Atomic Actions
Atomic actions are small, self-contained workflows that are similar to a function in traditional programming. They can consume input, perform various actions, and then return output. They are designed to be portable, reusable, and make building workflows more efficient. If the workflow is a script, the atomic action serves as a function within that script. Atomic actions most commonly provide activities in the Workflow Editor via API calls to the associated product adapters.
The following atomic action types are available out-of-box:
Atomic actions that are system objects are built into the Automation platform. They're available in all Automation tenants without needing to be imported. You still need to import any non-system atomics before importing the workflow. All of the workflows that Cisco publishes have been updated to use the new system objects. This makes them much simpler to import, as most of the prerequisite objects are already included in your tenant. You cannot modify or export system objects.
-
API Console - Generate Access Token
-
Check Point Quantum Smart-1 - Create Access Rule
-
Check Point Quantum Smart-1 - Create DNS Domain Object
-
Check Point Quantum Smart-1 - Create Host Object
-
Check Point Quantum Smart-1 - Create Network Object
-
Check Point Quantum Smart-1 - Create Network Object Group
-
Check Point Quantum Smart-1 - Discard session
-
Check Point Quantum Smart-1 - End Session
-
Check Point Quantum Smart-1 - Get Network Object Group
-
Check Point Quantum Smart-1 - List DNS Domain Objects
-
Check Point Quantum Smart-1 - List Host Objects
-
Check Point Quantum Smart-1 - List Network Object Groups
-
Check Point Quantum Smart-1 - List Network Objects
-
Check Point Quantum Smart-1 - Publish Changes
-
Check Point Quantum Smart-1 - Start Session
-
Check Point Quantum Smart-1 - Update Network Group Members
-
Cisco Defense Orchestrator - Get Devices
-
Cisco PSIRT openVuln - Search Advisories by CVE
-
Cisco PSIRT openVuln - Search Advisories by Product Name
-
Cisco PSIRT openVuln - Search Advisories by Severity
-
Cisco Threat Response - Create Casebook
-
Cisco Threat Response - Create Incident
-
Cisco Threat Response - Create Judgement
-
Cisco Threat Response - Create Relationship
-
Cisco Threat Response - Create Sighting
-
Cisco Threat Response - Deliberate Observable
-
Cisco Threat Response - Enrich Observable
-
Cisco Threat Response - Generate Access Token
-
Cisco Threat Response - Inspect for Observables
-
Cisco Threat Response - List Response Actions
-
Cisco Threat Response - Search Incidents
-
Cisco Threat Response - Search Relationships
-
Cisco Threat Response - Trigger Response Action
-
Cisco Vulnerability Management - Add Tag to Asset
-
Cisco Vulnerability Management - Get All Fixes
-
Cisco Vulnerability Management - Get Asset by ID
-
Cisco Vulnerability Management - Get Fix by ID
-
Cisco Vulnerability Management - Get Top Fixes
-
Cisco Vulnerability Management - Get Vulnerabilities by Asset ID
-
Cisco Vulnerability Management - List Asset Groups
-
Cisco Vulnerability Management - List Connectors
-
Cisco Vulnerability Management - List Tags for Asset
-
Cisco Vulnerability Management - Relate Vulnerability to ServiceNow Incident
-
Cisco Vulnerability Management - Remove Tag from Asset
-
Cisco Vulnerability Management - Search Assets
-
