| 2S-MISP-Forwarder |
๐ Standalone |
0 |
1 |
| 2S-MISP-Orchestrator |
๐ Standalone |
0 |
9 |
| [[Deprecated]] Add Dynatrace Application Security Attack Source IP Address to Threat Intelligence |
Dynatrace |
0 |
1 |
| [Deprecated] Intel 471 Malware Intelligence to Graph Security |
Intel471 |
0 |
1 |
| AD4IoT-AutoAlertStatusSync |
IoTOTThreatMonitoringwithDefenderforIoT |
0 |
1 |
| AD4IoT-CVEAutoWorkflow |
IoTOTThreatMonitoringwithDefenderforIoT |
0 |
1 |
| Add IP Entity To Named Location |
๐ Standalone |
0 |
3 |
| Add IP Entity To Network Security Group |
๐ Standalone |
0 |
2 |
| Add URL - Netskope |
๐ Standalone |
0 |
3 |
| Advanced ServiceNow Teams Integration Playbook |
Teams |
0 |
1 |
| Affected-Key-Credentials-Scanner |
๐ Standalone |
0 |
1 |
| Akamai Guardicore Incident-Enrichment โ one-click bootstrap |
Akamai Guardicore |
0 |
9 |
| Armis Update Alert Status |
Armis |
0 |
2 |
| AS-Add-Domains-to-Zscaler-URL-Category |
๐ Standalone |
0 |
5 |
| AS-Add-Machine-Logon-Users-to-Incident |
๐ Standalone |
0 |
2 |
| AS-Blob-Storage-Add-Domains-to-Zscaler-URL-Category |
๐ Standalone |
0 |
7 |
| AS-Block-GitHub-User |
๐ Standalone |
0 |
3 |
| AS-Block-Hash-in-Defender |
๐ Standalone |
0 |
2 |
| AS-Checkmarx-Audit-Ingestion |
๐ Standalone |
0 |
3 |
| AS-Checkmarx-SAST-Ingestion |
๐ Standalone |
0 |
4 |
| AS-Clear-Okta-Network-Zone-List |
๐ Standalone |
0 |
2 |
| AS-Create-Opsgenie-Incident |
๐ Standalone |
0 |
1 |
| AS-CrowdstrikeAlerts-Integration |
๐ Standalone |
0 |
3 |
| AS-Datadog-Events-Integration |
๐ Standalone |
0 |
1 |
| AS-Delete-App-Registration |
๐ Standalone |
0 |
2 |
| AS-Disable-Microsoft-Entra-ID-User-From-Entity |
๐ Standalone |
0 |
2 |
| AS-Edgescan-Integration-Assets |
๐ Standalone |
0 |
1 |
| AS-Edgescan-Integration-Hosts |
๐ Standalone |
0 |
1 |
| AS-Edgescan-Integration-Vulnerabilities |
๐ Standalone |
0 |
1 |
| AS-Enable-Microsoft-Entra-ID-User-From-Entity |
๐ Standalone |
0 |
2 |
| AS-Incident-Response-Approval-Email |
๐ Standalone |
0 |
1 |
| AS-Incident-Spiderfoot-Scan |
๐ Standalone |
0 |
2 |
| AS-IP-Blocklist |
๐ Standalone |
0 |
2 |
| AS-IP-Blocklist-HTTP |
๐ Standalone |
0 |
2 |
| AS-IP-Blocklist-HTTP |
๐ Standalone |
0 |
2 |
| AS-IP-Blocklist-Remove-IPs |
๐ Standalone |
0 |
2 |
| AS-Make-GitHub-Repository-Private |
๐ Standalone |
0 |
3 |
| AS-MDE-Isolate-Machine |
๐ Standalone |
0 |
2 |
| AS-MDE-Unisolate-Machine |
๐ Standalone |
0 |
2 |
| AS-Microsoft-DCR-Log-Ingestion |
๐ Standalone |
0 |
10 |
| AS-Microsoft-Entra-ID-Revoke-User-Sessions-HTTP |
๐ Standalone |
0 |
2 |
| AS-Microsoft-Entra-ID-Revoke-User-Sessions-HTTP |
๐ Standalone |
0 |
2 |
| AS-MuleSoft-Integration |
๐ Standalone |
0 |
2 |
| AS-Okta-NetworkZoneUpdate |
๐ Standalone |
0 |
2 |
| AS-Okta-NetworkZoneUpdate-HTTP |
๐ Standalone |
0 |
2 |
| AS-Okta-Terminate-User-Sessions-HTTP |
๐ Standalone |
0 |
2 |
| AS-PagerDuty-Integration |
๐ Standalone |
0 |
2 |
| AS-Remove-Domains-from-Zscaler-URL-Category |
๐ Standalone |
0 |
5 |
| AS-Revoke-Entra-ID-User-Session-From-Entity |
๐ Standalone |
0 |
2 |
| AS-Revoke-Entra-ID-User-Session-From-Incident |
