloads a file from VirusTotal, and adds it to the vault
- VirusTotal
- Downloads and vault the attachment that matches the specified attachment ID
- Cofense Triage
- Get information about a file or download it to the Vault
- G Suite for Drive
- Get the file associated with a hash
- MalShare
- Pull the acquired file into Phantom Vault
- FireEye HX
- Retrieve a file from an AWS instance and save it to the vault
- AWS Systems Manager
- Retrieve a file from endpoint and save it to the vault
- SSH
- Retrieves a file from a SharePoint Site
- SharePoint
1 unique descriptions / Provided by 1 apps
- Download file from a url
- Falcon Sandbox
1 unique descriptions / Provided by 1 apps
- Get the importance value of a file
- Interset AI
4 unique descriptions / Provided by 5 apps
- Get info about a file from Carbon Black Response
- Carbon Black Response
- Get information about a file
- Cylance
- CylancePROTECT
- Get the file details associated with a hash
- MalShare
- Look for files matching given criteria
- GRR Rapid Response
1 unique descriptions / Provided by 1 apps
- Get metadata of a file
- Carbon Black ThreatHunter
1 unique descriptions / Provided by 1 apps
- Get a file's risk value as determined by Interset analytics
- Interset AI
2 unique descriptions / Provided by 2 apps
- List and describe the findings generated by the assessment runs
- AWS Inspector
- Lists and describes Security Hub aggregated findings that are specified by a single filter attribute
- AWS Security Hub
1 unique descriptions / Provided by 1 apps
- Get the enable/disable state of the firewall.
- Floodlight SDN
2 unique descriptions / Provided by 2 apps
- Get flow information
- Cisco Tetration Analytics
- Get flows that make up an offense for a particular IP
- QRadar
1 unique descriptions / Provided by 1 apps
- Fetch forensic information for a given threat or campaign
- Proofpoint TAP
1 unique descriptions / Provided by 1 apps
- Fetch forensic information for a given threat or campaign (deprecated)
- Proofpoint TAP
1 unique descriptions / Provided by 1 apps
- Get the global list
- CylancePROTECT
1 unique descriptions / Provided by 2 apps
- Get information about a group
- Okta
- Azure AD Graph
2 unique descriptions / Provided by 2 apps
- Get HTTP Headers from a URL
- HackerTarget
- Perform a REST HEAD call to the server
- HTTP
1 unique descriptions / Provided by 1 apps
- Get Bigfix ID
- BigFix
1 unique descriptions / Provided by 1 apps
- Get events pertaining to a host that have occurred in the last 'N' days
- Splunk
1 unique descriptions / Provided by 1 apps
- Action to retrieve the latest risk score for a host
- Risk Fabric
1 unique descriptions / Provided by 1 apps
- Retrieve available hunts
- GRR Rapid Response
1 unique descriptions / Provided by 1 apps
- Get the importance value of an entity
- Interset AI
2 unique descriptions / Provided by 2 apps
- Get incident in ThreatStream by ID number
- ThreatStream
- Get information about an incident
- Preempt
1 unique descriptions / Provided by 1 apps
- Get all indicators from Cybereason
- Cybereason
1 unique descriptions / Provided by 1 apps
- Get information of a specific sample
- VMRay
1 unique descriptions / Provided by 1 apps
- Show a single Intel Document by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Get IOC
- NetWitness Endpoint
1 unique descriptions / Provided by 1 apps
- Check if a private IP address is available for use
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Action to retrieve the latest risk score for an IP address
- Risk Fabric
1 unique descriptions / Provided by 1 apps
- Retrieve an issue for the GitHub repository
- GitHub
1 unique descriptions / Provided by 1 apps
- Get information about job(s)
- Verodin
1 unique descriptions / Provided by 1 apps
- Get job actions
- Verodin
1 unique descriptions / Provided by 1 apps
- Request a single label by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Identifies the language of a given body of text
- Watson - Language Translator
1 unique descriptions / Provided by 1 apps
- Gets the license information of the device
- Carbon Black Response
1 unique descriptions / Provided by 1 apps
- Get HTTP Links from a URL
- HackerTarget
1 unique descriptions / Provided by 1 apps
- Retrieves a list from a SharePoint Site
- SharePoint
1 unique descriptions / Provided by 1 apps
- Download a log capture file from Netwitness Logs and Packets and add it to the ...
- NetWitness Logs and Packets
1 unique descriptions / Provided by 1 apps
- Get and filter malops from Cybereason
- Cybereason
2 unique descriptions / Provided by 2 apps
- Get topology map
- Verodin
- get a list of map rules for a specific map
- Gigamon Application for Phantom
1 unique descriptions / Provided by 1 apps
- get a list of maps for a specific cluster id
- Gigamon Application for Phantom
1 unique descriptions / Provided by 1 apps
- Fetch information for the given matter ID
- Google Vault
1 unique descriptions / Provided by 1 apps
- Retrieve memory usage from endpoint
- SSH
1 unique descriptions / Provided by 1 apps
- Get a module by name in Empire
- Empire
1 unique descriptions / Provided by 1 apps
- Get stats of the node
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Get node topology
- Verodin
1 unique descriptions / Provided by 1 apps
- Show a single notification by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- List notification counts for the last N days in UTC by default
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Get notfications from CB Defense
- Carbon Black Defense
2 unique descriptions / Provided by 2 apps
- Get info about a Salesforce object
- Salesforce
- Get information about an object
- AWS S3
1 unique descriptions / Provided by 1 apps
- Get observable present in ThreatStream by ID number
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Get the current on call personnel (DEPRECATED)
- PagerDuty
1 unique descriptions / Provided by 1 apps
- Get list of users for a specific escalation policy
- PagerDuty
1 unique descriptions / Provided by 1 apps
- Perform a REST OPTIONS call to the server
- HTTP
1 unique descriptions / Provided by 1 apps
- Get information about a package
- CloudPassage Halo
1 unique descriptions / Provided by 1 apps
- Get a page by name
- Confluence
1 unique descriptions / Provided by 1 apps
- Get information about a parameter by using the parameter name
- AWS Systems Manager
1 unique descriptions / Provided by 1 apps
- Get parent process tree for a process instance
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Get a stager by name
- Empire
9 unique descriptions / Provided by 9 apps
- Download a PCAP into the vault
- Endace
- Download a packet capture file from Netwitness Logs and Packets and add it to the ...
- NetWitness Logs and Packets
- Download pcap file of a sample submitted to the sandbox and add it to vault
- ThreatStream
- Download pcap for an event or observation
- ProtectWise
- Download the pcap file and add it to the vault
- Joe Sandbox v2
- Download the pcap file from server and add it to the vault
- Moloch
- Download the pcap file of a sample from WildFire and add it to the vault.
- WildFire
- Download the pcap file of sample from Falcon Sandbox and add it to vault
- Falcon Sandbox
- Queries to return specific network traffic information
- Symantec Security Analytics
1 unique descriptions / Provided by 1 apps
- Get a list of peers that a device communicated with in the last N minutes
- ExtraHop
2 unique descriptions / Provided by 2 apps
- Download an AIM policy bundle and import it to the vault
- Tala
- Get Symantec Management Center policy
- Symantec Management Center
2 unique descriptions / Provided by 2 apps
- Get information about a process
- CloudPassage Halo
- Get information for a process
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Retrieve the details of a process that is running or that previously ran, given a ...
- Falcon Host API
1 unique descriptions / Provided by 1 apps
- Extracts the process file from the memory dump
- Volatility
1 unique descriptions / Provided by 1 apps
- Get process timeline
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Get process tree for a process instance
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Get information about a project
- Tala
1 unique descriptions / Provided by 1 apps
- Get the importance value of a project
- Interset AI
1 unique descriptions / Provided by 1 apps
- Get a project's risk value as determined by Interset analytics
- Interset AI
1 unique descriptions / Provided by 1 apps
- Get a list of protocols that a device communicated in the last N minutes
- ExtraHop
1 unique descriptions / Provided by 1 apps
- Get the containment status for an endpoint
- FireEye HX
1 unique descriptions / Provided by 1 apps
- Execute the hivelist volatility plugin to get a list of registry hives
- Volatility
1 unique descriptions / Provided by 1 apps
- Execute the printkey volatility plugin
- Volatility
1 unique descriptions / Provided by 1 apps
- Lists Security Hub aggregated findings that are specified by filter attributes
- AWS Security Hub
1 unique descriptions / Provided by 1 apps
- Query ThreatQ for related IOCs
- ThreatQ
22 unique descriptions / Provided by 27 apps
- Download the detonation report and add it to the vault
- Joe Sandbox v2
- Fetch results of an already completed analysis in the Falcon Sandbox
- Falcon Sandbox
- Fetch sandbox report for provided md5 file hash
- Zscaler
- Get A1000 report for file
- RL A1000
- Get further details about an AutoFocus tag
- AutoFocus
- Get report details
- TruSTAR
- DeepSight
- Get report details.
- iSight Partners
- Get the report(s) for a submission
- VMRay
- Get the results using the scan id from a detonate file or detonate url action
- VirusTotal
- Get threat details
- Cofense Intelligence
- Lookup results from UUID
- PolySwarm
- Query for results of an already completed analysis in FireEye.
- FireEye
- Query for results of an already completed detonation
- DarkPoint
- Intezer Analyze
- Cuckoo
- Koodous
- urlscan.io
- Query for results of an already completed detonation in WildFire.
- WildFire
- Query for results of an already completed task in Cyphort.
- Cyphort
- Query for results of an already completed task in Lastline
- Lastline
- Query for results of an already completed task in Threat Grid
- Threat Grid
- Query for status of a submitted detonation task in Malwr.
- Malwr
- Retrieve a single report that matches the specified report ID. Optionally ingest to a provided ...
- Cofense Triage
- Retrieve detonation report present in Threatstream
- ThreatStream
- Retrieve statistical reports from ESA
- Cisco ESA
- Retrieve the analysis results of a file detonation
- Malware Analysis Service
1 unique descriptions / Provided by 1 apps
- Retrieve reporter that matches the specified reporter ID
- Cofense Triage
1 unique descriptions / Provided by 1 apps
- Retrieves information about reporters, such as their email address and credit score, whether they are ...