Cisco Vulnerability Management - Search Vulnerabilities
-
Cisco Vulnerability Management - Get File Hashes by CVE
-
CrowdStrike - Create Custom IOC
-
CrowdStrike - Execute Host Actions
-
CrowdStrike - Get Access Token
-
CrowdStrike - Get Actor by ID
-
CrowdStrike - Get Alert by ID
-
CrowdStrike - Get All CVEs by Host
-
CrowdStrike - Get Detection by ID
-
CrowdStrike - Get Host NIC Details
-
CrowdStrike - Get Host Online Status
-
CrowdStrike - Get Hosts by IDs
-
CrowdStrike - Get Incident Behaviors by Incident ID
-
CrowdStrike - Get Incident by ID
-
CrowdStrike - Get Recent Logins for Host
-
CrowdStrike - Search Actors
-
CrowdStrike - Search Detections
-
CrowdStrike - Search Hosts
-
CrowdStrike - Search Incident Behaviors
-
CrowdStrike - Search Incidents
-
CrowdStrike - Search Indicators
-
CrowdStrike - Show CrowdScores
-
Cybereason - Add Sensors to Group
-
Cybereason - Get Authorization Cookie
-
Cybereason - Get Live File Search Results
-
Cybereason - Get Sensor Groups
-
Cybereason - Isolate Host
-
Cybereason - Perform Live File Search
-
Cybereason - Remove Sensors from Group
-
Cybereason - Search Sensors
-
Cybereason - Set IOC Reputation
-
Cybereason - Unisolate Host
-
Darktrace DETECT & RESPOND - Add Observables to Intelfeed
-
Darktrace DETECT & RESPOND - Add Tag to Device
-
Darktrace DETECT & RESPOND - Clear Antigena Action
-
Darktrace DETECT & RESPOND - Create New Tag
-
Darktrace DETECT & RESPOND - Create PCAP File
-
Darktrace DETECT & RESPOND - Execute Antigena Action
-
Darktrace DETECT & RESPOND - Get All Tags
-
Darktrace DETECT & RESPOND - Get Antigena Information
-
Darktrace DETECT & RESPOND - Get Connections and Events
-
Darktrace DETECT & RESPOND - Get Device by ID
-
Darktrace DETECT & RESPOND - Get Device Information
-
Darktrace DETECT & RESPOND - Get Similar Devices
-
Darktrace DETECT & RESPOND - Get Tag by ID or Name
-
Darktrace DETECT & RESPOND - Remove Observable from Intelfeed
-
Darktrace DETECT & RESPOND - Remove Tag from Device
-
Darktrace DETECT & RESPOND - Search Devices
-
Defense Orchestrator - Get Devices
-
Duo - Admin - Add User to Group
-
Duo - Admin - Get Admin Logs
-
Duo - Admin - Get Admins
-
Duo - Admin - Get Authentication Logs
-
Duo - Admin - Get Endpoints
-
Duo - Admin - Get Groups
-
Duo - Admin - Get Integrations
-
Duo - Admin - Get Settings
-
Duo - Admin - Get User
-
Duo - Admin - Remove User from Group
-
Duo - Auth - Authenticate
-
Duo - Auth - Authentication Status
-
Duo - Auth - Check
-
Duo - Auth - Enroll
-
Duo - Auth - Enrollment Status
-
Duo - Auth - PreAuth
-
Elastic Cloud - Create Document
-
Elastic Cloud - Search Documents
-
Elastic Cloud - Update Document
-
ExtraHop Reveal(x) 360 - Add Device to Watchlist
-
ExtraHop Reveal(x) 360 - Assign Device to Device Group
-
ExtraHop Reveal(x) 360 - Get Access Token
-
ExtraHop Reveal(x) 360 - Get Device by ID
-
ExtraHop Reveal(x) 360 - Get Device DNS Names
-
ExtraHop Reveal(x) 360 - Get Device Group by ID
-
ExtraHop Reveal(x) 360 - Get Device Group Devices
-
ExtraHop Reveal(x) 360 - Get Device Groups
-
ExtraHop Reveal(x) 360 - Get Device Groups for Device
-
ExtraHop Reveal(x) 360 - Get Device IP Addresses
-
ExtraHop Reveal(x) 360 - Get Watchlist Devices
-
ExtraHop Reveal(x) 360 - Remove Device from Device Group
-
ExtraHop Reveal(x) 360 - Remove Device from Watchlist
-
ExtraHop Reveal(x) 360 - Search Detections
-
ExtraHop Reveal(x) 360 - Search Devices
-
ISE - ERS - ANC Policy - Apply to Endpoint
-
ISE - ERS - ANC Policy - Clear from Endpoint
-
ISE - ERS - ANC Policy - Get by Name
-
ISE - ERS - Endpoint - Create Endpoint
-
ISE - ERS - Endpoint - Get by ID
-
ISE - ERS - Endpoint - Search
-
ISE - ERS - Endpoint - Update Identity Group
-
ISE - ERS - Endpoint - Update Profiler Policy
-
ISE - ERS - Endpoint Identity Group - Get by Name
-
ISE - ERS - Profiler Policy - Get by Name
-
Jamf Pro - Computer - Add to Static Group
-
Jamf Pro - Computer - Execute Command
-
Jamf Pro - Computer - Fetch Advanced Search
-
Jamf Pro - Computer - Get by ID
-
Jamf Pro - Computer - Remove from Static Group
-
Jamf Pro - Computer - Search
-
Jamf Pro - Mobile Device - Add to Static Group
-
Jamf Pro - Mobile Device - Execute Command
-
Jamf Pro - Mobile Device - Fetch Advanced Search
-
Jamf Pro - Mobile Device - Get by ID
-
Jamf Pro - Mobile Device - Remove from Static Group
-
Jamf Pro - Mobile Device - Search
-
Jira Cloud - Add Comment to Issue
-
Jira Cloud - Add Watcher to Issue
-
Jira Cloud - Assign Issue to User
-
Jira Cloud - Create Issue
-
Jira Cloud - Get Issue by ID or Key
-
Jira Cloud - Get Issue Comments
-
Jira Cloud - Get Issue Create Metadata
-
Jira Cloud - Get Issue Types
-
Jira Cloud - Get Projects
-
Jira Cloud - Get User by ID
-
Jira Cloud - Search Issues
-
Jira Cloud - Search Users
-
Jira Cloud - Service Desk - Add Comment to Request
-
Jira Cloud - Service Desk - Create Request
-
Jira Cloud - Service Desk - Get Organization Users
-
Jira Cloud - Service Desk - Get Organizations
-
Jira Cloud - Service Desk - Get Request by ID or Key
-
Jira Cloud - Service Desk - Get Request Types
-
Jira Cloud - Service Desk - Get Requests
-
Jira Cloud - Service Desk - Get Service Desks
-
Meraki - Get Networks by Organization
-
Meraki - Get Organizations
-
Meraki - Network - MX - Get L3 Outbound Firewall Rules
-
Meraki - Network - MX - Update L3 Outbound Firewall Rules
-
Microsoft Defender for Endpoint - Add Tag to Machine
-
Microsoft Defender for Endpoint - Block IOC
-
Microsoft Defender for Endpoint - Get List of IOCs
-
Microsoft Defender for Endpoint - Get Machine by ID
-
Microsoft Defender for Endpoint - Get Machine CVEs
-
Microsoft Defender for Endpoint - Isolate Machine
-
Microsoft Defender for Endpoint - Release Machine from Isolation
-
Microsoft Defender for Endpoint - Remove Tag from Machine
-
Microsoft Defender for Endpoint - Run Antivirus Scan
-
Microsoft Defender for Endpoint - Search Machines
-
Microsoft Defender for Endpoint - Unblock IOC
-
Microsoft Graph - Delete Mail Message
-
Microsoft Graph - Get Access Token
-
Microsoft Graph - Get Message by ID
-
Microsoft Graph - Move Mail Message to Folder
-
Microsoft Graph - Run Threat Hunting Query
-
Microsoft Graph - Search Mail Messages
-
Microsoft Intune - Get Managed Device by ID
-
Microsoft Intune - Reboot Device
-
Microsoft Intune - Reset Device Passcode
-
Microsoft Intune - Search Managed Devices
-
Microsoft Intune - Wipe Device
-
Microsoft Security Center - Get Access Token
-
Orbital - Query - Get Job by ID
-
Orbital - Query - Get Job Results
-
Orbital - Query - Run Query
-
Orbital - Query - Run Query (All Endpoints)
-
Orbital - Script - Cancel Job
-
Orbital - Script - Get Job by ID
-
Orbital - Script - Get Job Results
-
Orbital - Script - Get Organization Catalog Scripts
-
Orbital - Script - Get Stock Catalog Scripts
-
Orbital - Script - Run Script
-
PagerDuty - Add Note to Incident
-
PagerDuty - Create Incident Status Update
-
PagerDuty - Get Incident by ID
-
PagerDuty - Get Incidents
-
PagerDuty - Get User by ID
-
PagerDuty - Get Users
-
PagerDuty - Send an Event
-
Palo Alto Cortex - Add File Hashes to Allow List
-
Palo Alto Cortex - Add File Hashes to Block List
-
Palo Alto Cortex - Create IOC
-
Palo Alto Cortex - Get Script Execution Results
-
Palo Alto Cortex - Get Script Execution Status
-
Palo Alto Cortex - Isolate Endpoint
-
Palo Alto Cortex - Quarantine File
-
Palo Alto Cortex - Restore Quarantined File
-
Palo Alto Cortex - Run Code Snippet
-
Palo Alto Cortex - Run Script
-
Palo Alto Cortex - Scan Endpoint
-
Palo Alto Cortex - Search Endpoints
-
Palo Alto Cortex - Unisolate Endpoint
-
Palo Alto Panorama - Add Address Object to Address Group
-
Palo Alto Panorama - Add Service Object to Service Group
-
Palo Alto Panorama - Add URL to Custom URL Category
-
Palo Alto Panorama - Create Address Group
-
Palo Alto Panorama - Create Address Object
-
Palo Alto Panorama - Create Custom URL Category
-
Palo Alto Panorama - Create Security Policy Pre Rule
-
Palo Alto Panorama - Create Service Group
-
Palo Alto Panorama - Create Service Object
-
Palo Alto Panorama - Get Address Groups
-
Palo Alto Panorama - Get Address Objects
-
Palo Alto Panorama - Get Custom URL Categories
-
Palo Alto Panorama - Get Security Policy Pre Rules
-
Palo Alto Panorama - Get Service Groups
-
Palo Alto Panorama - Get Service Objects
-
Palo Alto Panorama - Search Address Objects by Value
-
Palo Alto Panorama - Update Security Policy Pre Rule
-
Secure Cloud Analytics - Add Domain to Watchlist
-
Secure Cloud Analytics - Get Alerts
-
Secure Cloud Analytics - Get Device Details by ID
-
Secure Cloud Analytics - Get Flows by IPs
-
Secure Cloud Analytics - Get Observation Details by ID
-
Secure Cloud Analytics - Get Observations
-
Secure Cloud Analytics - Get Roles by IP Address
-
Secure Cloud Analytics - List Domains in Watchlist
-
Secure Cloud Analytics - Remove Domain from Watchlist
-
Secure Email - Get Message by ID
-
Secure Email - Search Messages
-
Secure Email Threat Defense - Get Access Token
-
Secure Email Threat Defense - Get Message Status
-
Secure Email Threat Defense - Move or Reclassify Messages
-
Secure Email Threat Defense - Search Messages
-
Secure Endpoint - Add File Hash to Application Block List
-
Secure Endpoint - Add File Hash to File List
-
Secure Endpoint - Add File Hash to Simple Custom Detection List
-
Secure Endpoint - Get Computer by GUID
-
Secure Endpoint - Get Connector GUID
-
Secure Endpoint - Get Events
-
Secure Endpoint - Get File List Items
-
Secure Endpoint - Get Group by Name
-
Secure Endpoint - Isolate Host
-
Secure Endpoint - Move Computer to Group
-
Secure Endpoint - Remove File Hash from File List
-
Secure Endpoint - Search Computers
-
Secure Endpoint - Un-Isolate Host
-
Secure Firewall - Add Access Rule to Access Policy
-
Secure Firewall - Add Host Object to Access Rule
-
Secure Firewall - Add Network Group to Access Rule
-
Secure Firewall - Add Network Object to Network Group
-
Secure Firewall - Add Port Group to Access Rule
-
Secure Firewall - Add Port Object to Access Rule
-
Secure Firewall - Add Port Object to Port Group
-