๐ Standalone |
0 |
2 |
| AS-Sign-Out-Google-User |
๐ Standalone |
0 |
2 |
| AS-Slack-Integration |
๐ Standalone |
0 |
2 |
| AS-Terminate-Okta-User-Sessions-From-Entity |
๐ Standalone |
0 |
2 |
| AS-Update-Okta-Network-Zone-From-Entity |
๐ Standalone |
0 |
2 |
| AusCtisExportTaggedIndicators |
Australian Cyber Security Centre |
0 |
3 |
| AutoConnect-ASCSubscriptions |
๐ Standalone |
0 |
1 |
| Base playbook - F5 BIG-IP |
๐ Standalone |
0 |
1 |
| Block AAD user or admin - Alert |
๐ Standalone |
0 |
6 |
| Block AAD user or admin - incident |
๐ Standalone |
0 |
6 |
| Block Entra ID user - Incident |
Microsoft Entra ID |
0 |
2 |
| Block IP - F5 BIG-IP |
๐ Standalone |
0 |
2 |
| Block IP - Zscaler |
๐ Standalone |
0 |
3 |
| Block Microsoft Entra ID user - Alert |
Microsoft Entra ID |
0 |
1 |
| Block Microsoft Entra ID user - Entity trigger |
Microsoft Entra ID |
0 |
1 |
| Block Risky/Compromised User From Entrust |
Entrust identity as Service |
0 |
3 |
| Block URL - F5 BIG-IP |
๐ Standalone |
0 |
2 |
| C19IndicatorProcessor |
๐ GitHub Only |
0 |
1 |
| CDC_Dismiss_Upstream_Events |
๐ Standalone |
0 |
5 |
| Censys Ad-Hoc IOC Lookup |
Censys |
0 |
3 |
| Censys Alert Enrichment |
Censys |
0 |
3 |
| Censys Alert Rescan |
Censys |
0 |
3 |
| Censys Entity Enrichment - Certificate |
Censys |
0 |
1 |
| Censys Entity Enrichment - Host |
Censys |
0 |
1 |
| Censys Entity Enrichment - Web Property |
Censys |
0 |
1 |
| Censys Host History |
Censys |
0 |
1 |
| Censys Incident Enrichment |
Censys |
0 |
3 |
| Censys Related Infrastructure |
Censys |
0 |
3 |
| Censys Rescan |
Censys |
0 |
3 |
| Check Point Exposure Management - Credential Leak Validation and Response |
Check Point Cyberint Alerts |
0 |
1 |
| Check Point Exposure Management - Exporter (Sentinel โ Argos) |
Check Point Cyberint Alerts |
0 |
1 |
| Check Point Exposure Management - Fetch Attachments On-Demand |
Check Point Cyberint Alerts |
0 |
3 |
| Check Point Exposure Management - IOC Enrichment and Triage |
Check Point Cyberint Alerts |
0 |
4 |
| Check Point Exposure Management - Manual Status Update (Sentinel โ Argos) |
Check Point Cyberint Alerts |
0 |
1 |
| Check Point Exposure Management - Phishing Takedown |
Check Point Cyberint Alerts |
0 |
2 |
| Check Point Exposure Management - Vulnerability Exploitation Monitoring |
Check Point Cyberint Alerts |
0 |
1 |
| CiscoUmbrella-AddIpToDestinationList |
CiscoUmbrella |
0 |
3 |
| CiscoUmbrella-AssignPolicyToIdentity |
CiscoUmbrella |
0 |
2 |
| CiscoUmbrella-GetDomainInfo |
CiscoUmbrella |
0 |
3 |
| Close Cohesity Helios Incident |
CohesitySecurity |
0 |
1 |
| Close-Incident-MCAS |
๐ Standalone |
0 |
1 |
| Close-SentinelIncident-from-ServiceNow |
๐ Standalone |
0 |
2 |
| Create an Attack Simulator training simulation for users who did not report a phishing attempt |
Microsoft Defender XDR |
0 |
3 |
| Create-AzureSnapshot |
๐ GitHub Only |
0 |
2 |
| CrowdSecurity-Suspicious-Login-Detection |
๐ GitHub Only |
0 |
1 |
| Crowdstrike API authentication |
CrowdStrike Falcon Endpoint Protection |
0 |