- Cofense Triage
2 unique descriptions / Provided by 2 apps
- Requests APT reports by using the Kaspersky Threat Intelligence Portal API
- Kaspersky Threat Intelligence
- Retrieve all reports in the Inbox, Recon, and Processed folders that match specified parameters
- Cofense Triage
1 unique descriptions / Provided by 1 apps
- Get a specific resource from CRITs
- CRITs
1 unique descriptions / Provided by 1 apps
- Get the response to a previously asked question
- Slack
4 unique descriptions / Provided by 4 apps
- Get results from a job started with 'run query'
- Big Query
- Get results from most recent agent command
- Empire
- Get the abstract information model (AIM) representation of the latest scan on a project
- Tala
- Retrieves the result of a search job
- Sumo Logic
1 unique descriptions / Provided by 1 apps
- Get an entity's risk value as determined by Interset analytics
- Interset AI
1 unique descriptions / Provided by 1 apps
- Retrieve QRadar rule information
- QRadar
1 unique descriptions / Provided by 1 apps
- Get scan data of an endpoint
- NetWitness Endpoint
1 unique descriptions / Provided by 1 apps
- Get information about a scan job
- Malwarebytes Cloud
1 unique descriptions / Provided by 1 apps
- Retrieve the settings related to scanning a project
- Tala
1 unique descriptions / Provided by 1 apps
- Retrieve hosts based on a minimum certainty and threat score
- Vectra Active Enforcement
1 unique descriptions / Provided by 1 apps
- Get a screenshot of a url
- Screenshot Machine
1 unique descriptions / Provided by 1 apps
- Get a listener by name
- Empire
1 unique descriptions / Provided by 1 apps
- Get a list of options for a specified listener type
- Empire
1 unique descriptions / Provided by 1 apps
- Get active sessions in CounterACT
- ForeScout CounterACT
1 unique descriptions / Provided by 1 apps
- Get detailed information about a signature
- FireSIGHT
1 unique descriptions / Provided by 1 apps
- Get simulation
- Verodin
1 unique descriptions / Provided by 1 apps
- Get a list of actions for each simulation
- Verodin
1 unique descriptions / Provided by 1 apps
- Get feed info for a single feed
- Carbon Black ThreatHunter
1 unique descriptions / Provided by 1 apps
- Get information of a specific snapshot
- Nutanix Prism
1 unique descriptions / Provided by 1 apps
- Get a single source by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Show details for a single source type by ID
- Tanium Detect
5 unique descriptions / Provided by 5 apps
- Get GPIO status
- BerryIO
- Get command status report
- Symantec Endpoint Protection 14
- Get status of the event on a machine
- Windows Defender ATP
- Get the status of a previously executed query
- Endace
- Retrieve detonation status present in Threatstream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Get a suppression rule by ID
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Gets the attributes of a computer/system
- LDAP
11 unique descriptions / Provided by 17 apps
- Get details of a device, given the device ID
- Falcon Host API
- Get info about a device
- MobileIron
- Get information about a VM
- Nutanix Prism
- vSphere
- Microsoft Azure Compute
- Get information about a device
- Cylance
- Get information about a server
- CloudPassage Halo
- Get information about a system
- WMI
- Get information about a system using OSXCollector
- OSXCollector
- Get information about an endpoint
- Carbon Black Response
- CylancePROTECT
- GRR Rapid Response
- Carbon Black Protection (Bit9)
- NetWitness Endpoint
- Get system information
- Infoblox DDI
- Get system information for an endpoint
- FireEye HX
- Gets the information about the computers in a specified domain
- Symantec Endpoint Protection 14
1 unique descriptions / Provided by 1 apps
- Retrieve hosts based on descriptive tags
- Vectra Active Enforcement
1 unique descriptions / Provided by 1 apps
- Retrieve the subjects, senders, domains, URLs, or MD5 or SHA256 hashes that operators identified in ...
- Cofense Triage
9 unique descriptions / Provided by 12 apps
- Get case (issue) information
- PhishLabs
- Get case information
- ArcSight ESM
- Get incident information
- BMC Remedy
- Cherwell
- Get info about a Case
- Salesforce
- Get information about a single ticket
- Request Tracker
- Get ticket
- OTRS
- Get ticket (issue) information
- Jira
- TheHive
- Get ticket information
- Zendesk
- RSA Archer
- Get ticket/record information
- ServiceNow
1 unique descriptions / Provided by 1 apps
- Execute the timeliner volatility plugin
- Volatility
1 unique descriptions / Provided by 1 apps
- Request Endpoint Host Triage Package
- FireEye HX
1 unique descriptions / Provided by 1 apps
- Get time since SDN controller startup.
- Floodlight SDN
7 unique descriptions / Provided by 11 apps
- Get details of all the groups and attached policies for the user
- AWS IAM
- Get information about a person
- Pipl
- Get information about a user
- CloudPassage Halo
- Okta
- Ivanti ITSM
- xMatters
- Cherwell
- Get information about a user of a Slack team
- Slack
- Get user_ID from e-mail address
- Cisco Spark
- Gets the attributes of a user
- KnowThyCustomer
- Query Digital Shadows Breach Database for a username
- Digital Shadows
1 unique descriptions / Provided by 1 apps
- Get user activity from the specified number of hours ago
- Preempt
1 unique descriptions / Provided by 2 apps
- Gets the attributes of a user
- Preempt
- LDAP
1 unique descriptions / Provided by 1 apps
- Get user by ID
- Axonius Cybersecurity Asset Management
1 unique descriptions / Provided by 1 apps
- Get the importance value of a user
- Interset AI
1 unique descriptions / Provided by 1 apps
- Get information on a particular user
- PagerDuty
3 unique descriptions / Provided by 3 apps
- Action to retrieve the latest risk score for a user
- Risk Fabric
- Get a user's risk value as determined by Interset analytics
- Interset AI
- Gets the risk of a user
- Preempt
2 unique descriptions / Provided by 2 apps
- Get the list of users
- LDAP
- Query users
- Axonius Cybersecurity Asset Management
2 unique descriptions / Provided by 3 apps
- Get Symantec Management Center version
- Symantec Management Center
- Gets the software version information of the device.
- Cisco Catalyst
- Cisco ASA
1 unique descriptions / Provided by 1 apps
- Get information about the instance associated with an IP
- OpenStack
1 unique descriptions / Provided by 1 apps
- Get vulnerabilities for a specific device
- Kenna Security
2 unique descriptions / Provided by 2 apps
- Get information about a vulnerability
- CloudPassage Halo
- Get vulnerability present in ThreatStream by ID number
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Get zone(s) info
- Verodin
1 unique descriptions / Provided by 1 apps
- Commit changes
- Git
1 unique descriptions / Provided by 1 apps
- Pull the repo
- Git
1 unique descriptions / Provided by 1 apps
- Push commits to the remote server
- Git
1 unique descriptions / Provided by 1 apps
- Get the result of git status
- Git
1 unique descriptions / Provided by 1 apps
- Search in SlashNext Cloud database and retrieve a detailed report for a host and associated ...
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Search in SlashNext Cloud database and retrieve the reputation of a host
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Search in SlashNext Cloud database and retrieve a list of all URLs associated with the ...
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Obtain changes to registrar, IP, etc
- DomainTools
1 unique descriptions / Provided by 1 apps
- Hunt for an alias in SocialNet
- ShadowDragon SocialNet
1 unique descriptions / Provided by 1 apps
- Get report IDs associated with a bitcoin address
- TruSTAR
1 unique descriptions / Provided by 1 apps
- Get report IDs associated with a CVE (Common Vulnerability and Exposure) number
- TruSTAR
9 unique descriptions / Provided by 9 apps
- Get a list of device IDs on which the domain was matched
- Falcon Host API
- Hunt a domain and retrieve a list of associated tags
- AutoFocus
- Hunt a domain and retrieve available information
- ThreatConnect
- Hunt a domain in the network
- ProtectWise
- Look for information about a domain
- Cofense Intelligence
- Look for information about a domain in the Intsights database
- IntSights
- Look for information about a domain in the ThreatScape product database
- iSight Partners
- Look for information about a domain in the alerts database.
- FireEye
- Search for a given domain in the Falcon Sandbox database
- Falcon Sandbox
4 unique descriptions / Provided by 4 apps
- Get report IDs associated with an email address
- TruSTAR
- Hunt an email and retrieve available information
- ThreatConnect
- Hunt for an email address in SocialNet
- ShadowDragon SocialNet
- Look for information about a sender in the alerts database.
- FireEye
17 unique descriptions / Provided by 18 apps
- Find endpoints with file
- Cylance
- Get report IDs associated with a file
- TruSTAR
- Hunt a file and retrieve a list of associated tags
- AutoFocus
- Hunt a file hash and retrieve available information
- ThreatConnect
- Hunt a file on the network using the hash
- CylancePROTECT
- Hunt file on forensic search
- Code42
- Hunt for a binary file on the network by querying for the MD5 hash of ...
- Carbon Black Response
- Hunt for a file in the network
- ProtectWise
- Hunt for a file on the network by querying for the hash
- Falcon Host API
- Launch a search for a specific file
- Endgame
- Look for information about a file
- Cofense Intelligence
- DeepSight
- Look for information about a file hash in the Intsights database
- IntSights
- Look for information about a file hash in the ThreatScape product database
- iSight Partners
- Look for information about a file hash in the alerts database.
- FireEye
- Search for a file by one kind of data(Sha1, Md5, Sha256 or File name) in ...
- Falcon Sandbox
- Search for a file matching a SHA256 hash across all endpoints
- FireAMP
- Searches for a particular file across all the endpoints
- Carbon Black Protection (Bit9)
1 unique descriptions / Provided by 1 apps
- Search for a file by one kind of hash(Sha1, Md5, Sha256) in the Falcon Sandbox ...
- Falcon Sandbox
10 unique descriptions / Provided by 10 apps
- Get report IDs associated with an IP/CIDR
- TruSTAR
- Hunt an IP and retrieve a list of associated tags
- AutoFocus
- Hunt an IP and retrieve any available information
- ThreatConnect
- Hunt an IP in the network
- ProtectWise
- Launch a search for a specific network connection
- Endgame
- Look for information about an IP
- Cofense Intelligence
- Look for information about an IP in the Intsights database
- IntSights
- Look for information about an IP in the ThreatScape product database
- iSight Partners
- Search for a given IP
- FireAMP
- Search for a given IP in the Falcon Sandbox database
- Falcon Sandbox
1 unique descriptions / Provided by 1 apps
- Get report IDs associated with a malware indicator
- TruSTAR
1 unique descriptions / Provided by 1 apps
- Search for a given malware family in the Falcon Sandbox database
- Falcon Sandbox
1 unique descriptions / Provided by 1 apps
- Hunt for a person's name in SocialNet
- ShadowDragon SocialNet
1 unique descriptions / Provided by 1 apps
- Hunt for a phone number in SocialNet
- ShadowDragon SocialNet
1 unique descriptions / Provided by 1 apps
- Hunt for a phrase in SocialNet
- ShadowDragon SocialNet
1 unique descriptions / Provided by 1 apps
- Launch a search for a specific process
- Endgame
1 unique descriptions / Provided by 1 apps
- Launch a search for a specific registry
- Endgame
1 unique descriptions / Provided by 1 apps
- Get report IDs associated with a registry key
- TruSTAR
1 unique descriptions / Provided by 1 apps
- Search for similar samples by given Sha256 hash in the Falcon Sandbox database
- Falcon Sandbox
8 unique descriptions / Provided by 8 apps
- Get report IDs associated with a URL
- TruSTAR
- Hunt a URL and retrieve a list of associated tags
- AutoFocus
- Hunt a URL and retrieve available information
- ThreatConnect
- Look for information about a URL
- Cofense Intelligence
- Look for information about a URL in the Intsights database
- IntSights
- Look for information about a URL in the ThreatScape product database
- iSight Partners
- Search for a given URL
- FireAMP
- Search for a given URL in the Falcon Sandbox database
- Falcon Sandbox
1 unique descriptions / Provided by 1 apps
- Launch a search for a specific user session
- Endgame
1 unique descriptions / Provided by 1 apps
- Import a container from an external Phantom instance
- Phantom
1 unique descriptions / Provided by 1 apps
- Import domain observable into ThreatStream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Import email observable into ThreatStream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Import file observable into ThreatStream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Import IP observable into ThreatStream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Import observables into ThreatStream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Import URL observable into ThreatStream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Start background question for computers list
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Update input framework
- Corelight
1 unique descriptions / Provided by 1 apps
- Install a virtual firewall with a property
- ForeScout CounterACT
1 unique descriptions / Provided by 1 apps
- Update intel framework
- Corelight
1 unique descriptions / Provided by 2 apps
- Invoke an AWS Lambda function
- AWS Community App
- AWS Lambda
1 unique descriptions / Provided by 1 apps
- Find domains that have resolved to this IP address
- ZETAlytics
1 unique descriptions / Provided by 1 apps
- Get threat intelligence for an IP address
- Recorded Future
16 unique descriptions / Provided by 19 apps
- Checks IP against CriticalStack IP lists
- CriticalStack Intel
- Get IP info/reputation
- PassiveTotal
- Get IP reputation
- DeepSight
- Get a quick indicator of the risk associated with an IP address
- Recorded Future
- Get attributes, related indicators, and related adversaries
- ThreatQ
- Get information about a given IP
- ThreatStream
- Gets information about an IP
- Cymon
- Metadefender
- Looks up information about IP addresses in Kaspersky Threat Intelligence Portal
- Kaspersky Threat Intelligence
- Queries Greynoise for IP info
- Greynoise
- Queries IP info
- EclecticIQ app
- ZETAlytics
- APIvoid
- Queries Polyswarm for IP reputation info
- PolySwarm
- Queries VirusTotal for IP info
- VirusTotal
- Queries for IP reputation information
- AlienVault OTX
- Query OpenDNS for IP info
- OpenDNS Investigate
- Query for IP reputation
- Malware Domain List
- Returns IP reputation report.