Secure Firewall - Add URL Group to Access Rule
-
Secure Firewall - Add URL Object to URL Group
-
Secure Firewall - Create Access Policy
-
Secure Firewall - Create Dynamic Object Group
-
Secure Firewall - Create Network Group
-
Secure Firewall - Create Object
-
Secure Firewall - Get Access Policy by Name
-
Secure Firewall - Get Access Rule by Name
-
Secure Firewall - Get Access Token
-
Secure Firewall - Get Audit Records
-
Secure Firewall - Get Device Details
-
Secure Firewall - Get Dynamic Object Group Mappings
-
Secure Firewall - Get Health Alerts
-
Secure Firewall - Get Network Group by ID
-
Secure Firewall - Get Network Group by Name
-
Secure Firewall - Get Network Groups
-
Secure Firewall - Get Object by Name
-
Secure Firewall - Get Object by Value
-
Secure Firewall - Get Port Object by Port and Protocol
-
Secure Firewall - Get URL Group by Name
-
Secure Firewall - Update Dynamic Object Group Mappings
-
Secure Firewall - Update Network Group Literals
-
Secure Firewall - SSE - Add Access Rule to Access Policy
-
Secure Firewall - SSE - Add Host Object to Access Rule
-
Secure Firewall - SSE - Add Network Group to Access Rule
-
Secure Firewall - SSE - Add Network Object to Network Group
-
Secure Firewall - SSE - Add Port Group to Access Rule
-
Secure Firewall - SSE - Add Port Object to Access Rule
-
Secure Firewall - SSE - Add Port Object to Port Group
-
Secure Firewall - SSE - Add URL Group to Access Rule
-
Secure Firewall - SSE - Add URL Object to URL Group
-
Secure Firewall - SSE - Create Access Policy
-
Secure Firewall - SSE - Create Dynamic Object Group
-
Secure Firewall - SSE - Create Network Group
-
Secure Firewall - SSE - Create Object
-
Secure Firewall - SSE - Get Access Policy by Name
-
Secure Firewall - SSE - Get Access Rule by Name
-
Secure Firewall - SSE - Get Audit Records
-
Secure Firewall - SSE - Get Device Details
-
Secure Firewall - SSE - Get Dynamic Object Group Mappings
-
Secure Firewall - SSE - Get Health Alerts
-
Secure Firewall - SSE - Get Network Group by ID
-
Secure Firewall - SSE - Get Network Group by Name
-
Secure Firewall - SSE - Get Network Groups
-
Secure Firewall - SSE - Get Object by Name
-
Secure Firewall - SSE - Get Object by Value
-
Secure Firewall - SSE - Get Port Object by Port and Protocol
-
Secure Firewall - SSE - Get URL Group by Name
-
Secure Firewall - SSE - Update Dynamic Object Group Mappings
-
Secure Firewall - SSE - Update Network Group Literals
-
Secure Malware Analytics - Get Sample Analysis
-
Secure Malware Analytics - Get Sample Status
-
Secure Malware Analytics - Get Samples by File Hash
-
Secure Malware Analytics - Submit File
-
Secure Malware Analytics - Submit URL
-
Secure Network Analytics - Get Flows by IP Addresses
-
Secure Network Analytics - Get Security Events by IP Address
-
Secure Network Analytics - Get Security Events by Name
-
Secure Network Analytics - Get Tenants
-
Secure Network Analytics - Get Tokens
-
Secure Network Analytics - Get Top Conversations by IP Address
-
Secure Network Analytics - Get Top Hosts by IP Address
-
Secure Network Analytics - Get Top Peers by IP Address
-
Secure Workload - Generic API Request
-
SecureX - SSE Proxy - List Devices
-
SecureX - SSE Proxy - Send Request
-
SentinelOne - Add Hash to Blocklist
-
SentinelOne - Connect Agent to Network
-
SentinelOne - Disconnect Agent from Network
-