1 |
| Crowdstrike-ResponsefromTeams |
๐ Standalone |
0 |
7 |
| Cybersixgill-Alert-Status-Update |
Cybersixgill-Actionable-Alerts |
0 |
2 |
| Cyble-IOC_Enrichment-Playbook |
Cyble Vision |
0 |
1 |
| Cyble-Threat-Intel-Playbook |
๐ Standalone |
0 |
1 |
| Cyble-ThreatIntelligence-Ingest-Playbook |
Cyble Vision |
0 |
2 |
| CybleVisionAlert_Status_Update |
Cyble Vision |
0 |
2 |
| Cyjax Ad Hoc Enrichment |
Cyjax |
0 |
1 |
| Cyjax Data Breaches |
Cyjax |
0 |
1 |
| Cyjax Domain Monitor |
Cyjax |
0 |
1 |
| Cyjax Incident Enrichment |
Cyjax |
0 |
1 |
| Cyren to CrowdStrike IOC Automation |
Cyren-CrowdStrike-ThreatIntelligence |
0 |
5 |
| Cyren to Defender TI - Playbook |
Cyren-Defender-ThreatIntelligence |
0 |
2 |
| Cyren to SentinelOne IOC Automation |
Cyren-SentinelOne-ThreatIntelligence |
0 |
6 |
| DataminrPulseAlertEnrichment |
Dataminr Pulse |
0 |
3 |
| Dataverse: Send notification to manager |
Microsoft Business Applications |
0 |
2 |
| Delete-Cybersixgill-Alert |
Cybersixgill-Actionable-Alerts |
0 |
2 |
| Druva Quarantine Playbook for Enterprise Workload |
DruvaDataSecurityCloud |
0 |
4 |
| Druva Quarantine Playbook for inSync Workloads |
DruvaDataSecurityCloud |
0 |
4 |
| Druva Quarantine Playbook for Shared Drive |
DruvaDataSecurityCloud |
0 |
3 |
| Druva Quarantine Playbook for Sharepoint |
DruvaDataSecurityCloud |
0 |
3 |
| Druva Quarantine Using Resource id |
DruvaDataSecurityCloud |
0 |
2 |
| Dynamic-Summaries-API-Upsert |
๐ Standalone |
0 |
1 |
| Endpoint enrichment - Crowdstrike |
CrowdStrike Falcon Endpoint Protection |
0 |
4 |
| Enrich Dynatrace Application Security Attack Incident |
Dynatrace |
0 |
1 |
| Enrich Dynatrace Application Security Attack with related Microsoft Defender XDR insights |
Dynatrace |
0 |
2 |
| Enrich Dynatrace Application Security Attack with related Microsoft Sentinel Security Alerts |
Dynatrace |
0 |
2 |
| Enrich file hash entities - Intezer Analyze |
๐ Standalone |
0 |
1 |
| Enrich multiple entities - AlienVault-OTX |
๐ Standalone |
0 |
4 |
| Enrich-SentinelIncident-MDATPTVM |
๐ Standalone |
0 |
1 |
| Enrichment IP - F5 BIG-IP |
๐ Standalone |
0 |
2 |
| Export-Incidents-With-Comments-Report |
๐ Standalone |
0 |
2 |
| Fetch IP Details From Entrust |
Entrust identity as Service |
0 |
2 |
| Fetch IP Details From Entrust - Entity |
Entrust identity as Service |
0 |
2 |
| Fetch User Details From Entrust |
Entrust identity as Service |
0 |
5 |
| Fetch User Details From Entrust - Entity |
Entrust identity as Service |
0 |
5 |
| Four Playbook templates - F5BigIP |
๐ Standalone |
0 |
7 |
| Get-AD4IoTDeviceCVEs - Alert |
๐ Standalone |
0 |
1 |
| Get-AD4IoTDeviceCVEs - Incident |
IoTOTThreatMonitoringwithDefenderforIoT |
0 |
1 |
| Get-AD4IoTDeviceCVEs - Incident |
๐ Standalone |
0 |
1 |
| Get-AlienVault_OTX_V2 |
๐ GitHub Only |
0 |
10 |
| Get-ASCRecommendations |
๐ Standalone |
0 |
1 |
| Get-ASCRecommendations |
๐ Standalone |
0 |
1 |
| Get-CompromisedPasswords |
๐ GitHub Only |
0 |
6 |
| Get-GeoFromIPandTagIncident-EmailAlertBasedonGeo |
๐ GitHub Only |
0 |
1 |
