Document toolboxDocument toolbox

Randori

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
18 min read
[ 1 Connect Randori with Devo SOAR ] [ 2 Actions for Randori ] [ 2.1 Get All Detections For Target ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 2.2 Get Hostname ] [ 2.2.1 Input Field ] [ 2.2.2 Output ] [ 2.3 Get Hostnames for IP ] [ 2.3.1 Input Field ] [ 2.3.2 Output ] [ 2.4 Get IP ] [ 2.4.1 Input Field ] [ 2.4.2 Output ] [ 2.5 Get IPs for Hostname ] [ 2.5.1 Input Field ] [ 2.5.2 Output ] [ 2.6 Get IPs for Service ] [ 2.6.1 Input Field ] [ 2.6.2 Output ] [ 2.7 Get Network ] [ 2.7.1 Input Field ] [ 2.7.2 Output ] [ 2.8 Get Ports for IP ] [ 2.8.1 Input Field ] [ 2.8.2 Output ] [ 2.9 Get Service ] [ 2.9.1 Input Field ] [ 2.9.2 Output ] [ 2.10 Get Single Hostname ] [ 2.10.1 Input Field ] [ 2.10.2 Output ] [ 2.11 Get Single Hostnames for IP ] [ 2.11.1 Input Field ] [ 2.11.2 Output ] [ 2.12 Get Single IP ] [ 2.12.1 Input Field ] [ 2.12.2 Output ] [ 2.13 Get Single Target ] [ 2.13.1 Input Field ] [ 2.13.2 Output ] [ 2.14 Get Statistics ] [ 2.14.1 Input Field ] [ 2.14.2 Output ] [ 2.15 Get Target ] [ 2.15.1 Input Field ] [ 2.15.2 Output ] [ 2.16 Impact Score Groups ] [ 2.16.1 Input Field ] [ 2.16.2 Output ] [ 2.17 Priority Groups ] [ 2.17.1 Input Field ] [ 2.17.2 Output ] [ 2.18 Status Groups ] [ 2.18.1 Input Field ] [ 2.18.2 Output ] [ 2.19 Target Temptation Groups ] [ 2.19.1 Input Field ] [ 2.19.2 Output ] [ 2.20 Patch Hostname ] [ 2.20.1 Input Field ] [ 2.20.2 Output ] [ 2.21 Patch IP ] [ 2.21.1 Input Field ] [ 2.21.2 Output ] [ 2.22 Patch Network ] [ 2.22.1 Input Field ] [ 2.22.2 Output ] [ 2.23 Patch Social Entity ] [ 2.23.1 Input Field ] [ 2.23.2 Output ] [ 2.24 Patch Target ] [ 2.24.1 Input Field ] [ 2.24.2 Output ] [ 2.25 Impact Score Groups ] [ 2.25.1 Input Field ] [ 2.25.2 Output ] [ 2.26 Priority Groups ] [ 2.26.1 Input Field ] [ 2.26.2 Output ] [ 2.27 Status Groups ] [ 2.27.1 Input Field ] [ 2.27.2 Output ] [ 2.28 Target Temptation Groups ] [ 2.28.1 Input Field ] [ 2.28.2 Output ] [ 2.29 Patch Hostname ] [ 2.29.1 Input Field ] [ 2.30 Patch IP ] [ 2.31 Patch Network ] [ 2.32 Patch Social Entity ] [ 2.33 Patch Target ] [ 3 Release Notes ]

Randori recon provides a continuous view of your external perimeter to reduce the risks of shadow IT, misconfigurations, and process failures.

Connect Randori with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Accenture MSS.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Server URL (Optional): Application server url to connect to the Randori (Default is https://app.randori.io).

  9. API Key: The API Key to connect to the Obsidian.

  10. After you've entered all the details, click Connect.

Actions for Randori

Get All Detections For Target

Search all detections for target objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending. Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of detections for target objects.

Get Hostname

Search hostname objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

JInja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field.

 

Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

 

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending.