SentinelOne - Get Agents by ID
-
SentinelOne - Get Application CVEs
-
SentinelOne - Get Blocklist Items
-
SentinelOne - Get Sites
-
SentinelOne - Initiate Scan
-
SentinelOne - Remove Items from Blocklist
-
SentinelOne - Search Agents
-
ServiceNow - Add Work Note to Firewall Rule Task
-
ServiceNow - Add Work Note to Incident
-
ServiceNow - Assign or Unassign Incident
-
ServiceNow - Create Change Request
-
ServiceNow - Create Incident
-
ServiceNow - Create Table Record
-
ServiceNow - Delete Table Record
-
ServiceNow - Get Table Record by ID
-
ServiceNow - Get User by Username or Email
-
ServiceNow - Search Table Records
-
Slack - Create Conversation
-
Slack - Create Direct Conversation
-
Slack - Delete Message
-
Slack - Find User by Email Address
-
Slack - Get User Profile
-
Slack - Invite User to Conversation
-
Slack - Join Conversation
-
Slack - List Conversations
-
Slack - Post Chat Message
-
Slack - Post Ephemeral Message
-
Slack - Set Conversation Topic
-
Slack - Update Message
-
Splunk - Ad Hoc Search
-
Splunk - Auth/Login
-
Splunk - Search Jobs
-
Splunk - Search Jobs Results
-
Splunk Cloud - Get Search Job by ID
-
Splunk Cloud - Get Search Jobs
-
Splunk Cloud - Get Search Results
-
Splunk Cloud - Run Search
-
Splunk Cloud - Send JSON Event to HTTP Event Collector
-
Trend Vision One - Add IOC to Suspicious Object List
-
Trend Vision One - Get Response Task by ID
-
Trend Vision One - Isolate Endpoint
-
Trend Vision One - Remove Endpoint from Isolation
-
Trend Vision One - Remove IOC from Suspicious Object List
-
Trend Vision One - Run Custom Script
-
Trend Vision One - Search Agents
-
Umbrella - Investigate - Categorize Multiple Domains
-
Umbrella - Investigate - Categorize Single Domain
-
Umbrella - Management - Add Record to Destination List
-
Umbrella - Management - Get Destination List Entries
-
Umbrella - Management - Get Destination Lists
-
Umbrella - Management - Get Organizations
-
Umbrella - Management - Remove Record from Destination List
-
Umbrella - Reporting - Get Security Activity Report
-
Umbrella - Reporting v2 - Get Activity
-
Umbrella - Reporting v2 - Get Categories
-
Umbrella - Reporting v2 - Get Token
-
Umbrella - Reporting v2 - Get Top Internal IPs
-
Umbrella - Reporting v2 - Get Top Threats
-
Umbrella - Add Records to Destination List
-
Umbrella - Create Destination List
-
Umbrella - Delete Destination List
-
Umbrella - Get Access Token
-
Umbrella - Get Activity
-
Umbrella - Get Destination List by ID
-
Umbrella - Get Destination List Entries
-
Umbrella - Get Destination Lists
-
Umbrella - Remove Destination from Destination List
-
Webex - Add Member to Room
-
Webex - Create Room
-
Webex - Post Message to Room
-
Webex - Search for People
-
Webex - Search for Room
-
Webex - Search for Team
-
Webex - Send Message to Person
-
XDR - Administration - Search Users
-
XDR - Automate - Get Account Keys
-
XDR - Automate - Get Targets
-
XDR - Incident - Add Note to Incident
-
XDR - Incident - Get Incident Events
-
XDR - Incident - Get Incident Summary
-
XDR - Incident - Search Incidents
-
XDR - Incident - Update Properties
-
XDR - Intelligence - Create Feed
-
XDR - Intelligence - Create Indicator
-
XDR - Intelligence - Create Judgement
-
XDR - Intelligence - Create Relationship
-
XDR - Intelligence - Create Sighting
-
XDR - Intelligence - Delete Relationship
-
XDR - Intelligence - Search Feeds