| Get-MachineData-EDR-SOAR-ActionsOnMachine |
๐ GitHub Only |
0 |
7 |
| Get-MDATPVulnerabilities |
๐ GitHub Only |
0 |
1 |
| Get-MDEFileActivityWithin30Mins |
๐ GitHub Only |
0 |
1 |
| Get-MDEProcessActivityWithin30Mins |
๐ GitHub Only |
0 |
1 |
| Get-MerakiData-configurationChanges |
๐ Standalone |
0 |
1 |
| Get-MerakiData-OrgSecurityEvents |
๐ Standalone |
0 |
1 |
| Get-NamedLocations |
๐ GitHub Only |
0 |
1 |
| Get-O365Data |
๐ Standalone |
0 |
2 |
| Get-Recipients-EmailMessageID-containing-URL |
๐ GitHub Only |
0 |
1 |
| Get-SecureScore-Information |
๐ GitHub Only |
0 |
5 |
| Get-TenableVlun |
๐ Standalone |
0 |
2 |
| Get-VTURLPositivesComment |
๐ GitHub Only |
0 |
1 |
| GIBTIA_APT_ThreatActor |
Group-IB |
0 |
2 |
| GIBTIA_APT_Threats |
Group-IB |
0 |
2 |
| GIBTIA_Attacks_ddos |
Group-IB |
0 |
2 |
| GIBTIA_Attacks_deface |
Group-IB |
0 |
2 |
| GIBTIA_Attacks_phishing |
Group-IB |
0 |
2 |
| GIBTIA_Attacks_phishing_kit |
Group-IB |
0 |
2 |
| GIBTIA_BP_phishing |
Group-IB |
0 |
2 |
| GIBTIA_BP_phishing_kit |
Group-IB |
0 |
2 |
| GIBTIA_Compromised_account |
Group-IB |
0 |
2 |
| GIBTIA_Compromised_card |
Group-IB |
0 |
2 |
| GIBTIA_Compromised_imei |
Group-IB |
0 |
2 |
| GIBTIA_Compromised_mule |
Group-IB |
0 |
2 |
| GIBTIA_HI_Threat |
Group-IB |
0 |
2 |
| GIBTIA_HI_Threat_Actor |
Group-IB |
0 |
2 |
| GIBTIA_Malware_cnc |
Group-IB |
0 |
2 |
| GIBTIA_Malware_Targeted_Malware |
Group-IB |
0 |
2 |
| GIBTIA_OSI_GitLeak |
Group-IB |
0 |
2 |
| GIBTIA_OSI_PublicLeak |
Group-IB |
0 |
2 |
| GIBTIA_OSI_Vulnerability |
Group-IB |
0 |
2 |
| GIBTIA_Suspicious_ip_open_proxy |
Group-IB |
0 |
2 |
| GIBTIA_Suspicious_ip_socks_proxy |
Group-IB |
0 |
2 |
| GIBTIA_Suspicious_ip_tor_node |
Group-IB |
0 |
2 |
| GreyNoise-IP-CommunityEnrichment |
๐ Standalone |
0 |
1 |
| GreyNoise-IP-Enrichment |
๐ Standalone |
0 |
2 |
| Guardicore-EnrichmentRunner |
Akamai Guardicore |
0 |
8 |
| Guardicore-Import-Assets |
๐ Standalone |
0 |
2 |
| Guardicore-Import-Incidents |
๐ Standalone |
0 |
3 |
| Guardicore-ProcessIncidentEnrichment |
Akamai Guardicore |
0 |
1 |
| Guardicore-ThreatIntel |
๐ Standalone |
0 |
1 |
| HaveIBeenPwnedEmail |
๐ Standalone |
0 |
1 |
| Illusive-SentinelIncident-Enrichment |
Illusive Active Defense |
0 |
5 |
| Illusive-SentinelIncident-Response |
Illusive Active Defense |
0 |
33 |
| Incident Assignment Shifts |
SentinelSOARessentials |
0 |
1 |
| Infoblox Import AISCOMM Weekly |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import Emails Weekly |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import Hashes Weekly |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import Hosts Daily Lookalike Domains |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import Hosts Daily MalwareC2DGA |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import Hosts Daily Phishing |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import Hosts Hourly |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import IPs Hourly |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Import URLs Hourly |
Infoblox Cloud Data Connector |
0 |
6 |