- IBM XForce
1 unique descriptions / Provided by 1 apps
- Desktop Isolation an endpoint when threats are found
- Malwarebytes Cloud
1 unique descriptions / Provided by 1 apps
- When threats are found, isolate a network, process, or desktop endpoint
- Malwarebytes Cloud
1 unique descriptions / Provided by 1 apps
- Network Isolation on an endpoint when threats are found
- Malwarebytes Cloud
1 unique descriptions / Provided by 1 apps
- When threats are found, isolate a process endpoint
- Malwarebytes Cloud
1 unique descriptions / Provided by 1 apps
- Link IOCs together
- ThreatQ
1 unique descriptions / Provided by 1 apps
- List ACLs
- AWS WAF
1 unique descriptions / Provided by 1 apps
- Retireve a list of all acquisitions with optional filters
- FireEye HX
1 unique descriptions / Provided by 2 apps
- Get the email addresses that make up a Distribution List
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
6 unique descriptions / Provided by 6 apps
- Get a list of uploaded IOCs that match the search criteria
- Falcon Host API
- List alerts for an incident
- RSA Security Analytics
- List alerts with optional filtering, sorting, and pagination
- Tanium Detect
- List all active alerts
- Microsoft SCOM
- List all alerts of a given type
- Windows Defender ATP
- List all the alerts/watchlists configured on the device
- Carbon Black Response
1 unique descriptions / Provided by 1 apps
- List all uploaded annotations of specific scope
- Cisco Tetration Analytics
2 unique descriptions / Provided by 3 apps
- List the application that the device knows about and can block
- Juniper SRX
- List the applications that the device knows about and can block
- Palo Alto Networks Firewall
- Panorama
1 unique descriptions / Provided by 1 apps
- List of attachments for ticket
- Request Tracker
1 unique descriptions / Provided by 1 apps
- Display autoscaling groups
- AWS EC2
1 unique descriptions / Provided by 1 apps
- Queries OpenDNS for the blocked domain list.
- OpenDNS Umbrella
1 unique descriptions / Provided by 1 apps
- List the branches of a GitLab project
- GitLab
1 unique descriptions / Provided by 1 apps
- List all buckets configured on S3
- AWS S3
1 unique descriptions / Provided by 1 apps
- Return a list of all API-managed categories
- Forcepoint Web Security
1 unique descriptions / Provided by 1 apps
- Returns a list of certificates in Venafi
- Venafi
3 unique descriptions / Provided by 3 apps
- List public channels of a Slack team
- Slack
- List public channels of a team
- Mattermost
- Lists all channels of a group
- Microsoft Teams
1 unique descriptions / Provided by 1 apps
- Get a list of offense closing reasons
- QRadar
3 unique descriptions / Provided by 5 apps
- List all the columns in a table
- Microsoft SQL Server
- List the columns of a table
- MySQL
- SQLite
- PostgreSQL
- Lists all the columns of a table existing within the database connected to in your ...
- Microsoft Azure SQL
1 unique descriptions / Provided by 1 apps
- Lists the commands ran by users of the AWS account
- AWS Systems Manager
1 unique descriptions / Provided by 1 apps
- List comments for an issue on the GitHub repository
- GitHub
1 unique descriptions / Provided by 1 apps
- Get top 10 suggestions for computers where name or IP contains <name>
- Tanium Threat Response
6 unique descriptions / Provided by 6 apps
- Execute the netscan or connscan volatility plugin to list network connections
- Volatility
- Get a list of connections
- Tanium Threat Response
- List all active connections
- Windows Remote Management
- List all of the connections from a given process name, PID, or Carbon Black process ...
- Carbon Black Response
- List all the connections configured on the device
- GRR Rapid Response
- Lists all the network connections. Requires root privileges. Requires netstat to be installed
- SSH
1 unique descriptions / Provided by 1 apps
- List all connectors
- Kenna Security
1 unique descriptions / Provided by 1 apps
- List all contacts of a user
- Skype for Business
1 unique descriptions / Provided by 1 apps
- List all cookbooks
- Joe Sandbox v2
1 unique descriptions / Provided by 1 apps
- Lists detectorIds of all the existing Amazon GuardDuty detector resources
- AWS GuardDuty
3 unique descriptions / Provided by 3 apps
- List all device groups
- Microsoft SCCM
- List all sites on the system
- BigFix
- Retrieve a list of host sets in HX optionally filtered by name
- FireEye HX
8 unique descriptions / Provided by 8 apps
- Get a list of active devices
- MobileIron
- List all devices
- Code42
- List all devices of a given type
- RedSeal
- List devices
- Kenna Security
- List devices connected to RSA Security Analytics
- RSA Security Analytics
- List devices conntected to CB Defense
- Carbon Black Defense
- List devices tracked by the SDN controller.
- Floodlight SDN
- List of recently seen devices
- Windows Defender ATP
1 unique descriptions / Provided by 1 apps
- List all dimensions
- Cisco Tetration Analytics
1 unique descriptions / Provided by 1 apps
- List the directory roles in a tenant
- Azure AD Graph
1 unique descriptions / Provided by 1 apps
- Lists one or more of the Systems Manager documents
- AWS Systems Manager
1 unique descriptions / Provided by 1 apps
- List all of the administrative domains configured on the device
- Symantec Endpoint Protection 14
1 unique descriptions / Provided by 1 apps
- List of Drives
- Microsoft OneDrive
1 unique descriptions / Provided by 1 apps
- Execute the driverscan volatility plugin to list loaded drivers
- Volatility
8 unique descriptions / Provided by 16 apps
- List all endpoints
- Cisco Tetration Analytics
- List all endpoints connected to the system
- BigFix
- List all of the endpoints connected to FireAMP
- FireAMP
- List all the endpoints/sensors configured on the device
- Malwarebytes Cloud
- Carbon Black Response
- Endgame
- Falcon Host API
- SentinelOne
- CylancePROTECT
- GRR Rapid Response
- Microsoft SCOM
- Symantec Endpoint Protection 14
- List and search the endpoints on HX
- FireEye HX
- List devices connected to Cylance
- Cylance
- Lists all the windows endpoints configured on NetWitness Endpoint
- NetWitness Endpoint
- Returns all current agents in Empire
- Empire
5 unique descriptions / Provided by 5 apps
- List events for an alert
- RSA Security Analytics
- List events from user or group calendar
- MS Graph for Office 365
- List events performed by a user
- GitHub
- List events that match supplied filter criteria
- Carbon Black Defense
- Query for specific events by providing a property name/value
- xMatters
1 unique descriptions / Provided by 1 apps
- List all exports for the given matter ID
- Google Vault
1 unique descriptions / Provided by 1 apps
- List multi-hop links discovered via BDDP.
- Floodlight SDN
2 unique descriptions / Provided by 2 apps
- List all fields on which user can query
- Moloch
- List the fields available to be used in filters
- McAfee ESM
4 unique descriptions / Provided by 4 apps
- Get the list of files
- G Suite for Drive
- List all pcap files
- Moloch
- List all quarantined files
- Netskope
- List downloaded files in Tanium Threat Response
- Tanium Threat Response
2 unique descriptions / Provided by 2 apps
- Fetch a list of the filters from the instance
- Ixia Network Packet Broker
- Returns a paginated list of the current filters
- AWS GuardDuty
3 unique descriptions / Provided by 3 apps
- List firewall rules stored in the controller.
- Floodlight SDN
- List the firewall rules
- Windows Remote Management
- Lists the rules in iptables. Requires root privileges. Not supported on OS X
- SSH
1 unique descriptions / Provided by 1 apps
- List available AWS Lambda functions, with the version-specific configuration for each
- AWS Lambda
1 unique descriptions / Provided by 1 apps
- List the members in a group
- Azure AD Graph
9 unique descriptions / Provided by 9 apps
- Fetch the details of the host groups
- CrowdStrike OAuth API
- List all groups
- Microsoft Teams
- List all groups of a domain
- Google Vault
- List all groups of a user
- Skype for Business
- List all of the administrative groups configured on the device
- Symantec Endpoint Protection 14
- List groups in organization
- Azure AD Graph
- List groups of AWS IAM
- AWS IAM
- List the RAM user groups
- Alibaba RAM
- Lists all Mimecast groups matching the requested search criteria
- Mimecast
1 unique descriptions / Provided by 1 apps
- List the MD5 hashes from the past 24 hours
- MalShare
1 unique descriptions / Provided by 1 apps
- List all holds for the given matter ID
- Google Vault
3 unique descriptions / Provided by 3 apps
- List all deceptive hosts (network decoys) on the Attivo BOTsink
- Attivo
- List hosts
- Infoblox DDI
- List hosts in CounterACT
- ForeScout CounterACT
4 unique descriptions / Provided by 4 apps
- Get list of incidents on VictorOps
- VictorOps
- Get the list of existing Canary Incidents
- Canary
- List incidents present in ThreatStream
- ThreatStream
- List incidents within a time frame
- RSA Security Analytics
1 unique descriptions / Provided by 1 apps
- List the different input frameworks
- Corelight
1 unique descriptions / Provided by 1 apps
- List intel documents
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- List the different input framework endpoints
- Corelight
1 unique descriptions / Provided by 1 apps
- List single-hop links discovered via LLDP.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- List IOC
- NetWitness Endpoint
2 unique descriptions / Provided by 2 apps
- List IP sets
- AWS WAF
- Lists the IPSets of the GuardDuty service specified by the detector ID
- AWS GuardDuty
1 unique descriptions / Provided by 1 apps
- List all IPs on the outbound Blacklist or Whitelist
- Arbor APS
1 unique descriptions / Provided by 1 apps
- Get a list of issues for the GitHub repository
- GitHub
1 unique descriptions / Provided by 1 apps
- List of items
- Microsoft OneDrive
1 unique descriptions / Provided by 1 apps
- List all available labels in the system
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- List languages that can be used for translation
- Watson - Language Translator
1 unique descriptions / Provided by 1 apps
- List access layers
- Check Point Firewall
1 unique descriptions / Provided by 1 apps
- Get a list of local snapshots
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- List all log managers on the system
- LogRhythm SIEM
1 unique descriptions / Provided by 1 apps
- List all open, closed, and deleted matters
- Google Vault
2 unique descriptions / Provided by 2 apps
- Fetch a list of configured node members of a pool (if no value is provided, ...