 

Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

 

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of hostname objects.

Get Hostnames for IP

Search hostnames for IP objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending. Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of hostnames for ip objects.

Get IP

Search IP objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending.

 

Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

 

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of IP objects.

Get IPs for Hostname

Search IPs for hostname objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending. Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of IPs for hostname objects.

Get IPs for Service

Search IPs for service objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending.

 

Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

 

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of IPs for service objects.

Get Network

Search network objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending.

 

Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

 

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of network objects.

Get Ports for IP

Search ports for IP objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending.

 

Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

 

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of ports for ip objects.

Get Service

Search service objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending. Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of service objects.

Get Single Hostname

Get one hostname object by ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

ID

Column name from the parent table to lookup value for the ID.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Hostname object details.

Get Single Hostnames for IP

Get one hostname for the IP of an object by ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

ID

Column name from the parent table to lookup value for id.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Hostname for ip of object details.

Get Single IP

Get one IP object by ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

ID

Column name from the parent table to lookup value for the ID.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: IP object details.

Get Single Target

Get one target object by ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

ID

Column name from the parent table to lookup value for the ID.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Target object details.

Get Statistics

Search statistics objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending. Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Interval

Number of records to skip between responses (Default is 0 interval).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of statistics objects.

Get Target

Search target objects with an optional filter.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing the query to use, jquery querybuilder complex search field. Example: {\"condition\":\"AND\",\"rules\":[{\"field\":\"table.id\",\"operator\":\"{{operator_column_name}}\",\"value\":\"{{value_column_name}}\"}]}.

Optional

Jinja Template for Sort

Jinja-templated query containing comma-separated values of sort. Fields in the object to sort by, in order of precedence, minus indicates descending.

 

Example:{{sort_column_name1}}, {{sort_column_name2}}.

Optional

 

Reversed Nulls

Select option for reversed nulls, If set as True, sorts nulls as if smaller than any non-null value for all sort parameters, otherwise treats as if larger. (Default is False).

Optional

Offset

Offset into available records after filtering (Default is 0).

Optional

Limit

Maximum number of records to return (Default is 2000 records).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: List of target objects.

Impact Score Groups

Return counts of a given entity type grouped by impact score.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime.

 

Example: '2021-01-24T18:02:13+05:30'.

Required

 

Entity Type

Select option for entity type. (Default is POC).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return impact score counts.

Priority Groups

Return counts of a given entity type grouped by priority score ranges. This depends on the requester to provide sane ranges; ranges are evaluated in order so overlaps wont yield duplicate results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime. Example: '2021-01-24T18:02:13+05:30'.

Required

Range Minimum

The minimum number allowed for range.

Required

Range Maximum

The maximum number allowed for range.

Required

Range Name

Select option for range name. (Default is Medium).

Optional

Entity Type

Select option for entity type. (Default is POC).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return priority counts.

Status Groups

Return counts of a given entity type grouped by status.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime. Example: '2021-01-24T18:02:13+05:30'.

Required

Entity Type

Select option for entity type. (Default is POC).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return status counts.

Target Temptation Groups

Return counts of a given entity type grouped by target temptation score ranges. This depends on the requester to provide sane ranges; ranges are evaluated in order so overlaps wont yield duplicate results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime. Example: '2021-01-24T18:02:13+05:30'.

Required

Range Minimum

The minimum number allowed for range.

Required

Range Maximum

The maximum number allowed for range.

Required

Range Name

Select option for range name. (Default is Medium).

Optional

Entity Type

Select option for entity type. (Default is Target).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return target temptation counts.

Patch Hostname

Bulk patch hostname records.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing query to use, jquery querybuilder complex search field.

 

Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

Required

 

Affiliation State

Select option for affiliation state. (Default is empty string).

Optional

Impact Score

Select option for impact score. (Default is empty string).

Optional

Status

Select option for status. (Default is empty string).