| Infoblox Incident Enrichment Domains |
Infoblox Cloud Data Connector |
0 |
1 |
| Infoblox Incident Send Email |
Infoblox Cloud Data Connector |
0 |
1 |
| Infoblox SOC Get Insight Details |
Infoblox SOC Insights |
0 |
6 |
| Infoblox SOC Get Open Insights API |
Infoblox SOC Insights |
0 |
1 |
| Infoblox SOC Import Indicators TI |
Infoblox SOC Insights |
0 |
2 |
| Infoblox-Block-Allow-IP-Domain |
Infoblox |
0 |
2 |
| Infoblox-Block-Allow-IP-Domain-Incident-Based |
Infoblox |
0 |
2 |
| Infoblox-Config-Insight-Details |
Infoblox |
0 |
1 |
| Infoblox-Config-Insights |
Infoblox |
0 |
1 |
| Infoblox-Data-Connector-Trigger-Sync |
Infoblox |
0 |
3 |
| Infoblox-Get-Host-Name |
Infoblox |
0 |
1 |
| Infoblox-Get-IP-Space-Data |
Infoblox |
0 |
1 |
| Infoblox-Get-Service-Name |
Infoblox |
0 |
1 |
| Infoblox-IPAM-Lookup |
Infoblox |
0 |
3 |
| Infoblox-SOC-Get-Insight-Details |
Infoblox |
0 |
6 |
| Infoblox-SOC-Get-Open-Insights-API |
Infoblox |
0 |
1 |
| Infoblox-SOC-Import-Indicators-TI |
Infoblox |
0 |
2 |
| Infoblox-TIDE-Lookup |
Infoblox |
0 |
1 |
| Infoblox-TIDE-Lookup-Comment-Enrichment |
Infoblox |
0 |
4 |
| InfrequentCountryTriage |
๐ GitHub Only |
0 |
6 |
| Ingest Microsoft Defender XDR insights into Dynatrace |
Dynatrace |
0 |
1 |
| Ingest Microsoft Sentinel Security Alerts into Dynatrace |
Dynatrace |
0 |
1 |
| Intel 471 Malware Intelligence to Sentinel |
Intel471 |
0 |
1 |
| IronNet_UpdateIronDefenseAlerts |
IronNet IronDefense |
0 |
11 |
| IronNet_UpdateSentinelIncidents |
IronNet IronDefense |
0 |
3 |
| IronNet_Validate_IronNet_API |
IronNet IronDefense |
0 |
9 |
| Isolate endpoint - Crowdstrike |
CrowdStrike Falcon Endpoint Protection |
0 |
3 |
| Isolate-AzureStorageAccount |
๐ Standalone |
0 |
3 |
| Isolate-AzureVMtoNSG |
๐ Standalone |
0 |
7 |
| Isolate-AzVM |
๐ Standalone |
0 |
14 |
| Jamf Protect - Remote lock computer with Jamf Pro |
Jamf Protect |
0 |
4 |
| Jamf Protect - Set Alert to In Progress |
Jamf Protect |
0 |
2 |
| Jamf Protect - Set Alert to Resolved |
Jamf Protect |
0 |
2 |
| Joshua Indicators Processor DOMAIN |
Joshua-Cyberiskvision |
0 |
2 |
| Joshua Indicators Processor EMAIL |
Joshua-Cyberiskvision |
0 |
2 |
| Joshua Indicators Processor FILE |
Joshua-Cyberiskvision |
0 |
2 |
| Joshua Indicators Processor IP |
Joshua-Cyberiskvision |
0 |
2 |
| Joshua Indicators Processor URL |
Joshua-Cyberiskvision |
0 |
2 |
| Joshua Intel Enrichment File |
Joshua-Cyberiskvision |
0 |
1 |
| Joshua Intel Enrichment IP |
Joshua-Cyberiskvision |
0 |
1 |
| Joshua Intel Enrichment URL |
Joshua-Cyberiskvision |
0 |
1 |
| MDTI-Automated-Triage |
Microsoft Defender Threat Intelligence |
0 |
2 |
| MDTI-Data-Cookies |
Microsoft Defender Threat Intelligence |
0 |
2 |
| MDTI-Data-PassiveDns |
Microsoft Defender Threat Intelligence |
0 |
2 |
| MDTI-Data-ReverseDnS |
Microsoft Defender Threat Intelligence |
0 |
2 |
| MDTI-Data-Trackers |
Microsoft Defender Threat Intelligence |
0 |
2 |
| MDTI-Data-WebComponents |
Microsoft Defender Threat Intelligence |
0 |
2 |
| MDTI-Intel-Reputation |
Microsoft Defender Threat Intelligence |
0 |
2 |
| Mimecast-Data-Connector-Trigger-Sync |
Mimecast |
0 |
3 |
| MTI Threat Actor Lookup |
๐ Standalone |
0 |
4 |
| NCSCNLShareSTIXBundle |
NCSC-NL NDN Cyber Threat Intelligence Sharing |
0 |
4 |
| NetApp Ransomware Resilience Async Poll Playbook |
NetApp Ransomware Resilience |
0 |
3 |
| NetApp Ransomware Resilience Authentication Playbook |
NetApp Ransomware Resilience |
0 |
1 |
| NetApp Ransomware Resilience Enrich IP Playbook |
NetApp Ransomware Resilience |
0 |
3 |
| NetApp Ransomware Resilience Enrich StorageVM Playbook |
NetApp Ransomware Resilience |
0 |
2 |
| NetApp Ransomware Resilience Volume Offline Playbook |
NetApp Ransomware Resilience |
0 |
3 |
| NetApp Ransomware Resilience Volume Snapshot Playbook |
NetApp Ransomware Resilience |
0 |
3 |
| NetskopeDataConnectorsTriggerSync |
Netskopev2 |
0 |
3 |
| Notify Sentinel Incident Creation and Update to Torq Webhook |
Torq |
0 |
1 |
| Notify-ASCAlertAzureResource |
๐ Standalone |
0 |
2 |
| OktaEvents-to-Sentinel |
๐ Standalone |
0 |
1 |
| Open-ServiceDeskPlusOnDemand-Ticket |
๐ Standalone |
0 |
1 |
| Post Message Slack Via Webhook |
๐ Standalone |
0 |
1 |
| Post-Tags-And-Comments-To-Your-IntSights-Account |
๐ Standalone |
0 |
2 |
| Pure Storage FlashBlade File System Snapshot |
Pure Storage |
0 |
4 |
| Pure Storage Protection Group Snapshot |
Pure Storage |
0 |
4 |
| Pure Storage User Deletion |
Pure Storage |
0 |
4 |
| Pure Storage Volume Snapshot |
Pure Storage |
0 |
4 |
| Put CanaryTokens webhook alerts to Custom Logs table |
๐ Standalone |
0 |
1 |
| Put Defender for Endpoint Alert as Hunting ARM Template in GitHub Rep |
๐ Standalone |
0 |
3 |
| Query Azure Monitor with managed identity |
๐ Standalone |
0 |
1 |
| Query Azure Resource Graph with HTTP input and output |
๐ Standalone |
0 |
2 |
| Reopen-Incident-With-Incomplete-Tasks |
๐ Standalone |
0 |
1 |
| Reset Microsoft Entra ID User Password - Alert Trigger |
Microsoft Entra ID |
0 |
2 |
| Reset Microsoft Entra ID User Password - Entity trigger |
Microsoft Entra ID |
0 |
2 |
| Reset Microsoft Entra ID User Password - Incident Trigger |
Microsoft Entra ID |
0 |
2 |
| Restore From Last Cohesity Snapshot |
CohesitySecurity |
0 |
1 |
| Restrict MDE Domain - Alert Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE Domain - Entity Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE Domain - Incident Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE FileHash - Alert Triggered |
MicrosoftDefenderForEndpoint |
0 |
2 |
| Restrict MDE FileHash - Entity Triggered |
MicrosoftDefenderForEndpoint |
0 |
2 |
| Restrict MDE FileHash - Incident Triggered |
MicrosoftDefenderForEndpoint |
0 |
2 |
| Restrict MDE Ip Address - Alert Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE Ip Address - Entity Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE Ip Address - Incident Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE Url - Alert Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE URL - Entity Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Restrict MDE Url - Incident Triggered |