- F5 BIG-IP LTM
- Lists the members of a specified Mimecast group
- Mimecast
1 unique descriptions / Provided by 1 apps
- List all metrics
- Cisco Tetration Analytics
1 unique descriptions / Provided by 1 apps
- Execute the mftparser volatility plugin to get a list of master file table entries
- Volatility
1 unique descriptions / Provided by 1 apps
- List all available modules in Empire
- Empire
1 unique descriptions / Provided by 1 apps
- Execute the shellbags volatility plugin to get a list of MRUs (Most recently used items)
- Volatility
1 unique descriptions / Provided by 1 apps
- Execute the mutantscan volatility plugin to list mutexes
- Volatility
1 unique descriptions / Provided by 1 apps
- Display network interfaces
- AWS EC2
1 unique descriptions / Provided by 1 apps
- List network view
- Infoblox DDI
1 unique descriptions / Provided by 2 apps
- Lists currently blocked networks
- Cisco Firepower
- Cisco Router BGP RTBH
1 unique descriptions / Provided by 1 apps
- Fetch a list of nodes (if no value is provided, all nodes will be returned)
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- List notifications with optional filtering, sorting, and pagination
- Tanium Detect
2 unique descriptions / Provided by 2 apps
- Get a list of objects
- Salesforce
- List objects in a bucket
- AWS S3
1 unique descriptions / Provided by 1 apps
- List observables present in ThreatStream
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Get a list of offenses
- QRadar
2 unique descriptions / Provided by 2 apps
- Get all on-call users/teams on VictorOps
- VictorOps
- Get list of oncalls on PagerDuty
- PagerDuty
1 unique descriptions / Provided by 1 apps
- Execute the filescan volatility plugin to list open files
- Volatility
1 unique descriptions / Provided by 3 apps
- List all organizations
- Code42
- GitHub
- Google Vault
1 unique descriptions / Provided by 1 apps
- List all packages on a given server
- CloudPassage Halo
3 unique descriptions / Provided by 3 apps
- List all software patches
- Microsoft SCCM
- List patches for a specified device
- Kenna Security
- List patches from a site
- BigFix
1 unique descriptions / Provided by 1 apps
- List all current stagers
- Empire
2 unique descriptions / Provided by 2 apps
- List all configured playbooks on the Attivo BOTsink
- Attivo
- List the playbooks available in the connected ThreatGrid envrionment
- Threat Grid
13 unique descriptions / Provided by 13 apps
- Get Symantec Management Center policies
- Symantec Management Center
- Get a list of tenant policies
- CylancePROTECT
- Get list of escalation policies on PagerDuty
- PagerDuty
- Get list of policies configured on VictorOps
- VictorOps
- List AppLocker Policies
- Windows Remote Management
- List configured IPv4 policies
- FortiGate
- List polcies that exist on CB Defense
- Carbon Black Defense
- List policies
- Check Point Firewall
- List policies in CounterACT
- ForeScout CounterACT
- List the RAM policies
- Alibaba RAM
- List the available scan policies
- Nessus
- Lists the scan policies available in Tenable SecurityCenter
- SecurityCenter
- Returns a list of all policies in Venafi
- Venafi
1 unique descriptions / Provided by 1 apps
- Fetch a list of configured pools (if no value is provided, all pools will be ...
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- List posts of a channel
- Mattermost
8 unique descriptions / Provided by 9 apps
- List all processes on a given server
- CloudPassage Halo
- List processes on endpoint
- SSH
- List processes that have recently used the IOC on a particular device.
- Falcon Host API
- List processes that match supplied filter criteria
- Carbon Black Defense
- List the currently running processes
- Windows Remote Management
- List the running processes of the devices registered on the Tanium server
- Tanium REST
- List the running processes on a machine
- Carbon Black Response
- Tanium
- Queries the system memory dump file for a list of processes and their information
- Volatility
3 unique descriptions / Provided by 3 apps
- List all projects
- Jira
- List all the projects in the GitLab instance
- GitLab
- List information about all projects
- Tala
1 unique descriptions / Provided by 1 apps
- List identity providers (IdPs) in your organization
- Okta
1 unique descriptions / Provided by 1 apps
- List named queries on Athena
- AWS Athena
2 unique descriptions / Provided by 2 apps
- List the saved questions on the box
- Tanium
- Retrieves either a history of the most recent questions or a list of saved questions
- Tanium REST
2 unique descriptions / Provided by 2 apps
- List all repos of an organization
- GitHub
- List repos configured/pulled
- Git
1 unique descriptions / Provided by 1 apps
- Get the list of resource groups for the subscription
- Microsoft Azure Compute
3 unique descriptions / Provided by 3 apps
- List roles available in AWS IAM
- AWS IAM
- List the RAM roles
- Alibaba RAM
- Lists all roles assigned to a user
- Okta
2 unique descriptions / Provided by 2 apps
- List Spark rooms
- Cisco Spark
- List non-archived rooms
- HipChat
1 unique descriptions / Provided by 1 apps
- Get list of routing keys and associated teams on VictorOps
- VictorOps
1 unique descriptions / Provided by 1 apps
- List details of Response Policy Zones
- Infoblox DDI
2 unique descriptions / Provided by 2 apps
- List Rules
- AWS WAF
- List all QRadar rules
- QRadar
1 unique descriptions / Provided by 1 apps
- List all scopes
- Cisco Tetration Analytics
2 unique descriptions / Provided by 2 apps
- Display security groups
- AWS EC2
- Get the list of all security groups in a resource group
- Microsoft Azure Compute
3 unique descriptions / Provided by 3 apps
- Get all current listeners
- Empire
- List all servers for a given user, process, package and vulnerability
- CloudPassage Halo
- List servers under an upstream
- NGINX
2 unique descriptions / Provided by 2 apps
- Get list of available services on PagerDuty
- PagerDuty
- Get the list of installed services on the system
- WMI
4 unique descriptions / Provided by 4 apps
- List all active sessions
- Windows Remote Management
- List all logged in users on a machine
- Windows Defender ATP
- List the current VPN sessions
- Cisco ASA
- List the sessions currently available on the Monitoring node.
- Cisco ISE
2 unique descriptions / Provided by 2 apps
- List all sites found on the InsightVM instance
- InsightVM
- List all sites on the system (DEPRECATED)
- BigFix
3 unique descriptions / Provided by 3 apps
- Get a list of all the snapshots
- Tanium Threat Response
- Get the list of snapshots under the subscription
- Microsoft Azure Compute
- List snapshots in a cluster
- Nutanix Prism
1 unique descriptions / Provided by 1 apps
- Execute the sockscan volatility plugin. This command is only available on Windows XP and Windows ...
- Volatility
1 unique descriptions / Provided by 1 apps
- List sources configured to manage IOC's in the system
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- List source types supported on this system
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- List static flow rules.
- Floodlight SDN
2 unique descriptions / Provided by 2 apps
- Get the list of subnets
- Microsoft Azure Compute
- List all subnets of a given type
- RedSeal
1 unique descriptions / Provided by 1 apps
- List all available suppression rules in the system
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- List SDN switches managed by the controller.
- Floodlight SDN
5 unique descriptions / Provided by 7 apps
- List Tables
- Big Query
- List all the collections in the database
- MongoDB
- List all the tables in the database
- Microsoft SQL Server
- List the tables in the database
- MySQL
- SQLite
- PostgreSQL
- Lists all the tables in the database connected to in your asset
- Microsoft Azure SQL
1 unique descriptions / Provided by 1 apps
- Get the names and values of all resource tags that are defined in the subscription
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- List the assessment target ARNs within the AWS account
- AWS Inspector
4 unique descriptions / Provided by 4 apps
- Get list of teams configured on PagerDuty
- PagerDuty
- Get list of teams configured on VictorOps
- VictorOps
- List all teams of an organization
- GitHub
- List teams
- Mattermost
1 unique descriptions / Provided by 1 apps
- List the assessment templates of assessment targets
- AWS Inspector
3 unique descriptions / Provided by 3 apps
- Get a list of threats on the specific device
- CylancePROTECT
- List the threats
- SentinelOne
- Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID
- AWS GuardDuty
10 unique descriptions / Provided by 10 apps
- Get a list of Cases
- Salesforce
- Get a list of Tickets
- Zendesk
- Get a list of cases in PhishLabs
- PhishLabs
- Get a list of incidents
- Cherwell
- Get a list of tickets
- Request Tracker
- Get a list of tickets (issues) in a project
- Jira
- Get a list of tickets in an application
- RSA Archer
- Get a list of tickets/records
- ServiceNow
- Get list of incidents
- BMC Remedy
- List all tickets
- TheHive
1 unique descriptions / Provided by 1 apps
- List languages translation models
- Watson - Language Translator
1 unique descriptions / Provided by 1 apps
- List the pipeline triggers of a GitLab project
- GitLab
1 unique descriptions / Provided by 1 apps
- List all configured upstreams
- NGINX
1 unique descriptions / Provided by 1 apps
- List all URL categories
- Zscaler
2 unique descriptions / Provided by 2 apps
- List the sample sources from the past 24 hours
- MalShare
- Lists all managed URLs from the black/white list
- Mimecast
1 unique descriptions / Provided by 1 apps
- List attributes for all or a specified user
- Azure AD Graph
2 unique descriptions / Provided by 3 apps
- Get the groups that the user is a member of
- Okta
- LDAP
- List configured user groups
- Cisco Tetration Analytics
20 unique descriptions / Provided by 23 apps
- Get a list of users
- Cherwell
- Get information about multiple users matching a property name/value
- xMatters
- Get list of users configured on VictorOps
- VictorOps
- Get list of users on PagerDuty
- PagerDuty
- Get the list of users
- G Suite for Drive
- Okta
- G Suite for GMail
- List all active users
- HipChat
- List all deceptive users on the Attivo BOTsink
- Attivo
- List all the users configured on the device
- Endgame
- List all the users in the GitLab instance
- GitLab
- List all users
- Code42
- Microsoft Teams
- List all users on a given server
- CloudPassage Halo
- List all users on system
- Ivanti ITSM
- List the RAM users
- Alibaba RAM
- List users configured on a system
- WMI
- List users in a tenant
- Azure AD Graph
- List users of AWS IAM
- AWS IAM
- List users of a Slack team
- Slack
- List users of a team
- Mattermost
- List users of an organization
- GitHub
- Lists users and roles
- AWS Community App 2
1 unique descriptions / Provided by 1 apps
- Get the list of virtual networks
- Microsoft Azure Compute
2 unique descriptions / Provided by 4 apps
- Get the list of registered VMs
- Nutanix Prism
- vSphere
- Microsoft Azure Compute
- List all instances in the OpenStack region
- OpenStack
3 unique descriptions / Provided by 3 apps
- List all vulnerabilities on a given server
- CloudPassage Halo
- List vulnerabilities present in ThreatStream
- ThreatStream
- Query SecurityCenter for a list of Vulnerabilities associated with an IP or host name
- SecurityCenter
1 unique descriptions / Provided by 1 apps
- Get a list of tenant zones
- CylancePROTECT
1 unique descriptions / Provided by 1 apps
- Take action on the remote endpoint
- Carbon Black ThreatHunter
1 unique descriptions / Provided by 1 apps
- Load or monitor Iris search results by Iris export hash
- DomainTools Iris
1 unique descriptions / Provided by 1 apps
- Locates a specific device in your cloud managed Meraki network
- Cisco Meraki Dashboard
2 unique descriptions / Provided by 2 apps
- Invoke an access lock on a specified device
- Code42
- Lock the device
- MobileIron
2 unique descriptions / Provided by 2 apps
- Logoff a user
- Windows Remote Management
- Logout a user on endpoint (Requires root privileges)
- SSH
1 unique descriptions / Provided by 1 apps
- Lookup AV String
- ThreatMiner API
1 unique descriptions / Provided by 1 apps
- Lookup certificate info
- Censys
10 unique descriptions / Provided by 13 apps
- Check for the presence of a domain in a threat intelligence feed
- SecurityTrails
- ThreatMiner API
- Mnemonic
- Dossier
- Find information about a domain at urlscan.io
- urlscan.io
- Gets information about a domain
- Cymon
- Lookup Domain info
- Censys
- Queries ThreatCrowd for domain info
- ThreatCrowd
- Query DNS about a domain
- DNSDB
- Query DNS records for a Domain or Host Name
- DNS
- Query ZETAlytics APIs for a domain name
- ZETAlytics
- Returns the result of a lookup on a specific url
- MxToolbox
- Searches for breaches associated with a domain
- Have I Been Pwned
3 unique descriptions / Provided by 4 apps
- Queries ThreatCrowd for email info
- ThreatCrowd
- Resolve an Alias name or email address, into mailboxes
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
- Searches for breaches associated with an email
- Have I Been Pwned
2 unique descriptions / Provided by 3 apps
- Check for the presence of a hash in a threat intelligence feed
- ThreatMiner API
- Dossier
- Lookup MD5 Hash with McAfee Active Response
- McAfee OpenDXL
1 unique descriptions / Provided by 1 apps
- Return AWS EC2 instance information using IP address or Instance Id
- AWS Community App
19 unique descriptions / Provided by 24 apps
- Attempts a lookup of the hostname for the provided IP
- NetBIOS
- Check for the presence of an IP in a threat intelligence feed
- IP Info
- Greynoise
- ThreatMiner API
- Neutrino API
- HoneyDB
- Dossier
- Check if IP is a Tor exit node
- Tor
- Checks Skybox for the existence of the IP among the model's assets
- Skybox
- Find information about an IP address at urlscan.io
- urlscan.io
- Get IP info from DShield
- DShield
- Get endpoint details and flows of a specific IP
- Cisco Tetration Analytics
- Lookup IP/CIDR info
- Tufin SecureTrack
- Lookup ip info
- Censys
- Lookup the categories related to an IP
- Zscaler
- Lookup the categories related to the IP or list of IPs
- Forcepoint Web Security
- Queries IP info
- AbuseIPDB
- Queries RIPE for abuse counts associated with an IP
- RIPE
- Queries ThreatCrowd for IP info
- ThreatCrowd
- Query Reverse DNS records for an IP
- DNS
- Query ZETAlytics APIs for an IP address
- ZETAlytics
- Retrieve host based on IP address
- Vectra Active Enforcement
- Returns the result of a lookup on a specific ip address
- MxToolbox
- Reverse DNS lookup
- DNSDB
1 unique descriptions / Provided by 1 apps
- Query the Mac Vendor based on the OUI
- MAC Vendors
1 unique descriptions / Provided by 1 apps
- Get information for an authoritative nameserver
- ZETAlytics
1 unique descriptions / Provided by 1 apps
- Get info about a WiFi SSID
- WiGLE
1 unique descriptions / Provided by 1 apps
- Search SSL thumbprint
- ThreatMiner API
7 unique descriptions / Provided by 8 apps
- Check for the presence of a url in a threat intelligence feed
- Cloaken
- Dossier
- Check the url categorization and risk level
- McAfee TrustedSource
- Expand bit.ly or goo.gl url
- URL Expander
- Get the original URL from a shortened URL
- unshorten.me
- Gets information about a URL
- Alexa
- Lookup the categories related to a URL
- Zscaler
- Lookup the categories related to the URL or list of URLs
- Forcepoint Web Security
1 unique descriptions / Provided by 1 apps
- Ask a Manual question without parsing
- Tanium
1 unique descriptions / Provided by 1 apps
- Memory dump for a specified path
- Carbon Black Response
1 unique descriptions / Provided by 1 apps
- Mitigate identified threat
- SentinelOne
1 unique descriptions / Provided by 1 apps
- Modify the properties of an existing label by ID
- Tanium Detect
1 unique descriptions / Provided by 2 apps
- Move an email to a folder
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
1 unique descriptions / Provided by 1 apps
- Add a new note for the Entity
- ThreatX
1 unique descriptions / Provided by 1 apps
- Wait for the specified number of seconds
- Phantom
1 unique descriptions / Provided by 1 apps
- Check the status of a notifcation
- AlertFind
1 unique descriptions / Provided by 1 apps
- Get details about an offense
- QRadar
31 unique descriptions / Provided by 52 apps
- Action handler for the ingest functionality
- EWS for Office 365
- Symantec Data Loss Prevention
- RedLock
- Action to ingest endpoint related information
- NetWitness Endpoint
- Action to ingest threats
- Cofense Intelligence
- Callback action for the on_poll ingest functionality
- Cofense Triage
- Tanium Detect
- QRadar
- ThreatStream
- Generator
- IntSights
- EclecticIQ app
- JASK
- FortiSIEM
- Proofpoint TAP
- Digital Shadows
- RSA Archer
- Streaming API
- ThreatConnect
- ELSA (Security Onion)
- IMAP
- AWS GuardDuty
- Callback action for the on_poll ingest functionality.
- FireEye
- McAfee ESM
- Soltra Edge
- iSight Partners
- Callback action to ingest security feed items
- ZETAlytics
- Create one empty event to kick off a playbook
- Timer
- Ingest IOCs from an RSS Feed
- RSS
- Ingest alarms from LogRhythm
- LogRhythm SIEM
- Ingest alerts from the Attivo BOTsink
- Attivo
- Ingest data to Phantom
- Netskope
- Ingest data to phantom
- RedSeal
- Ingest emails from the server into Phantom
- Microsoft Exchange On-Premise EWS
- Ingest findings from Security Hub
- AWS Security Hub
- Ingest from Preempt
- Preempt
- Ingest incidents
- Symantec ATP
- Ingest incidents from RSA Security Analytics
- RSA Security Analytics
- Ingest latest tickets
- Ivanti ITSM
- Ingest logs from the Splunk instance
- Splunk
- Ingest messages from Kafka
- Kafka
- Ingest reports
- DeepSight
- Ingest scan data from InsightVM
- InsightVM
- Ingest tickets from JIRA
- Jira
- Ingest unacknowledged incidents from Canary
- Canary
- Ingests unresolved alerts into Phantom
- Carbon Black Response
- Poll for new Objects on Salesforce
- Salesforce
- Query ProtectWise for Events and Observables and ingest into Phantom
- ProtectWise
- Query device on a known interval
- Vectra Active Enforcement
- Run a query in Starlight and ingest the results
- Aella Data Starlight
- Run a query on Sumo Logic and ingest the results
- Sumo Logic
- Start SlackBot and make health checks to it
- Slack
2 unique descriptions / Provided by 2 apps
- Parses the supplied text into a valid Tanium query string
- Tanium REST
- Retrieves related questions to a possible Tanium question
- Tanium
1 unique descriptions / Provided by 1 apps
- Perform a REST PATCH call to the server
- HTTP
1 unique descriptions / Provided by 1 apps
- Ping a domain
- HackerTarget
1 unique descriptions / Provided by 1 apps
- Ping an ip
- HackerTarget
1 unique descriptions / Provided by 1 apps
- Find domains connected by any supported Iris search parameter
- DomainTools Iris
1 unique descriptions / Provided by 1 apps
- Post on the chatter feed for a specified case
- Salesforce
5 unique descriptions / Provided by 5 apps
- Add data to the database
- MongoDB
- Create an indicator and post it to ThreatConnect
- ThreatConnect
- Perform a REST POST call to the server
- HTTP
- Post data to Splunk
- Splunk
- Post data to a Kafka topic
- Kafka
1 unique descriptions / Provided by 1 apps
- Push a MD5 Hash into the TIE Database
- McAfee OpenDXL
2 unique descriptions / Provided by 2 apps
- Push an event over the McAfee DXL fabric
- McAfee OpenDXL
- Report an IP for abusive behavior
- AbuseIPDB
1 unique descriptions / Provided by 1 apps
- add a pass or drop rule to an existing map
- Gigamon Application for Phantom
1 unique descriptions / Provided by 1 apps
- Perform a REST PUT call to the server
- HTTP
1 unique descriptions / Provided by 1 apps
- Set the importance value of a device
- Interset AI
1 unique descriptions / Provided by 1 apps
- Upload file to a Windows hostname
- Carbon Black Response
1 unique descriptions / Provided by 1 apps
- Set the importance value of a file
- Interset AI
1 unique descriptions / Provided by 1 apps
- Set the importance value of an entity
- Interset AI
1 unique descriptions / Provided by 1 apps
- Set the importance value of a project
- Interset AI
1 unique descriptions / Provided by 1 apps
- Set the importance value of a user
- Interset AI
8 unique descriptions / Provided by 11 apps
- Block the device
- CrowdStrike OAuth API
- Quarantine a device
- Mark II Server
- Quarantine an endpoint
- Symantec ATP
- Quarantine the device
- Windows Defender ATP
- Cisco ISE
- Quarantine the endpoint
- Carbon Black Response
- SentinelOne
- Symantec Endpoint Protection 14
- Quarantines a device using the Cybereason platform
- Cybereason
- Request to contain the endpoint
- FireEye HX
- Send the quarantine tag to the endpoint
- McAfee ePO
1 unique descriptions / Provided by 1 apps
- Quarantine a file
- Windows Defender ATP
1 unique descriptions / Provided by 1 apps
- Quarantines AWS instance that has the given IP address
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Query the certificate dataset
- Censys
1 unique descriptions / Provided by 1 apps
- Query the ZETAlytics D8s service
- ZETAlytics
1 unique descriptions / Provided by 1 apps
- Fetch the device details based on the provided query
- CrowdStrike OAuth API
2 unique descriptions / Provided by 2 apps
- Query the domain dataset
- Censys
- Search Shodan.io for discovered service info
- Shodan
1 unique descriptions / Provided by 1 apps
- Query EclecticIQ Platform for entities
- EclecticIQ app
2 unique descriptions / Provided by 2 apps
- Query the IP dataset
- Censys
- Search Shodan.io for discovered service info
- Shodan
1 unique descriptions / Provided by 1 apps
- Provides a rating for an Alert within IronDefense
- IronNet
1 unique descriptions / Provided by 1 apps
- Reanalyze the file in the A1000 Advanced Malware Analysis Appliance
- RL A1000
2 unique descriptions / Provided by 2 apps
- Reboot the endpoint (Requires root privileges)
- SSH
- Reboots the system
- Tanium
1 unique descriptions / Provided by 1 apps
- Search for new domains containing a word
- DomainTools
1 unique descriptions / Provided by 1 apps
- Check the recipient status of a notification
- AlertFind
1 unique descriptions / Provided by 1 apps
- Redeploy a virtual machine
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Removes EC2 Access for a given IAM user
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Remove ACL from an instance. The default network ACL and ACLs associated with any subnets ...