-
XDR - Intelligence - Search Indicators
-
XDR - Intelligence - Search Relationships
-
XDR - Intelligence - Search Sightings
-
XDR - Investigate - Deliberate Observable
-
XDR - Investigate - Deliberate Observables
-
XDR - Investigate - Enrich Observables
-
XDR - Investigate - Inspect for Observables
-
XDR - Respond - List Response Actions
-
XDR - Respond - Trigger Response Action
-
Zendesk - Add Comment to Ticket
-
Zendesk - Create Ticket
-
Zendesk - Get Ticket by ID
-
Zendesk - Get User by ID
-
Zendesk - Search Tickets
-
Zendesk - Search Users
-
Zendesk - Update Ticket
All atomic actions for Cisco products have been converted to system objects. The benefit of this change is that they’ll all be available without needing to be imported and you’ll always have the latest version. The old, tenant-specific versions of these atomics are now considered deprecated. If you're using them, we recommend that you update your workflows to use the new system objects.
Old Atomic Name | New System Object Name |
---|---|
AMP - Get Computer by GUID | Secure Endpoint - Get Computer by GUID |
AMP - Get Connector GUID | Secure Endpoint - Get Connector GUID |
AMP - Get Events | Secure Endpoint - Get Events |
AMP - Get Group by Name | Secure Endpoint - Get Group by Name |
AMP - Isolate Host | Secure Endpoint - Isolate Host |
AMP - Move Computer to Group | Secure Endpoint - Move Computer to Group |
AMP - Un-Isolate Host | Secure Endpoint - Un-Isolate Host |
CDO - Get Devices | Defense Orchestrator - Get Devices |
CTR Create Casebook | Deprecated (use Threat Response - Create Casebook) |
CTR Create Incident | Deprecated (use Threat Response - Create Incident) |
CTR Create Transient Incident Id | Deprecated |
CTR Enrich Observable | Deprecated (use Threat Response - Enrich Observable) |
CTR List Actions | Deprecated (use Threat Response - List Response Actions) |
CTR Trigger an Action | Deprecated (use Threat Response - Trigger Response Action) |
CTRCheckDeliberateVerdict | Deprecated (use Threat Response - Deliberate Observable) |
CTRGenerateAccessToken | Deprecated (use Threat Response - Generate Access Token) |
CTRInspect | Deprecated (use Threat Response - Inspect for Observables) |
CTRListDeliberateVerdicts | Deprecated (use Threat Response - Deliberate Observable) |
Duo - Auth | Duo - Auth - Authenticate |
Duo - Auth Status | Duo - Auth - Authentication Status |
Duo - Check | Duo - Auth - Check |
Duo - Enroll | Duo - Auth - Enroll |
Duo - Enroll Status | Duo - Auth - Enrollment Status |
Duo - PreAuth | Duo - Auth - PreAuth |
Duo Admin - Add User to Group | Duo - Admin - Add User to Group |
Duo Admin - Get User | Duo - Admin - Get User |
Duo Admin - Remove User from Group | Duo - Admin - Remove User from Group |
SNA - Get Flows by IP Addresses | Secure Network Analytics - Get Flows by IP Addresses |
SNA - Get Security Events by IP Address | Secure Network Analytics - Get Security Events by IP Address |
SNA - Get Security Events by Name | Secure Network Analytics - Get Security Events by Name |
SNA - Get Tenants | Secure Network Analytics - Get Tenants |
SNA - Get Tokens | Secure Network Analytics - Get Tokens |
SNA - Get Top Conversations by IP Address | Secure Network Analytics - Get Top Conversations by IP Address |
SNA - Get Top Hosts by IP Address | Secure Network Analytics - Get Top Hosts by IP Address |