MicrosoftDefenderForEndpoint |
0 |
1 |
| Retrieve Alert from Microsoft Sentinel and Trigger a Blink Workflow via Webhook |
BlinkOps |
0 |
1 |
| Retrieve Incident from Microsoft Sentinel and Trigger a Blink Workflow via Webhook |
BlinkOps |
0 |
1 |
| ReversingLabs-CheckQuota |
ReversingLabs |
0 |
6 |
| Revoke Entra ID Sign-in session using entity trigger |
Microsoft Entra ID |
0 |
1 |
| Revoke Entra ID SignIn Sessions - incident trigger |
Microsoft Entra ID |
0 |
1 |
| Revoke-Entra ID SignInSessions alert trigger |
Microsoft Entra ID |
0 |
1 |
| Rubrik Advanced Threat Hunt |
RubrikSecurityCloud |
0 |
2 |
| Rubrik Anomaly Analysis |
RubrikSecurityCloud |
0 |
9 |
| Rubrik Anomaly Generate Downloadable Link |
RubrikSecurityCloud |
0 |
2 |
| Rubrik Data Object Discovery |
RubrikSecurityCloud |
0 |
3 |
| Rubrik File Object Context Analysis |
RubrikSecurityCloud |
0 |
5 |
| Rubrik Fileset Ransomware Discovery |
RubrikSecurityCloud |
0 |
1 |
| Rubrik IOC Scan |
RubrikSecurityCloud |
0 |
4 |
| Rubrik Poll Async Result |
RubrikSecurityCloud |
0 |
2 |
| Rubrik Ransomware Discovery and File Recovery |
RubrikSecurityCloud |
0 |
4 |
| Rubrik Ransomware Discovery and VM Recovery |
RubrikSecurityCloud |
0 |
9 |
| Rubrik Retrieve User Intelligence Information |
RubrikSecurityCloud |
0 |
2 |
| Rubrik Turbo Threat Hunt |
RubrikSecurityCloud |
0 |
2 |
| Rubrik Update Anomaly Status |
RubrikSecurityCloud |
0 |
1 |
| Rubrik Update Anomaly Status Via Incident |
RubrikSecurityCloud |
0 |
3 |
| Rubrik User Intelligence Analysis |
RubrikSecurityCloud |
0 |
3 |
| RubrikWorkloadAnalysis |
RubrikSecurityCloud |
0 |
2 |
| Run-AzureVMPacketCapture |
๐ Standalone |
0 |
2 |
| Run-Notebook-After-Incident-Creation |
๐ Standalone |
0 |
2 |
| SAP - Lock User (Agentless Basic) |
SAP |
0 |
4 |
| Send incident email with XDR Portal links |
SentinelSOARessentials |
0 |
1 |
| Send incident Teams Adaptive Card with XDR Portal links |
SentinelSOARessentials |
0 |
1 |
| Send Microsoft Sentinel Incident To Cyware Orchestrate |
Cyware |
0 |
1 |
| Send-AnalyticalRulesHealthNotifications |
๐ Standalone |
0 |
1 |
| Send-UrlReport |
๐ Standalone |
0 |
1 |
| SlashNext Web Access Log Assessment |
SlashNext |
0 |
4 |
| SOCRadar-Alarm-Import |
SOCRadar |
0 |
6 |
| SOCRadar-Alarm-Sync |
SOCRadar |
0 |
4 |
| Spur IP Enrichment |
Spur |
0 |
2 |
| Spur IP Enrichment |
Spur |
0 |
2 |
| spur_alert |
๐ Standalone |
0 |
1 |
| spur_alert |
๐ Standalone |
0 |
1 |
| StealthTalk - Alert to Microsoft Teams |
StealthTalk |
0 |
1 |
| Sync - Incident Comment To M365D On Update |
๐ Standalone |
0 |
1 |
| Sync Jira from Sentinel - Create incident |
AtlassianJiraAudit |
0 |
1 |
| Sync Jira to Sentinel - Assigned User |
AtlassianJiraAudit |
0 |
1 |
| Sync-Comments-to-M365Defender |
๐ GitHub Only |
0 |
1 |
| TacitRed to CrowdStrike IOC Automation |
TacitRed-IOC-CrowdStrike |
0 |
3 |
| TacitRed to SentinelOne IOC Automation |
TacitRed-SentinelOne |
0 |
2 |
| Tanium-ComplyFindings |
Tanium |
0 |
3 |
| Tanium-GeneralHostInfo |
Tanium |
0 |
3 |
| Tanium-ListSecurityPatches |