- AWS EC2
1 unique descriptions / Provided by 1 apps
- Remove user as a collaborator from repo
- GitHub
1 unique descriptions / Provided by 1 apps
- Remove an agent in Empire
- Empire
1 unique descriptions / Provided by 1 apps
- Removes a file from a SharePoint Site
- SharePoint
1 unique descriptions / Provided by 1 apps
- Remove all the associations of the groups from the provided user
- Alibaba RAM
1 unique descriptions / Provided by 1 apps
- Remove held account from the given hold ID
- Google Vault
1 unique descriptions / Provided by 1 apps
- Remove one or more hosts from the static host group
- CrowdStrike OAuth API
1 unique descriptions / Provided by 1 apps
- Removes an EC2 instance from a security group
- AWS EC2
1 unique descriptions / Provided by 1 apps
- Remove url/category from local database file
- Symantec Management Center
2 unique descriptions / Provided by 2 apps
- Remove a sender or domain from a Mimecast group
- Mimecast
- Remove user from team
- GitHub
1 unique descriptions / Provided by 1 apps
- Remove a node from a pool
- F5 BIG-IP LTM
1 unique descriptions / Provided by 1 apps
- Remove all the existing policies of the provided user
- Alibaba RAM
1 unique descriptions / Provided by 1 apps
- Remove managed policy association with the user
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Remove role from AWS IAM account
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Remove a server from an upstream
- NGINX
1 unique descriptions / Provided by 1 apps
- Removes Security Group Access for a given IAM user
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Removes ingress rule from security group
- AWS Community App
2 unique descriptions / Provided by 2 apps
- Remove a tag from the endpoint
- McAfee ePO
- Remove specified tag from an instance
- AWS EC2
3 unique descriptions / Provided by 3 apps
- Remove a user from a specified group
- Azure AD Graph
- Remove a user from the provided group
- Alibaba RAM
- Remove user from a group
- AWS IAM
1 unique descriptions / Provided by 1 apps
- Requests immediate renewal for an existing certificate in Venafi
- Venafi
1 unique descriptions / Provided by 1 apps
- Reopens a matter to move it from CLOSED to OPEN state
- Google Vault
1 unique descriptions / Provided by 1 apps
- Replace all the existing groups of the user with the provided groups
- Alibaba RAM
1 unique descriptions / Provided by 1 apps
- Replace all the existing policies of the user or the group with the provided policies
- Alibaba RAM
1 unique descriptions / Provided by 1 apps
- Reports observed bad activity to IronDefense
- IronNet
3 unique descriptions / Provided by 3 apps
- Force the user to change the password at the next logon
- LDAP
- Generate a one-time token that can be used to reset a user's password
- Okta
- Reset or set a user's password in an Azure AD environment
- Azure AD Graph
1 unique descriptions / Provided by 1 apps
- Tell the server to reset the sensor "sensor_wait_timeout"
- Carbon Black Response
1 unique descriptions / Provided by 1 apps
- Restarts Ixia vision one instance
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- Restart the configured device
- NetWitness Logs and Packets
1 unique descriptions / Provided by 1 apps
- DEPRECATED
- RSA Security Analytics
1 unique descriptions / Provided by 1 apps
- Restart a system
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Restore JSON config to the Corelight box
- Corelight
1 unique descriptions / Provided by 1 apps
- Restores a matter to move it from DELETED to CLOSED state
- Google Vault
3 unique descriptions / Provided by 3 apps
- Extract IPs from a single domain response for further pivoting
- DomainTools Iris
- Find IPs that point to this domain and other domain names that share the same ...
- DomainTools
- Find IPs that resolve to this domain
- HackerTarget
3 unique descriptions / Provided by 3 apps
- Find domains with an email in their Whois record
- DomainTools
- Find domains with email in Whois, DNS SOA or SSL certificate
- DomainTools Iris
- Find domains with this email address in their Whois record or SOA email records
- ZETAlytics
1 unique descriptions / Provided by 1 apps
- Return a list of domains registered with the given email domain
- ZETAlytics
3 unique descriptions / Provided by 4 apps
- Find domain names that share an IP
- ThreatMiner API
- DomainTools
- Find domains that resolve to this ip
- HackerTarget
- Find domains with web hosting IP, NS IP or MX IP
- DomainTools Iris
1 unique descriptions / Provided by 1 apps
- Get a list of domains and hostnames for an authoritative nameserver
- ZETAlytics
2 unique descriptions / Provided by 2 apps
- Revert VM to a named snapshot if name is specified, otherwise revert to the current ...
- vSphere
- Revert VM to specified snapshot
- Nutanix Prism
1 unique descriptions / Provided by 1 apps
- Requests to revoke an existing certificate in Venafi
- Venafi
1 unique descriptions / Provided by 1 apps
- Trigger an ifttt action (via the Maker Channel)
- IFTTT - Maker Channel
1 unique descriptions / Provided by 1 apps
- Start the assessment run specified by the assessment template ARN
- AWS Inspector
3 unique descriptions / Provided by 3 apps
- Execute a command on the endpoint
- Windows Remote Management
- Issue a Carbon Black Response command by providing the command name and the command's parameters ...
- Carbon Black Response
- Run a command on the virtual machine
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Run a connector
- Kenna Security
1 unique descriptions / Provided by 1 apps
- Runs command using a public or custom SSM Document on one or more managed instances
- AWS Systems Manager
1 unique descriptions / Provided by 1 apps
- Launches an Ansible Tower job template.
- Ansible Tower
1 unique descriptions / Provided by 1 apps
- Execute a pipeline on a particular branch of a project
- GitLab
1 unique descriptions / Provided by 1 apps
- Run a preconfigured Playbook on the Attivo BOTsink
- Attivo
36 unique descriptions / Provided by 43 apps
- Bring the findings as per the filters are applied
- AWS GuardDuty
- Execute an ariel query on the QRadar device
- QRadar
- Get emails across the Mimecast platform
- Mimecast
- Invoke a search for process information
- Carbon Black ThreatHunter
- Lookup the management events captured by CloudTrail
- AWS CloudTrail
- Query ThreatQ and grab attributes
- ThreatQ
- Retrieve integration results based on the specified hash (MD5 or SHA256) or URL. Specify only ...
- Cofense Triage
- Run SSL Labs analysis of a host
- SSL Labs
- Run a Query
- Big Query
- Run a named query on Athena
- AWS Athena
- Run a query against ELSA
- ELSA (Security Onion)
- Run a query against a table or tables in the database
- MySQL
- SQLite
- PostgreSQL
- Microsoft Azure SQL
- Microsoft SQL Server
- Run a query on InfluxDB
- InfluxDB
- Run a query on Panorama
- Panorama
- Run a query to create a PCAP
- Endace
- Run a query to find events or attributes
- MISP
- Run a query using the SalesforceObject Query Language
- Salesforce
- Run a saved or parsed question
- Tanium
- Run a search query on the CRITs device
- CRITs
- Run a search query on the Elasticsearch installation. Please escape any quotes that are part ...
- Elasticsearch
- Run a search query on the Splunk device. Please escape any quotes that are part ...
- Splunk
- Run a search query on the device
- Carbon Black Response
- Run a search query on the devices registered on the Tanium server
- Tanium REST
- Run an arbitrary query using WQL on the system
- WMI
- Run observables query in ThreatStream
- ThreatStream
- Run query for events on a given IP
- Netskope
- Run query for searching ticket
- OTRS
- Run query on forensic search
- Code42
- Run query on vulnerabilities
- Kenna Security
- Runs a search query on the Sumo Logic platform
- Sumo Logic
- Search emails
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
- MS Graph for Office 365
- Search emails with query/filtering options
- G Suite for GMail
- Search for a text in resources
- ArcSight ESM
- Ivanti ITSM
- Search tickets
- Zendesk
- Search tweets for specific text within the past 7 days
- Submit a query to fetch security impact, access details and threat details between two endpoints
- RedSeal
1 unique descriptions / Provided by 1 apps
- Run a PowerShell script on the endpoint
- Windows Remote Management
1 unique descriptions / Provided by 1 apps
- Run a simulation
- Verodin
1 unique descriptions / Provided by 1 apps
- Run a job
- Verodin
1 unique descriptions / Provided by 1 apps
- Save the given data in an action result
- Save Data
1 unique descriptions / Provided by 1 apps
- Save a file from a remote connection to Tanium Threat Response
- Tanium Threat Response
1 unique descriptions / Provided by 1 apps
- Save a PDF of the detonation report to the Vault.
- WildFire
1 unique descriptions / Provided by 1 apps
- Scan an endpoint and remediate threats found
- Malwarebytes Cloud
1 unique descriptions / Provided by 1 apps
- Scan an endpoint and report threats found
- Malwarebytes Cloud
1 unique descriptions / Provided by 1 apps
- Scan a device for virus
- Windows Defender ATP
5 unique descriptions / Provided by 6 apps
- Initiates a Cyber Triage collection on a remote endpoint
- Cyber Triage
- Runs a scan against a specified IP or host.
- SecurityCenter
- Scan an endpoint
- Symantec Endpoint Protection 14
- NetWitness Endpoint
- Scan an endpoint for dormant threats
- SentinelOne
- Scans a host using the selected scan policy ID
- Nessus
1 unique descriptions / Provided by 1 apps
- Execute NMAP scan against a host or subnet
- NMAP Scanner
1 unique descriptions / Provided by 1 apps
- Retrieve URL scan results against a previous Scan request
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Initiate a scan on a project that has already been scanned
- Tala
1 unique descriptions / Provided by 1 apps
- Search for domain names containing a keyword
- ZETAlytics
1 unique descriptions / Provided by 1 apps
- Search Task
- TheHive
1 unique descriptions / Provided by 1 apps
- Search for samples in Falcon Sandbox database using search terms
- Falcon Sandbox
1 unique descriptions / Provided by 1 apps
- Search Ticket
- TheHive
1 unique descriptions / Provided by 1 apps
- Query VM's based on string
- Nutanix Prism
1 unique descriptions / Provided by 1 apps
- Sends an email
- SMTP
8 unique descriptions / Provided by 9 apps
- Send Message to user or room
- Cisco Spark
- Send an SMS Text
- ClickSend
- Twilio
- Send and SMS message via send_sms_message IFTTT Maker Channel event
- IFTTT - Maker Channel
- Send message to HipChat user
- HipChat
- Send message to Slack
- Slack
- Send message to a channel
- Mattermost
- Send message to a channel of a group
- Microsoft Teams
- Send message to a contact
- Skype for Business
1 unique descriptions / Provided by 1 apps
- Send notifcation to AlertFind
- AlertFind
1 unique descriptions / Provided by 1 apps
- Sets the status of an Alert within IronDefense
- IronNet
1 unique descriptions / Provided by 1 apps
- Set GPIO Mode
- BerryIO
2 unique descriptions / Provided by 2 apps
- Set the password of a user
- LDAP
- Set the password of a user without validating existing credentials
- Okta
1 unique descriptions / Provided by 1 apps
- Approve containment request for host
- FireEye HX
3 unique descriptions / Provided by 3 apps
- Set incident status
- BMC Remedy
- Set the state of a detection in Falcon Host
- Falcon Host API
- Set ticket (issue) status
- Jira
1 unique descriptions / Provided by 1 apps
- Set the value of an attribute of a computer/system
- LDAP
1 unique descriptions / Provided by 1 apps
- Set an attribute for a user
- Azure AD Graph
1 unique descriptions / Provided by 1 apps
- Set GPIO Value
- BerryIO
2 unique descriptions / Provided by 2 apps
- Shutdown a system
- Windows Remote Management
- Shutdown the endpoint(Requires root privileges)
- SSH
2 unique descriptions / Provided by 2 apps
- Snapshot AWS instance that has the given IP address
- AWS Community App
- Snapshot AWS instance that has the given IP address or instance ID
- AWS EC2
1 unique descriptions / Provided by 3 apps
- Take a snapshot of the VM
- Nutanix Prism
- vSphere
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Snapshots all volumes attached to the instance
- AWS Community App 2
1 unique descriptions / Provided by 1 apps
- Request a file to be acquired into FireEye HX
- FireEye HX
1 unique descriptions / Provided by 1 apps
- Start EC2 instance
- AWS Community App
1 unique descriptions / Provided by 3 apps
- Start a stopped or suspended VM
- Nutanix Prism
- vSphere
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Stop SlackBot
- Slack
1 unique descriptions / Provided by 1 apps
- Stop EC2 instance
- AWS Community App
1 unique descriptions / Provided by 3 apps
- Stop a VM
- Nutanix Prism
- vSphere
- Microsoft Azure Compute
1 unique descriptions / Provided by 1 apps
- Submit report to TruSTAR
- TruSTAR
2 unique descriptions / Provided by 2 apps
- Suspend a VM
- vSphere
- Suspend a VM (Requires guest tools installed on vm)
- Nutanix Prism
1 unique descriptions / Provided by 1 apps
- Force a sensor to sync all queued events to the server
- Carbon Black Response
1 unique descriptions / Provided by 1 apps
- Retrieves changes from list
- SharePoint
1 unique descriptions / Provided by 1 apps
- Synchronize projects to return a newer policy, which will be added to the vault
- Tala
1 unique descriptions / Provided by 1 apps
- Tag an existing device on the ExtraHop
- ExtraHop
1 unique descriptions / Provided by 1 apps
- Add a tag to the observable
- ThreatStream
1 unique descriptions / Provided by 1 apps
- Initiate a takedown request of an alert from the IntSights dashboard
- IntSights
1 unique descriptions / Provided by 1 apps
- Kill an agent on an endpoint in Empire
- Empire
5 unique descriptions / Provided by 6 apps
- Kill a Process
- Endgame
- Kill a running process of the devices registered on the Tanium server
- Tanium REST
- Kill running processes on a machine
- Carbon Black Response
- Terminate a process
- Windows Remote Management
- Tanium
- Terminate a process (Requires root privileges)
- SSH
1 unique descriptions / Provided by 1 apps
- Kill a listener in Empire
- Empire
2 unique descriptions / Provided by 2 apps
- Terminate sessions
- Cisco ISE
- Terminates all VPN sessions of a user
- Cisco ASA
68 unique descriptions / Provided by 291 apps
- Checks API Key with Google Safe Browsing
- Safe Browsing
- Checks authentication with the AlertFind instance
- AlertFind
- Checks authentication with the InsightVM instance
- InsightVM
- Checks connectivity with configured hosts
- Kafka
- Checks connectivity with the configured Malware Analysis Service instance using either the API key, or ...