SNA - Get Top Peers by IP Address | Secure Network Analytics - Get Top Peers by IP Address |
SWC - Add Domain or IP to Watchlist | Secure Cloud Analytics - Add Domain to Watchlist |
SWC - Get Alerts | Secure Cloud Analytics - Get Alerts |
SWC - Get Device Details by ID | Secure Cloud Analytics - Get Device Details by ID |
SWC - Get Flows by IPs | Secure Cloud Analytics - Get Flows by IPs |
SWC - Get Observation Details by ID | Secure Cloud Analytics - Get Observation Details by ID |
SWC - Get Observations | Secure Cloud Analytics - Get Observations |
SWC - Get Roles by IP Address | Secure Cloud Analytics - Get Roles by IP Address |
SWC - List Domains in Watchlist | Secure Cloud Analytics - List Domains in Watchlist |
SWC - Remove Domain from Watchlist | Secure Cloud Analytics - Remove Domain from Watchlist |
TG v2 - Get Sample Analysis | Secure Malware Analytics - Get Sample Analysis |
TG v2 - Get Sample Status | Secure Malware Analytics - Get Sample Status |
TG v2 - Get Samples by File Hash | Secure Malware Analytics - Get Samples by File Hash |
TG v2 - Submit File | Secure Malware Analytics - Submit File |
TG v2 - Submit URL | Secure Malware Analytics - Submit URL |
TG Query for sample status | Deprecated (use Secure Malware Analytics - Get Sample Status) |
TG Submit URL | Deprecated (use Secure Malware Analytics - Submit URL) |
TGFetchSampleAnalysis | Deprecated (use Secure Malware Analytics - Get Sample Analysis) |
TGFetchThreatScoreAndIOCS | Deprecated (use Secure Malware Analytics - Get Sample Analysis) |
TGGetDisposition | Deprecated |
TGListDomainsForSample | Deprecated |
TGListIPsForSample | Deprecated |
TGListProcessesForSample | Deprecated |
TGSearchFileHash | Deprecated (use Secure Malware Analytics - Get Samples by File Hash) |
TGSearchSample | Deprecated |
TGSearchSampleDispositionsForHash | Deprecated |
Threat Response v2 - Create Casebook | Threat Response - Create Casebook |
Threat Response v2 - Create Incident | Threat Response - Create Incident |
Threat Response v2 - Create Relationship | Threat Response - Create Relationship |
Threat Response v2 - Create Sighting | Threat Response - Create Sighting |
Threat Response v2 - Deliberate Observable | Threat Response - Deliberate Observable |
Threat Response v2 - Enrich Observable | Threat Response - Enrich Observable |
Threat Response v2 - Generate Access Token | Threat Response - Generate Access Token |
Threat Response v2 - Inspect for Observables | Threat Response - Inspect for Observables |
Threat Response v2 - List Response Actions | Threat Response - List Response Actions |
Threat Response v2 - Trigger Response Action | Threat Response - Trigger Response Action |
Umbrella - Management V1 - Add Record to Destination List | Umbrella - Management - Add Record to Destination List |
Umbrella - Management V1 - Get Destination List Entries | Umbrella - Management - Get Destination List Entries |
Umbrella - Management V1 - Get Destination Lists | Umbrella - Management - Get Destination Lists |
Umbrella - Management V1 - Get Organizations | Umbrella - Management - Get Organizations |
Umbrella - Management V1 - Remove Destination from List | Umbrella - Management - Remove Record from Destination List |
Umbrella - Reporting V1 - Get Security Activity Report | Umbrella - Reporting - Get Security Activity Report |