Optional

Jinja Template for Operation

Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

Optional

Jinja Template for Path

Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Optional

Jinja Template for Value

Jinja-templated query containing value, 'Operation' and 'Path' are required with Value.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch IP

Bulk patch IP records.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing query to use, jquery querybuilder complex search field.

 

Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

Required

 

Affiliation State

Select option for affiliation state. (Default is empty string).

Optional

Impact Score

Select option for impact score. (Default is empty string).

Optional

Status

Select option for status. (Default is empty string).

Optional

Jinja Template for Operation

Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

Optional

Jinja Template for Path

Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Optional

Jinja Template for Value

Jinja-templated query containing value, 'Operation' and 'Path' are required with Value.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch Network

Bulk patch network records.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing query to use, jquery querybuilder complex search field.

 

Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

Required

 

Affiliation State

Select option for affiliation state. (Default is empty string).

Optional

Impact Score

Select option for impact score. (Default is empty string).

Optional

Status

Select option for status. (Default is empty string).

Optional

Jinja Template for Operation

Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

Optional

Jinja Template for Path

Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Optional

Jinja Template for Value

Jinja-templated query containing value, 'Operation' and 'Path' are required with Value.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch Social Entity

Bulk patch social entity records.

Input Field

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing query to use, jquery querybuilder complex search field.

 

Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

Required

 

Affiliation State

Select option for affiliation state. (Default is empty string).

Optional

Authorization State

Select option for authorization state. (Default is empty string).

Optional

Impact Score

Select option for impact score. (Default is empty string).

Optional

Status

Select option for status. (Default is empty string).

Optional

Jinja Template for Operation

Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

Optional

Jinja Template for Path

Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Optional

Jinja Template for Value

Jinja-templated query containing value, 'Operation' and 'Path' are required with Value.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch Target

Bulk patch target records.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for Query

Jinja-templated query containing query to use, jquery querybuilder complex search field.

 

Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

Required

 

Affiliation State

Select option for affiliation state. (Default is empty string).

Optional

Authorization State

Select option for authorization state. (Default is empty string).

Optional

Impact Score

Select option for impact score. (Default is empty string).

Optional

Status

Select option for status. (Default is empty string).

Optional

Jinja Template for Operation

Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

Optional

Jinja Template for Path

Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Optional

Jinja Template for Value

Jinja-templated query containing value, 'Operation' and 'Path' are required with Value.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Skip to content
Using Gmail with screen readers
Meet
New meeting
Join a meeting
Hangouts
Conversations

Draft

(no subject)

  • Jinja-templated query containing query to use, jquery querybuilder complex search field. Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id
    Attachment:doc.txt

    1:04 AM

Draft

(no subject)

  • Get IPs for Hostname Search IPs for hostname objects with an optional filter. Inputs to this Action: * Connection: Choose a connection that you have crea

    12:07 AM

Draft

(no subject)

  • { "data": { "status": "Needs Investigation" }, "q": { "condition": "OR", "rules": [ { "id": "table.id", "field": "table.id", "type": "object", "input": "text",

    8:54 PM
    0 GB (0%) of 15 GB used
    Manage
    Terms · Privacy · Program Policies
    Last account activity: 11 hours ago
    Details

Impact Score Groups

Return counts of a given entity type grouped by impact score.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime.

 

Example: '2021-01-24T18:02:13+05:30'.

Required

 

Entity Type

Select option for entity type. (Default is POC).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return impact score counts.

Priority Groups

Return counts of a given entity type grouped by priority score ranges. This depends on the requester to provide sane ranges; ranges are evaluated in order so overlaps wont yield duplicate results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime. Example: '2021-01-24T18:02:13+05:30'.

Required

Range Minimum

The minimum number allowed for range.

Required

Range Maximum

The maximum number allowed for range.

Required

Range Name

Select option for range name. (Default is Medium).

Optional

Entity Type

Select option for entity type. (Default is POC).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return priority counts.

Status Groups

Return counts of a given entity type grouped by status.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime. Example: '2021-01-24T18:02:13+05:30'.