- Malware Analysis Service
- Run a query on the device to test connection and credentials
- ServiceNow
- Run a quick query on the server to check the connection and credentials
- xMatters
- Test TrustedSource communication
- McAfee TrustedSource
- Test connection to PagerDuty to validate supplied API key
- PagerDuty
- Test connectivity to ThreatStream by querying the intelligence endpoint
- ThreatStream
- Tests authorization with Slack
- Slack
- Tests connectivity to Cymon
- Cymon
- This action connects to the server to verify the connection
- Lastline
- This action connects to the server to verify the connection.
- Cyphort
- This action runs a lookup ip action to test connection
- NetBIOS
- This action runs a quick query on the server to check the connection and credentials
- Proofpoint TAP
- Use supplied credentials to generate a token with MS Graph
- MS Graph for Office 365
- Azure AD Graph
- Validate API Key with Pipl server
- Pipl
- Validate connection to the Digital Shadows API
- Digital Shadows
- Validate connection using the configured credentials
- Salesforce
- HTTP
- Validate connectivity to Censys
- Censys
- Validate connectivity to McAfee ePO
- McAfee ePO
- Validate credentials provided for connectivity
- Cisco Tetration Analytics
- Symantec ATP
- TruSTAR
- CloudPassage Halo
- Tufin SecureTrack
- Symantec Endpoint Protection 14
- Infoblox DDI
- Cisco ESA
- Git
- NetWitness Endpoint
- Validate the API Token by attempting to connect to the Device URL. This action runs ...
- Carbon Black Protection (Bit9)
- Validate the asset configuration by attempting to connect and getting the version of the API ...
- FireAMP
- Validate the asset configuration by attempting to connect. This action runs a quick query on ...
- Carbon Black Response
- Validate the asset configuration for DXL connectivity.
- McAfee OpenDXL
- Validate the asset configuration for connectivity
- Cofense Intelligence
- FortiGate
- EWS for Office 365
- Recorded Future
- Palo Alto Networks Firewall
- DNS
- VirusTotal
- DomainTools Iris
- IntSights
- AWS Community App 2
- RL TitaniumCloud File Reputation
- Interset AI
- Falcon Sandbox
- ClickSend
- Cyware
- Cisco Firepower
- Gigamon Application for Phantom
- F5 BIG-IP
- VMRay
- OpenStack
- Cisco Meraki Dashboard
- Cisco Router BGP RTBH
- A10 LADS
- Verodin
- DomainTools
- Phantom
- DShield
- FireSIGHT
- Falcon Host API
- ProtectWise
- MISP
- OpenDNS Investigate
- DeepSight
- Myip
- MAC Vendors
- Symantec CAS
- ThreatConnect
- ELSA (Security Onion)
- Screenshot Machine
- Symantec Security Analytics
- G Suite for GMail
- Symantec Data Loss Prevention
- PassiveTotal
- WiGLE
- Check Point Firewall
- Panorama
- HoneyDB
- Phishing Initiative
- DNSDB
- ReversingLabs
- Validate the asset configuration for connectivity and authentication using supplied configuration
- SlashNext Phishing Incident Response
- Validate the asset configuration for connectivity and field mapping
- RSA Archer
- Validate the asset configuration for connectivity by attempting to log into the device
- RL TitaniumScale Enterprise File Visibility
- RL A1000
- Validate the asset configuration for connectivity using supplied configuration
- Tanium REST
- Tanium Threat Response
- Microsoft Exchange On-Premise EWS
- Tanium Detect
- Skybox
- Zscaler
- GitLab
- Cisco Threat Response
- IronNet
- Code42
- Microsoft OneDrive
- Forcepoint Web Security
- DarkPoint
- MySQL
- Malwarebytes Cloud
- IP Info
- Kaspersky Threat Intelligence
- Cloaken
- Carbon Black ThreatHunter
- ThreatX
- Skype for Business
- AWS Community App
- Attivo
- Nutanix Prism
- ShadowDragon SocialNet
- RedSeal
- Greynoise
- ThreatMiner API
- SharePoint
- JASK
- Axonius Cybersecurity Asset Management
- FortiSIEM
- ZETAlytics
- Forcepoint Firewall
- FireEye HX
- Risk Fabric
- Cybereason
- Mark II Server
- ExtraHop
- Endace
- McAfee Network Security Manager
- InfluxDB
- Cyber Triage
- NSX
- Neutrino API
- Windows Remote Management
- Cuckoo
- GitHub
- AWS Security Hub
- HipChat
- Endgame
- SQLite
- G Suite for Drive
- AWS S3
- Microsoft Azure Compute
- Tanium
- Google Vault
- SentinelOne
- AWS Athena
- Big Query
- Preempt
- Okta
- RSS
- Empire
- Netskope
- Arbor APS
- ipstack
- Alibaba RAM
- Microsoft SCCM
- MalShare
- AbuseIPDB
- APIvoid
- Mattermost
- AWS IAM
- Kenna Security
- Cisco Spark
- PostgreSQL
- GRR Rapid Response
- Tala
- Microsoft SCOM
- Microsoft Azure SQL
- NGINX
- Koodous
- AWS WAF
- LogRhythm SIEM
- RIPE
- Timer
- Twilio
- AWS EC2
- BigFix
- Ivanti ITSM
- Microsoft Teams
- ForeScout CounterACT
- VictorOps
- AWS Inspector
- AlienVault OTX
- Joe Sandbox v2
- AWS Lambda
- Mimecast
- RedLock
- TheHive
- Microsoft SQL Server
- PhishLabs
- KnowThyCustomer
- Cherwell
- Venafi
- Mnemonic
- Watson - Language Translator
- AWS Systems Manager
- AWS GuardDuty
- MongoDB
- Moloch
- urlscan.io
- Canary
- Dossier
- McAfee Advanced Threat Defense (ATD)
- Validate the asset configuration for connectivity using supplied configuration parameters
- Ixia Network Packet Broker
- Validate the asset configuration for connectivity using supplied configuration.
- isitPhishing
- Validate the asset configuration for connectivity using supplied credentials
- OSXCollector
- BMC Remedy
- Jira
- Validate the asset configuration for connectivity using supplied credentials.
- OTRS
- Validate the asset configuration for connectivity using the supplied configuration
- Cofense Triage
- F5 BIG-IP LTM
- Windows Defender ATP
- Symantec Management Center
- PasteBin
- Corelight
- PolySwarm
- Vectra Active Enforcement
- Intezer Analyze
- EclecticIQ app
- SecurityTrails
- AWS CloudTrail
- Confluence
- CylancePROTECT
- Validate the asset configuration for connectivity.
- URL Expander
- SonicWALL
- Cymmetria MazeRunner
- IFTTT - Maker Channel
- Floodlight SDN
- ThreatQ
- Ansible Tower
- Shodan
- OpenDNS Umbrella
- iSight Partners
- SecurityCenter
- Validate the asset configuration for connectivity. This action login to the device to check the ...
- Apresia 26000 series
- Validate the asset configuration for connectivity. This action logs into the device and sends a ...
- SMTP
- Validate the asset configuration for connectivity. This action logs into the device to check the ...
- Splunk
- Aella Data Starlight
- Blue Coat
- FireEye
- vSphere
- WildFire
- Threat Grid
- Elasticsearch
- LDAP
- CRITs
- Malwr
- BerryIO
- Validate the asset configuration for connectivity. This action logs into the device using a REST ...
- Cisco ISE
- Validate the asset configuration for connectivity. This action logs into the site to check the ...
- Streaming API
- CrowdStrike OAuth API
- Validate the asset configuration for connectivity. This action makes a request to the service to ...
- URLVoid
- Validate the asset configuration for connectivity. This action runs a few commands on the device ...
- TiFRONT
- Cisco Catalyst
- Cisco ASA
- Validate the asset configuration for connectivity. This action runs a quick query on the device ...
- QRadar
- Zendesk
- SSL Labs
- Request Tracker
- MobileIron
- Validate the asset configuration for connectivity. This action runs a quick query on the server ...
- ArcSight ESM
- IMAP
- unshorten.me
- Validate the asset configuration for connectivity. This action tries to login to the device to ...
- Juniper SRX
- Validate the asset configuration for connectivity. This action validates the feed name on Soltra Edge ...
- Soltra Edge
- Validate the asset configuration using api tokens
- Nessus
- Validate the credentials provided for connectivity
- RSA Security Analytics
- NetWitness Logs and Packets
- Validate the supplied API Key
- Carbon Black Defense
- Validate the supplied credentials with the SMG server
- Symantec Messaging Gateway
- Validates asset configuration for connectivity
- Alexa
- Validates connectivity by retrieving a valid SessionID
- RemedyForce
- Validates connectivity to AutoFocus
- AutoFocus
- Validates connectivity to CriticalStack
- CriticalStack Intel
- Validates connectivity to CylancePROTECT
- Cylance
- Validates connectivity to XForce
- IBM XForce
- Validates connectivity to the Imperva SecureSphere Management Server
- SecureSphere WAF
- Validates endpoint connection
- SSH
- Validates the asset configuration for connectivity
- MxToolbox
- Validates the asset configuration for connectivity.
- Metadefender
- Validates the connection to the Tor Project website
- Tor
- Validates the connectivity by querying PhishTank
- PhishTank
- Validates the credentials
- McAfee ESM
- Verifies connectivity with the Malware Domain List website
- Malware Domain List
- validate the asset configuration for connectivity
- Sumo Logic
1 unique descriptions / Provided by 1 apps
- Check connectivity between source and destination network
- Tufin SecureTrack
1 unique descriptions / Provided by 1 apps
- Traceroute to a domain
- HackerTarget
1 unique descriptions / Provided by 1 apps
- Traceroute to an ip
- HackerTarget
1 unique descriptions / Provided by 1 apps
- Translate text from one language to another
- Watson - Language Translator
1 unique descriptions / Provided by 1 apps
- Unarchives Amazon GuardDuty findings specified by the detector ID and list of finding IDs
- AWS GuardDuty
1 unique descriptions / Provided by 1 apps
- Unarchive the AWS Security Hub aggregated findings specified by the filter attributes
- AWS Security Hub
1 unique descriptions / Provided by 1 apps
- Unassign a role to a user
- Okta
1 unique descriptions / Provided by 1 apps
- Remove a domain from the bad sender list
- Symantec Messaging Gateway
1 unique descriptions / Provided by 1 apps
- Remove an email from the bad sender list
- Symantec Messaging Gateway
3 unique descriptions / Provided by 3 apps
- Remove an IP from the bad sender list
- Symantec Messaging Gateway
- Remove an IP from the outbound Blacklist
- Arbor APS
- Unblock an IP
- Zscaler
2 unique descriptions / Provided by 2 apps
- Removes url from a managed URL blacklist
- Mimecast
- Unblock a URL
- Zscaler
1 unique descriptions / Provided by 3 apps
- Unblock an application
- Palo Alto Networks Firewall
- Juniper SRX
- Panorama
1 unique descriptions / Provided by 1 apps
- Unblock ARP packets sourced from this MAC.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Unblock a device
- Code42
2 unique descriptions / Provided by 2 apps
- Unblock a domain
- OpenDNS Umbrella
- Unblock domain
- Infoblox DDI
1 unique descriptions / Provided by 1 apps
- Unblock network traffic matching flow parameters.
- Floodlight SDN
5 unique descriptions / Provided by 6 apps
- Remove a hash from the Global Quarantine list (and place it into the Unassigned list). ...
- Cylance
- Unblock a file hash
- CylancePROTECT
- Unblock hashes on endpoints
- Symantec Endpoint Protection 14
- Unblock the hash
- Carbon Black Response
- SentinelOne
- Unblocks a particular hash
- Carbon Black Protection (Bit9)
13 unique descriptions / Provided by 21 apps
- Deletes the rule which blocks an IP address
- F5 BIG-IP
- Remove an IP from the outbound Blacklist
- Arbor APS
- Removes the rule blocking the IP address or network
- A10 LADS
- Unblock IP
- Infoblox DDI
- Unblock IP or list of IPs by removing them from the supplied category
- Forcepoint Web Security
- Unblock an IP
- FortiGate
- Zscaler
- Palo Alto Networks Firewall
- ThreatX
- McAfee Network Security Manager
- TiFRONT
- Cisco ASA
- Panorama
- Unblock an IP address or network.
- SecureSphere WAF
- Unblock an IP.
- Juniper SRX
- Unblock an IP/subnet
- Check Point Firewall
- Unblock an ip
- SonicWALL
- Apresia 26000 series
- Unblocks an IP
- Cisco Router BGP RTBH
- Unblocks an IP network
- Cisco Firepower
- Unblocks traffic to/from the matching IP
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Unblocks traffic to/from the matching MAC.
- Floodlight SDN
1 unique descriptions / Provided by 1 apps
- Unblocks an IP network
- Cisco Router BGP RTBH
1 unique descriptions / Provided by 1 apps
- Remove the sender email from the block list
- EWS for Office 365
1 unique descriptions / Provided by 1 apps
- Unblock a network service
- SonicWALL
1 unique descriptions / Provided by 1 apps
- Unblocks traffic to/from the matching IP subnet.
- Floodlight SDN
3 unique descriptions / Provided by 6 apps
- Unblock URL or list of URLs by removing them from the supplied category
- Forcepoint Web Security
- Unblock a URL
- Zscaler
- Unblock an URL
- Palo Alto Networks Firewall
- SonicWALL
- Blue Coat
- Panorama
2 unique descriptions / Provided by 2 apps
- Deactivate an access lock on a specified device
- Code42
- Unlock the device
- MobileIron
7 unique descriptions / Provided by 10 apps
- Containment cancellation for host
- FireEye HX
- Remove the quarantine tag on the endpoint
- McAfee ePO
- Un-quarantines a device using the Cybereason platform
- Cybereason
- Unblock the device
- CrowdStrike OAuth API
- Unquarantine an endpoint
- Symantec ATP
- Unquarantine the device
- Windows Defender ATP
- Cisco ISE
- Unquarantine the endpoint
- Carbon Black Response
- SentinelOne
- Symantec Endpoint Protection 14
1 unique descriptions / Provided by 1 apps
- Stop watching a user
- Preempt
2 unique descriptions / Provided by 2 apps
- Remove an IP address from the whitelist
- Zscaler
- Remove an IP from the outbound Whitelist
- Arbor APS
2 unique descriptions / Provided by 2 apps
- Remove a URL from the whitelist
- Zscaler
- Removes url from a managed URL whitelist
- Mimecast
1 unique descriptions / Provided by 1 apps
- Update an alarm
- LogRhythm SIEM
1 unique descriptions / Provided by 1 apps
- Update an indicator that has been uploaded
- Falcon Host API
1 unique descriptions / Provided by 1 apps
- Update a bucket
- AWS S3
1 unique descriptions / Provided by 1 apps
- Update documents which match a given filter
- MongoDB
2 unique descriptions / Provided by 2 apps
- Change the policy of a device conntected to CB Defense
- Carbon Black Defense
- Update device information
- Kenna Security
1 unique descriptions / Provided by 2 apps
- Update an email on the server
- Microsoft Exchange On-Premise EWS
- EWS for Office 365
3 unique descriptions / Provided by 3 apps
- Add attributes / IOCs to an event in MISP
- MISP
- Update a notable event
- Splunk
- Update the status of an event
- xMatters
1 unique descriptions / Provided by 1 apps
- Update (overwrite) contents of a file in the working directory
- Git
1 unique descriptions / Provided by 1 apps
- Updates specified Amazon GuardDuty findings as useful or not useful
- AWS GuardDuty
4 unique descriptions / Provided by 4 apps
- Acknowledge existing Canary incident
- Canary
- Update an incident in ThreatStream by ID number
- ThreatStream
- Update the incident state and/or add a comment to the incident
- Preempt
- Update timeline of existing incident in VictorOps
- VictorOps
1 unique descriptions / Provided by 1 apps
- Update the IP address criteria of a filter
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- Update an issue for the GitHub repository
- GitHub
2 unique descriptions / Provided by 2 apps
- Update a list
- Phantom
- Update a list by adding, deleting, or deleting all values from it
- ForeScout CounterACT
1 unique descriptions / Provided by 1 apps
- Update the mac address criteria for a filter
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- Update the mode of a filter
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- Update the state of one notification by ID
- Tanium Detect
1 unique descriptions / Provided by 2 apps
- Update an object
- Salesforce
- AWS S3
1 unique descriptions / Provided by 1 apps
- Attach a note to an offense
- QRadar
1 unique descriptions / Provided by 1 apps
- Update the operator of a filter
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- Update the port criteria of a filter
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- Update an existing project
- Tala
1 unique descriptions / Provided by 1 apps
- Update a property of a host
- ForeScout CounterACT
1 unique descriptions / Provided by 1 apps
- Update a specified resource
- CRITs
1 unique descriptions / Provided by 1 apps
- Update the state of an alert
- Tanium Detect
1 unique descriptions / Provided by 1 apps
- Change Indicator Status in ThreatQ
- ThreatQ
1 unique descriptions / Provided by 1 apps
- Update the task
- TheHive
11 unique descriptions / Provided by 13 apps
- Attach a note to a ticket (incident)
- RemedyForce
- Update a Case
- Salesforce
- Update a case on ArcSight
- ArcSight ESM
- Update a ticket
- OTRS
- Ivanti ITSM
- Update an existing incident
- BMC Remedy
- Update an incident
- Cherwell
- Update the value of a field of a record
- RSA Archer
- Update ticket (issue)
- Jira
- TheHive
- Update ticket information
- Zendesk
- Update ticket/record information
- ServiceNow
- Updates an existing ticket
- Request Tracker
1 unique descriptions / Provided by 1 apps
- Updates the basic information of the RAM user
- Alibaba RAM
1 unique descriptions / Provided by 1 apps
- Updates the vlan replacement settings of a filter
- Ixia Network Packet Broker
1 unique descriptions / Provided by 1 apps
- Update a vulnerability
- Kenna Security
1 unique descriptions / Provided by 1 apps
- Update a zone
- CylancePROTECT
10 unique descriptions / Provided by 10 apps
- Copy a file from the vault to the Windows Endpoint
- Windows Remote Management
- Save Container details to Google Drive
- IFTTT - Maker Channel
- Upload a feed or parser file to a NetWitness Decoder
- NetWitness Logs and Packets
- Upload a file from the Vault to Drive
- G Suite for Drive
- Upload a file to a computer
- Carbon Black Protection (Bit9)
- Upload file
- Microsoft OneDrive
- Upload file from vault in current container
- ThreatQ
- Upload file to HipChat
- HipChat
- Upload file to Slack
- Slack
- Upload file to a channel
- Mattermost
1 unique descriptions / Provided by 1 apps
- Get threat intelligence for a URL
- Recorded Future
16 unique descriptions / Provided by 16 apps
- Determine the reputation of a URL
- Safe Browsing
- Get URL reputation
- DeepSight
- Get a quick indicator of the risk associated with a URL
- Recorded Future
- Get attributes, related indicators, and related adversaries
- ThreatQ
- Get information about a URL
- ThreatStream
- Looks up information about URLs in Kaspersky Threat Intelligence Portal
- Kaspersky Threat Intelligence
- Queries PhishTank for URL's phishing reputation
- PhishTank
- Queries Polyswarm for url reputation info
- PolySwarm
- Queries URL info
- EclecticIQ app
- Queries VirusTotal for URL info
- VirusTotal
- Queries WebPulse Site Review for URL info.
- Blue Coat
- Queries for URL reputation information
- AlienVault OTX
- Query Joe Sandbox for URL reputation
- Joe Sandbox v2
- Query for URL reputation.
- isitPhishing
- Returns URL reputation report.
- IBM XForce
- URL Reputation
- Phishing Initiative
1 unique descriptions / Provided by 1 apps
- Perform a real-time URL reputation scan with SlashNext cloud-based SEER Engine
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Perform a real-time URL scan with SlashNext cloud-based SEER Engine in a blocking mode
- SlashNext Phishing Incident Response
1 unique descriptions / Provided by 1 apps
- Returns true if a user is in a group; otherwise, false
- Azure AD Graph
1 unique descriptions / Provided by 1 apps
- Query Threat Response for Verdict
- Cisco Threat Response
1 unique descriptions / Provided by 1 apps
- Set the vlan of the port on which the host is connected
- Cisco Catalyst
1 unique descriptions / Provided by 1 apps
- Get threat intelligence for a vulnerability
- Recorded Future
1 unique descriptions / Provided by 1 apps
- Get a quick indicator of the risk associated with a vulnerability
- Recorded Future
1 unique descriptions / Provided by 1 apps
- Watch a user
- Preempt
4 unique descriptions / Provided by 4 apps
- Add an IP address to the whitelist
- Zscaler
- Add an IP to the Whitelist
- ThreatX
- Add an IP to the outbound Whitelist
- Arbor APS
- Whitelist IP by removing any block rules from NACLs
- AWS Community App
1 unique descriptions / Provided by 1 apps
- Whitelists a specific sender and recipient in Mimecast
- Mimecast
2 unique descriptions / Provided by 2 apps
- Add a URL to the whitelist
- Zscaler
- Adds URL to a managed URL whitelist
- Mimecast
7 unique descriptions / Provided by 12 apps
- Execute a whois lookup on the given domain
- ThreatStream
- WHOIS
- HackerTarget
- Execute whois lookup on the given domain
- SecurityTrails
- ThreatMiner API
- DomainTools
- Myip
- Get all Iris data for a domain, including Whois
- DomainTools Iris
- Get domain WHOIS info
- PassiveTotal
- Get whois information for the given domain
- ZETAlytics
- Returns WHOIS report
- IBM XForce
- Run a whois query on OpenDNS for the given domain
- OpenDNS Investigate
1 unique descriptions / Provided by 2 apps
- Obtain historic whois records for a domain name
- SecurityTrails
- DomainTools
4 unique descriptions / Provided by 9 apps
- Execute a whois lookup on the given IP
- ThreatStream
- WHOIS
- WHOIS RDAP
- HackerTarget
- Execute whois lookup on the given IP address
- ThreatMiner API
- DomainTools
- Myip
- Get IP WHOIS info
- PassiveTotal
- Returns WHOIS report
- IBM XForce