Tanium |
0 |
3 |
| Tanium-MSDefenderHealth |
Tanium |
0 |
3 |
| Tanium-QuarantineHosts |
Tanium |
0 |
11 |
| Tanium-ResolveThreatResponseAlert |
Tanium |
0 |
1 |
| Tanium-SCCMClientHealth |
Tanium |
0 |
3 |
| Tanium-UnquarantineHosts |
Tanium |
0 |
11 |
| Team Cymru Scout Enrich Incident |
Team Cymru Scout |
0 |
2 |
| Team Cymru Scout Live Investigation |
Team Cymru Scout |
0 |
7 |
| TritonPlayook |
๐ GitHub Only |
0 |
2 |
| Update Watchlist - CVE IPs by GreyNoise |
๐ Standalone |
0 |
5 |
| Update-NamedLocations-TOR |
๐ GitHub Only |
0 |
4 |
| Update-VIPUsers-Watchlist-from-AzureAD-Group |
๐ Standalone |
0 |
4 |
| Update-Watchlist-With-NamedLocations |
๐ GitHub Only |
0 |
2 |
| UserEnrichment.template |
๐ GitHub Only |
0 |
16 |
| Vaikora AI Agent Signals to CrowdStrike |
Vaikora-CrowdStrike-ThreatIntelligence |
0 |
3 |
| Vaikora AI Agent Signals to SentinelOne |
Vaikora-SentinelOne-ThreatIntelligence |
0 |
4 |
| Vaikora to Microsoft Defender for Cloud |
VaikoraSecurityCenter |
0 |
1 |
| Vectra Add Note To Entity |
Vectra XDR |
0 |
2 |
| Vectra Add Tag To Entity |
Vectra XDR |
0 |
2 |
| Vectra Add Tag To Entity All Detections |
Vectra XDR |
0 |
3 |
| Vectra Add Tag To Entity Selected Detections |
Vectra XDR |
0 |
3 |
| Vectra Assign Dynamic User To Entity |
Vectra XDR |
0 |
5 |
| Vectra Assign Static User To Entity |
Vectra XDR |
0 |
4 |
| Vectra Close Detections |
Vectra XDR |
0 |
3 |
| Vectra Decorate Incident Based On Tag |
Vectra XDR |
0 |
1 |
| Vectra Decorate Incident Based On Tags And Notify |
Vectra XDR |
0 |
1 |
| Vectra Download Pcap File To Storage |
Vectra XDR |
0 |
3 |
| Vectra Dynamic Assign Member To Group |
Vectra XDR |
0 |
2 |
| Vectra Dynamic Resolve Assignment |
Vectra XDR |
0 |
5 |
| Vectra Generate Access Token |
Vectra XDR |
0 |
5 |
| Vectra Mark Detections As Fixed |
Vectra XDR |
0 |
3 |
| Vectra Open Closed Detections |
Vectra XDR |
0 |
2 |
| Vectra Operate On Entity Source IP |
Vectra XDR |
0 |
1 |
| Vectra Static Assign Member To Group |
Vectra XDR |
0 |
1 |
| Vectra Static Resolve Assignment |
Vectra XDR |
0 |
4 |
| Vectra Update Incident Based on Tag And Notify |
Vectra XDR |
0 |
2 |
| Veeam-ChangeCollectionTime |
Veeam |
0 |
2 |
| Veeam-SetupConnections |
Veeam |
0 |
22 |
| Watchlist-SendSQLData-Watchlist |
๐ Standalone |
0 |
3 |
| workflow |
SAP |
0 |
1 |
| workflow |
SAP |
0 |
1 |
| Zscaler OAuth2 Authentication |
Zscaler Internet Access |
0 |
1 |
| Zscaler OAuth2 Blacklist URL |
Zscaler Internet Access |
0 |
2 |
| Zscaler OAuth2 Block IP |
Zscaler Internet Access |
0 |
2 |
| Zscaler OAuth2 Block URL |
Zscaler Internet Access |
0 |
2 |
| Zscaler OAuth2 Lookup IP |
Zscaler Internet Access |
0 |
1 |
| Zscaler OAuth2 Lookup URL |
Zscaler Internet Access |
0 |
1 |
| Zscaler OAuth2 Unblock IP |
Zscaler Internet Access |
0 |
2 |
| Zscaler OAuth2 Unblock URL |
Zscaler Internet Access |
0 |
2 |
| Zscaler URL category lookup |
๐ Standalone |
0 |
2 |
| Zscaler-Oauth2-UnblacklistURL |
Zscaler Internet Access |
0 |
1 |
| Zscaler-Oauth2-WhitelistURL |
Zscaler Internet Access |
0 |
2 |