Required

Entity Type

Select option for entity type. (Default is POC).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return status counts.

Target Temptation Groups

Return counts of a given entity type grouped by target temptation score ranges. This depends on the requester to provide sane ranges; ranges are evaluated in order so overlaps wont yield duplicate results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Jinja Template for First Seen

Jinja-templated query containing first seen in datetime. Example: '2021-01-24T18:02:13+05:30'.

Required

Range Minimum

The minimum number allowed for range.

Required

Range Maximum

The maximum number allowed for range.

Required

Range Name

Select option for range name. (Default is Medium).

Optional

Entity Type

Select option for entity type. (Default is Target).

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return target temptation counts.

Patch Hostname

Bulk patch hostname records.

Input Field

  • Connection: Choose a connection that you have created.

  • Jinja Template for Query: Jinja-templated query containing query to use, jquery querybuilder complex search field. Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

  • Affiliation State (Optional): Select option for affiliation state. (Default is empty string).

  • Impact Score (Optional): Select option for impact score. (Default is empty string).

  • Status (Optional): Select option for status. (Default is empty string).

  • Jinja Template for Operation (Optional): Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

  • Jinja Template for Path (Optional): Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Output of Action:
A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch IP

Bulk patch IP records.

Inputs to this Action:

  • Connection: Choose a connection that you have created.

  • Jinja Template for Query: Jinja-templated query containing query to use, jquery querybuilder complex search field. Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

  • Affiliation State (Optional): Select option for affiliation state. (Default is empty string).

  • Impact Score (Optional): Select option for impact score. (Default is empty string).

  • Status (Optional): Select option for status. (Default is empty string).

  • Jinja Template for Operation (Optional): Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

  • Jinja Template for Path (Optional): Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Output of Action:
A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch Network

Bulk patch network records.

Inputs to this Action:

  • Connection: Choose a connection that you have created.

  • Jinja Template for Query: Jinja-templated query containing query to use, jquery querybuilder complex search field. Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

  • Affiliation State (Optional): Select option for affiliation state. (Default is empty string).

  • Impact Score (Optional): Select option for impact score. (Default is empty string).

  • Status (Optional): Select option for status. (Default is empty string).

  • Jinja Template for Operation (Optional): Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

  • Jinja Template for Path (Optional): Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Output of Action:
A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch Social Entity

Bulk patch social entity records.

Inputs to this Action:

  • Connection: Choose a connection that you have created.

  • Jinja Template for Query: Jinja-templated query containing query to use, jquery querybuilder complex search field. Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

  • Affiliation State (Optional): Select option for affiliation state. (Default is empty string).

  • Authorization State (Optional): Select option for authorization state. (Default is empty string).

  • Impact Score (Optional): Select option for impact score. (Default is empty string).

  • Status (Optional): Select option for status. (Default is empty string).

  • Jinja Template for Operation (Optional): Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

  • Jinja Template for Path (Optional): Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Output of Action:
A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

Patch Target

Bulk patch target records.

Inputs to this Action:

  • Connection: Choose a connection that you have created.

  • Jinja Template for Query: Jinja-templated query containing query to use, jquery querybuilder complex search field. Example: {"condition":"AND","rules":[{"id":"table.id","field":"table.id","input":"text","type":"object","operator":"{{operator_column_name}}","value":"{{value_column_name}}"}]}.

  • Affiliation State (Optional): Select option for affiliation state. (Default is empty string).

  • Authorization State (Optional): Select option for authorization state. (Default is empty string).

  • Impact Score (Optional): Select option for impact score. (Default is empty string).

  • Status (Optional): Select option for status. (Default is empty string).

  • Jinja Template for Operation (Optional): Jinja-templated query containing operation, 'Path' and 'Value' are required with Operation.

  • Jinja Template for Path (Optional): Jinja-templated query containing path for target location, 'Operation' and 'Value' are required with Path.

Output of Action:
A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: Return count of records.

doc.txt
Displaying doc.txt.

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem