Atomic Actions

Atomic actions are small, self-contained workflows that are similar to a function in traditional programming. They can consume input, perform various actions, and then return output. They are designed to be portable, reusable, and make building workflows more efficient. If the workflow is a script, the atomic action serves as a function within that script. Atomic actions most commonly provide activities in the Workflow Editor via API calls to the associated product adapters.

Cisco XDR Connect is a public catalog, managed by the content team, that offers a holistic view of workflows and integrations. It includes details on the atomic actions that are built into Cisco XDR by default, which in most cases do not require additional installation or configuration.

System Objects

Atomic actions that are system objects are built into the Automation platform. They're available in all Automation tenants without needing to be imported. You still need to import any non-system atomics before importing the workflow. All of the workflows that Cisco publishes have been updated to use the new system objects. This makes them much simpler to import, as most of the prerequisite objects are already included in your tenant. You cannot modify or export system objects. This list may not always reflect the latest in the system, but is here for reference and updated on a regular basis:

API Console - Generate Access Token
Check Point Quantum Smart-1 - Create Access Rule
Check Point Quantum Smart-1 - Create DNS Domain Object
Check Point Quantum Smart-1 - Create Host Object
Check Point Quantum Smart-1 - Create Network Object
Check Point Quantum Smart-1 - Create Network Object Group
Check Point Quantum Smart-1 - Discard session
Check Point Quantum Smart-1 - End Session
Check Point Quantum Smart-1 - Get Network Object Group
Check Point Quantum Smart-1 - List DNS Domain Objects
Check Point Quantum Smart-1 - List Host Objects
Check Point Quantum Smart-1 - List Network Object Groups
Check Point Quantum Smart-1 - List Network Objects
Check Point Quantum Smart-1 - Publish Changes
Check Point Quantum Smart-1 - Start Session
Check Point Quantum Smart-1 - Update Network Group Members
Cisco Defense Orchestrator - Get Devices
Cisco PSIRT openVuln - Search Advisories by CVE
Cisco PSIRT openVuln - Search Advisories by Product Name
Cisco PSIRT openVuln - Search Advisories by Severity
Cisco Security Cloud Control - Create Object
Cisco Security Cloud Control - Delete Object
Cisco Security Cloud Control - Get Device by ID
Cisco Security Cloud Control - Get Devices
Cisco Security Cloud Control - Get Object by ID
Cisco Security Cloud Control - Get Objects
Cisco Security Cloud Control - Update Object
Cisco Threat Response - Create Casebook
Cisco Threat Response - Create Incident
Cisco Threat Response - Create Judgement
Cisco Threat Response - Create Relationship
Cisco Threat Response - Create Sighting
Cisco Threat Response - Deliberate Observable
Cisco Threat Response - Enrich Observable
Cisco Threat Response - Generate Access Token
Cisco Threat Response - Inspect for Observables
Cisco Threat Response - List Response Actions
Cisco Threat Response - Search Incidents
Cisco Threat Response - Search Relationships
Cisco Threat Response - Trigger Response Action
Cisco Vulnerability Management - Add Tag to Asset
Cisco Vulnerability Management - Get All Fixes
Cisco Vulnerability Management - Get Asset by ID
Cisco Vulnerability Management - Get Fix by ID
Cisco Vulnerability Management - Get Top Fixes
Cisco Vulnerability Management - Get Vulnerabilities by Asset ID
Cisco Vulnerability Management - List Asset Groups
Cisco Vulnerability Management - List Connectors
Cisco Vulnerability Management - List Tags for Asset
Cisco Vulnerability Management - Relate Vulnerability to ServiceNow Incident
Cisco Vulnerability Management - Remove Tag from Asset
Cisco Vulnerability Management - Search Assets
Cisco Vulnerability Management - Search Vulnerabilities
Cisco Vulnerability Management - Get File Hashes by CVE
CrowdStrike - Create Custom IOC
CrowdStrike - Execute Host Actions
CrowdStrike - Get Access Token
CrowdStrike - Get Actor by ID
CrowdStrike - Get Alert by ID
CrowdStrike - Get All CVEs by Host
CrowdStrike - Get Detection by ID
CrowdStrike - Get Host NIC Details
CrowdStrike - Get Host Online Status
CrowdStrike - Get Hosts by IDs
CrowdStrike - Get Incident Behaviors by Incident ID
CrowdStrike - Get Incident by ID
CrowdStrike - Get Recent Logins for Host
CrowdStrike - Search Actors
CrowdStrike - Search Detections
CrowdStrike - Search Hosts
CrowdStrike - Search Incident Behaviors
CrowdStrike - Search Incidents
CrowdStrike - Search Indicators
CrowdStrike - Show CrowdScores
Cybereason - Add Sensors to Group
Cybereason - Get Authorization Cookie
Cybereason - Get Live File Search Results
Cybereason - Get Sensor Groups
Cybereason - Isolate Host
Cybereason - Perform Live File Search
Cybereason - Remove Sensors from Group
Cybereason - Search Sensors
Cybereason - Set IOC Reputation
Cybereason - Unisolate Host
Darktrace DETECT & RESPOND - Add Observables to Intelfeed
Darktrace DETECT & RESPOND - Add Tag to Device
Darktrace DETECT & RESPOND - Clear Antigena Action
Darktrace DETECT & RESPOND - Create New Tag
Darktrace DETECT & RESPOND - Create PCAP File
Darktrace DETECT & RESPOND - Execute Antigena Action
Darktrace DETECT & RESPOND - Get All Tags
Darktrace DETECT & RESPOND - Get Antigena Information
Darktrace DETECT & RESPOND - Get Connections and Events
Darktrace DETECT & RESPOND - Get Device by ID
Darktrace DETECT & RESPOND - Get Device Information
Darktrace DETECT & RESPOND - Get Similar Devices
Darktrace DETECT & RESPOND - Get Tag by ID or Name
Darktrace DETECT & RESPOND - Remove Observable from Intelfeed
Darktrace DETECT & RESPOND - Remove Tag from Device
Darktrace DETECT & RESPOND - Search Devices
Defense Orchestrator - Get Devices
Duo - Admin - Add User to Group
Duo - Admin - Get Admin Logs
Duo - Admin - Get Admins
Duo - Admin - Get Authentication Logs
Duo - Admin - Get Endpoints
Duo - Admin - Get Groups
Duo - Admin - Get Integrations
Duo - Admin - Get Settings
Duo - Admin - Get User
Duo - Admin - Remove User from Group
Duo - Auth - Authenticate
Duo - Auth - Authentication Status
Duo - Auth - Check
Duo - Auth - Enroll
Duo - Auth - Enrollment Status
Duo - Auth - PreAuth
Elastic Cloud - Create Document
Elastic Cloud - Search Documents
Elastic Cloud - Update Document
ExtraHop Reveal(x) 360 - Add Device to Watchlist
ExtraHop Reveal(x) 360 - Assign Device to Device Group
ExtraHop Reveal(x) 360 - Get Access Token
ExtraHop Reveal(x) 360 - Get Device by ID
ExtraHop Reveal(x) 360 - Get Device DNS Names
ExtraHop Reveal(x) 360 - Get Device Group by ID
ExtraHop Reveal(x) 360 - Get Device Group Devices
ExtraHop Reveal(x) 360 - Get Device Groups
ExtraHop Reveal(x) 360 - Get Device Groups for Device
ExtraHop Reveal(x) 360 - Get Device IP Addresses
ExtraHop Reveal(x) 360 - Get Watchlist Devices
ExtraHop Reveal(x) 360 - Remove Device from Device Group
ExtraHop Reveal(x) 360 - Remove Device from Watchlist
ExtraHop Reveal(x) 360 - Search Detections
ExtraHop Reveal(x) 360 - Search Devices
ISE - ERS - ANC Policy - Apply to Endpoint
ISE - ERS - ANC Policy - Clear from Endpoint
ISE - ERS - ANC Policy - Get by Name
ISE - ERS - Endpoint - Create Endpoint
ISE - ERS - Endpoint - Get by ID
ISE - ERS - Endpoint - Search
ISE - ERS - Endpoint - Update Identity Group
ISE - ERS - Endpoint - Update Profiler Policy
ISE - ERS - Endpoint Identity Group - Get by Name
ISE - ERS - Profiler Policy - Get by Name
Jamf Pro - Computer - Add to Static Group
Jamf Pro - Computer - Execute Command
Jamf Pro - Computer - Fetch Advanced Search
Jamf Pro - Computer - Get by ID
Jamf Pro - Computer - Remove from Static Group
Jamf Pro - Computer - Search
Jamf Pro - Mobile Device - Add to Static Group
Jamf Pro - Mobile Device - Execute Command
Jamf Pro - Mobile Device - Fetch Advanced Search
Jamf Pro - Mobile Device - Get by ID
Jamf Pro - Mobile Device - Remove from Static Group
Jamf Pro - Mobile Device - Search
Jira Cloud - Add Comment to Issue
Jira Cloud - Add Watcher to Issue
Jira Cloud - Assign Issue to User
Jira Cloud - Create Issue
Jira Cloud - Get Issue by ID or Key
Jira Cloud - Get Issue Comments
Jira Cloud - Get Issue Create Metadata
Jira Cloud - Get Issue Types
Jira Cloud - Get Projects
Jira Cloud - Get User by ID
Jira Cloud - Search Issues
Jira Cloud - Search Users
Jira Cloud - Service Desk - Add Comment to Request
Jira Cloud - Service Desk - Create Request
Jira Cloud - Service Desk - Get Organization Users
Jira Cloud - Service Desk - Get Organizations
Jira Cloud - Service Desk - Get Request by ID or Key
Jira Cloud - Service Desk - Get Request Types
Jira Cloud - Service Desk - Get Requests
Jira Cloud - Service Desk - Get Service Desks
Meraki - Get Networks by Organization
Meraki - Get Organizations
Meraki - Network - MX - Get L3 Outbound Firewall Rules
Meraki - Network - MX - Update L3 Outbound Firewall Rules
Microsoft Defender for Endpoint - Add Tag to Machine
Microsoft Defender for Endpoint - Block IOC
Microsoft Defender for Endpoint - Get List of IOCs
Microsoft Defender for Endpoint - Get Machine by ID
Microsoft Defender for Endpoint - Get Machine CVEs
Microsoft Defender for Endpoint - Isolate Machine
Microsoft Defender for Endpoint - Release Machine from Isolation
Microsoft Defender for Endpoint - Remove Tag from Machine
Microsoft Defender for Endpoint - Run Antivirus Scan
Microsoft Defender for Endpoint - Search Machines
Microsoft Defender for Endpoint - Unblock IOC
Microsoft Graph - Delete Mail Message
Microsoft Graph - Get Access Token
Microsoft Graph - Get Message by ID
Microsoft Graph - Move Mail Message to Folder
Microsoft Graph - Run Threat Hunting Query
Microsoft Graph - Search Mail Messages
Microsoft Intune - Get Managed Device by ID
Microsoft Intune - Reboot Device
Microsoft Intune - Reset Device Passcode
Microsoft Intune - Search Managed Devices
Microsoft Intune - Wipe Device
Microsoft Security Center - Get Access Token
Orbital - Query - Get Job by ID
Orbital - Query - Get Job Results
Orbital - Query - Run Query
Orbital - Query - Run Query (All Endpoints)
Orbital - Script - Cancel Job
Orbital - Script - Get Job by ID
Orbital - Script - Get Job Results
Orbital - Script - Get Organization Catalog Scripts
Orbital - Script - Get Stock Catalog Scripts
Orbital - Script - Run Script
PagerDuty - Add Note to Incident
PagerDuty - Create Incident Status Update
PagerDuty - Get Incident by ID
PagerDuty - Get Incidents
PagerDuty - Get User by ID
PagerDuty - Get Users
PagerDuty - Send an Event
Palo Alto Cortex - Add File Hashes to Allow List
Palo Alto Cortex - Add File Hashes to Block List
Palo Alto Cortex - Create IOC
Palo Alto Cortex - Get Script Execution Results
Palo Alto Cortex - Get Script Execution Status
Palo Alto Cortex - Isolate Endpoint
Palo Alto Cortex - Quarantine File
Palo Alto Cortex - Restore Quarantined File
Palo Alto Cortex - Run Code Snippet
Palo Alto Cortex - Run Script
Palo Alto Cortex - Scan Endpoint
Palo Alto Cortex - Search Endpoints
Palo Alto Cortex - Unisolate Endpoint
Palo Alto Panorama - Add Address Object to Address Group
Palo Alto Panorama - Add Service Object to Service Group
Palo Alto Panorama - Add URL to Custom URL Category
Palo Alto Panorama - Create Address Group
Palo Alto Panorama - Create Address Object
Palo Alto Panorama - Create Custom URL Category
Palo Alto Panorama - Create Security Policy Pre Rule
Palo Alto Panorama - Create Service Group
Palo Alto Panorama - Create Service Object
Palo Alto Panorama - Get Address Groups
Palo Alto Panorama - Get Address Objects
Palo Alto Panorama - Get Custom URL Categories
Palo Alto Panorama - Get Security Policy Pre Rules
Palo Alto Panorama - Get Service Groups
Palo Alto Panorama - Get Service Objects
Palo Alto Panorama - Search Address Objects by Value
Palo Alto Panorama - Update Security Policy Pre Rule
Secure Cloud Analytics - Add Domain to Watchlist
Secure Cloud Analytics - Get Alerts
Secure Cloud Analytics - Get Device Details by ID
Secure Cloud Analytics - Get Flows by IPs
Secure Cloud Analytics - Get Observation Details by ID
Secure Cloud Analytics - Get Observations
Secure Cloud Analytics - Get Roles by IP Address
Secure Cloud Analytics - List Domains in Watchlist
Secure Cloud Analytics - Remove Domain from Watchlist
Secure Email - Get Message by ID
Secure Email - Search Messages
Secure Email Threat Defense - Get Access Token
Secure Email Threat Defense - Get Message Status
Secure Email Threat Defense - Move or Reclassify Messages
Secure Email Threat Defense - Search Messages
Secure Endpoint - Add File Hash to Application Block List
Secure Endpoint - Add File Hash to File List
Secure Endpoint - Add File Hash to Simple Custom Detection List
Secure Endpoint - Get Computer by GUID
Secure Endpoint - Get Connector GUID
Secure Endpoint - Get Events
Secure Endpoint - Get File List Items
Secure Endpoint - Get Group by Name
Secure Endpoint - Isolate Host
Secure Endpoint - Move Computer to Group
Secure Endpoint - Remove File Hash from File List
Secure Endpoint - Search Computers
Secure Endpoint - Un-Isolate Host
Secure Firewall - Add Access Rule to Access Policy
Secure Firewall - Add Host Object to Access Rule
Secure Firewall - Add Network Group to Access Rule
Secure Firewall - Add Network Object to Network Group
Secure Firewall - Add Port Group to Access Rule
Secure Firewall - Add Port Object to Access Rule
Secure Firewall - Add Port Object to Port Group
Secure Firewall - Add URL Group to Access Rule
Secure Firewall - Add URL Object to URL Group
Secure Firewall - Create Access Policy
Secure Firewall - Create Dynamic Object Group
Secure Firewall - Create Network Group
Secure Firewall - Create Object
Secure Firewall - Get Access Policy by Name
Secure Firewall - Get Access Rule by Name
Secure Firewall - Get Access Token
Secure Firewall - Get Audit Records
Secure Firewall - Get Device Details
Secure Firewall - Get Dynamic Object Group Mappings
Secure Firewall - Get Health Alerts
Secure Firewall - Get Network Group by ID
Secure Firewall - Get Network Group by Name
Secure Firewall - Get Network Groups
Secure Firewall - Get Object by Name
Secure Firewall - Get Object by Value
Secure Firewall - Get Port Object by Port and Protocol
Secure Firewall - Get URL Group by Name
Secure Firewall - Update Dynamic Object Group Mappings
Secure Firewall - Update Network Group Literals
Secure Firewall - SSX - Add Access Rule to Access Policy
Secure Firewall - SSX - Add Host Object to Access Rule
Secure Firewall - SSX - Add Network Group to Access Rule
Secure Firewall - SSX - Add Network Object to Network Group
Secure Firewall - SSX - Add Port Group to Access Rule
Secure Firewall - SSX - Add Port Object to Access Rule
Secure Firewall - SSX - Add Port Object to Port Group
Secure Firewall - SSX - Add URL Group to Access Rule
Secure Firewall - SSX - Add URL Object to URL Group
Secure Firewall - SSX - Create Access Policy
Secure Firewall - SSX - Create Dynamic Object Group
Secure Firewall - SSX - Create Network Group
Secure Firewall - SSX - Create Object
Secure Firewall - SSX - Get Access Policy by Name
Secure Firewall - SSX - Get Access Rule by Name
Secure Firewall - SSX - Get Audit Records
Secure Firewall - SSX - Get Device Details
Secure Firewall - SSX - Get Dynamic Object Group Mappings
Secure Firewall - SSX - Get Health Alerts
Secure Firewall - SSX - Get Network Group by ID
Secure Firewall - SSX - Get Network Group by Name
Secure Firewall - SSX - Get Network Groups
Secure Firewall - SSX - Get Object by Name
Secure Firewall - SSX - Get Object by Value
Secure Firewall - SSX - Get Port Object by Port and Protocol
Secure Firewall - SSX - Get URL Group by Name
Secure Firewall - SSX - Update Dynamic Object Group Mappings
Secure Firewall - SSX - Update Network Group Literals
Secure Malware Analytics - Get Sample Analysis
Secure Malware Analytics - Get Sample Status
Secure Malware Analytics - Get Samples by File Hash
Secure Malware Analytics - Submit File
Secure Malware Analytics - Submit URL
Secure Network Analytics - Get Flows by IP Addresses
Secure Network Analytics - Get Security Events by IP Address
Secure Network Analytics - Get Security Events by Name
Secure Network Analytics - Get Tenants
Secure Network Analytics - Get Tokens
Secure Network Analytics - Get Top Conversations by IP Address
Secure Network Analytics - Get Top Hosts by IP Address
Secure Network Analytics - Get Top Peers by IP Address
Secure Workload - Generic API Request
SentinelOne - Add Hash to Blocklist
SentinelOne - Connect Agent to Network
SentinelOne - Disconnect Agent from Network
SentinelOne - Get Agents by ID
SentinelOne - Get Application CVEs
SentinelOne - Get Blocklist Items
SentinelOne - Get Sites
SentinelOne - Initiate Scan
SentinelOne - Remove Items from Blocklist
SentinelOne - Search Agents
ServiceNow - Add Work Note to Firewall Rule Task
ServiceNow - Add Work Note to Incident
ServiceNow - Assign or Unassign Incident
ServiceNow - Create Change Request
ServiceNow - Create Incident
ServiceNow - Create Table Record
ServiceNow - Delete Table Record
ServiceNow - Get Table Record by ID
ServiceNow - Get User by Username or Email
ServiceNow - Search Table Records
Slack - Create Conversation
Slack - Create Direct Conversation
Slack - Delete Message
Slack - Find User by Email Address
Slack - Get User Profile
Slack - Invite User to Conversation
Slack - Join Conversation
Slack - List Conversations
Slack - Post Chat Message
Slack - Post Ephemeral Message
Slack - Set Conversation Topic
Slack - Update Message
Splunk - Ad Hoc Search
Splunk - Auth/Login
Splunk - Search Jobs
Splunk - Search Jobs Results
Splunk Cloud - Get Search Job by ID
Splunk Cloud - Get Search Jobs
Splunk Cloud - Get Search Results
Splunk Cloud - Run Search
Splunk Cloud - Send JSON Event to HTTP Event Collector
Trend Vision One - Add IOC to Suspicious Object List
Trend Vision One - Get Response Task by ID
Trend Vision One - Isolate Endpoint
Trend Vision One - Remove Endpoint from Isolation
Trend Vision One - Remove IOC from Suspicious Object List
Trend Vision One - Run Custom Script
Trend Vision One - Search Agents
Umbrella - Investigate - Categorize Multiple Domains
Umbrella - Investigate - Categorize Single Domain
Umbrella - Management - Add Record to Destination List
Umbrella - Management - Get Destination List Entries
Umbrella - Management - Get Destination Lists
Umbrella - Management - Get Organizations
Umbrella - Management - Remove Record from Destination List
Umbrella - Reporting - Get Security Activity Report
Umbrella - Reporting v2 - Get Activity
Umbrella - Reporting v2 - Get Categories
Umbrella - Reporting v2 - Get Token
Umbrella - Reporting v2 - Get Top Internal IPs
Umbrella - Reporting v2 - Get Top Threats
Umbrella - Add Records to Destination List
Umbrella - Create Destination List
Umbrella - Delete Destination List
Umbrella - Get Access Token
Umbrella - Get Activity
Umbrella - Get Destination List by ID
Umbrella - Get Destination List Entries
Umbrella - Get Destination Lists
Umbrella - Remove Destination from Destination List
Webex - Add Member to Room
Webex - Create Room
Webex - Post Message to Room
Webex - Search for People
Webex - Search for Room
Webex - Search for Team
Webex - Send Message to Person
XDR - Administration - Create Notification
XDR - Administration - Get Integration Instance by ID
XDR - Administration - Get Integration Instances
XDR - Administration - Get Integration Types
XDR - Administration - Search Users
XDR - Analytics - Execute OCSF Query
XDR - Assets - Add Labels to Devices
XDR - Assets - Get Device Label by ID
XDR - Assets - Get Device Label by Name
XDR - Assets - Get Device Labels
XDR - Assets - Get Device by ID
XDR - Assets - Get Devices
XDR - Assets - Remove Labels from Devices
XDR - Assets - Set Device Values
XDR - Automate - Get Account Keys
XDR - Automate - Get Target by ID
XDR - Automate - Get Targets
XDR - Incident - Add Note to Incident
XDR - Incident - Create Incident
XDR - Incident - Get Incident Events
XDR - Incident - Get Incident Indicators
XDR - Incident - Get Incident Observables
XDR - Incident - Get Incident Summary
XDR - Incident - Get Incident Targets
XDR - Incident - Link Object
XDR - Incident - Search Incidents
XDR - Incident - Update Properties
XDR - Intelligence - Create Feed
XDR - Intelligence - Create Indicator
XDR - Intelligence - Create Judgement
XDR - Intelligence - Create Relationship
XDR - Intelligence - Create Sighting
XDR - Intelligence - Delete Relationship
XDR - Intelligence - Expire Judgement
XDR - Intelligence - Get Feed Contents
XDR - Intelligence - Search Feeds
XDR - Intelligence - Search Indicators
XDR - Intelligence - Search Judgement
XDR - Intelligence - Search Relationships
XDR - Intelligence - Search Sightings
XDR - Investigate - Create Investigation
XDR - Investigate - Deliberate Observable
XDR - Investigate - Deliberate Observables
XDR - Investigate - Enrich Observables
XDR - Investigate - Get Investigation Assets
XDR - Investigate - Get Investigation Events
XDR - Investigate - Get Investigation Indicators
XDR - Investigate - Get Investigation Overview
XDR - Investigate - Get Investigation Status
XDR - Investigate - Get Investigation Summary
XDR - Investigate - Inspect for Observables
XDR - Respond - List Response Actions
XDR - Respond - Trigger Response Action
XDR - SSX Proxy - List Devices
XDR - SSX Proxy - Send Request
Zendesk - Add Comment to Ticket
Zendesk - Create Ticket
Zendesk - Get Ticket by ID
Zendesk - Get User by ID
Zendesk - Search Tickets
Zendesk - Search Users
Zendesk - Update Ticket

Deprecated Atomic Actions

All atomic actions for Cisco products have been converted to system objects. The benefit of this change is that they’ll all be available without needing to be imported and you’ll always have the latest version. The old, tenant-specific versions of these atomics are now considered deprecated. If you're using them, we recommend that you update your workflows to use the new system objects.

Old Atomic Name	New System Object Name
AMP - Get Computer by GUID	Secure Endpoint - Get Computer by GUID
AMP - Get Connector GUID	Secure Endpoint - Get Connector GUID
AMP - Get Events	Secure Endpoint - Get Events
AMP - Get Group by Name	Secure Endpoint - Get Group by Name
AMP - Isolate Host	Secure Endpoint - Isolate Host
AMP - Move Computer to Group	Secure Endpoint - Move Computer to Group
AMP - Un-Isolate Host	Secure Endpoint - Un-Isolate Host
CDO - Get Devices	Defense Orchestrator - Get Devices
CTR Create Casebook	Deprecated (use Threat Response - Create Casebook)
CTR Create Incident	Deprecated (use Threat Response - Create Incident)
CTR Create Transient Incident Id	Deprecated
CTR Enrich Observable	Deprecated (use Threat Response - Enrich Observable)
CTR List Actions	Deprecated (use Threat Response - List Response Actions)
CTR Trigger an Action	Deprecated (use Threat Response - Trigger Response Action)
CTRCheckDeliberateVerdict	Deprecated (use Threat Response - Deliberate Observable)
CTRGenerateAccessToken	Deprecated (use Threat Response - Generate Access Token)
CTRInspect	Deprecated (use Threat Response - Inspect for Observables)
CTRListDeliberateVerdicts	Deprecated (use Threat Response - Deliberate Observable)
Duo - Auth	Duo - Auth - Authenticate
Duo - Auth Status	Duo - Auth - Authentication Status
Duo - Check	Duo - Auth - Check
Duo - Enroll	Duo - Auth - Enroll
Duo - Enroll Status	Duo - Auth - Enrollment Status
Duo - PreAuth	Duo - Auth - PreAuth
Duo Admin - Add User to Group	Duo - Admin - Add User to Group
Duo Admin - Get User	Duo - Admin - Get User
Duo Admin - Remove User from Group	Duo - Admin - Remove User from Group
SNA - Get Flows by IP Addresses	Secure Network Analytics - Get Flows by IP Addresses
SNA - Get Security Events by IP Address	Secure Network Analytics - Get Security Events by IP Address
SNA - Get Security Events by Name	Secure Network Analytics - Get Security Events by Name
SNA - Get Tenants	Secure Network Analytics - Get Tenants
SNA - Get Tokens	Secure Network Analytics - Get Tokens
SNA - Get Top Conversations by IP Address	Secure Network Analytics - Get Top Conversations by IP Address
SNA - Get Top Hosts by IP Address	Secure Network Analytics - Get Top Hosts by IP Address
SNA - Get Top Peers by IP Address	Secure Network Analytics - Get Top Peers by IP Address
SWC - Add Domain or IP to Watchlist	Secure Cloud Analytics - Add Domain to Watchlist
SWC - Get Alerts	Secure Cloud Analytics - Get Alerts
SWC - Get Device Details by ID	Secure Cloud Analytics - Get Device Details by ID
SWC - Get Flows by IPs	Secure Cloud Analytics - Get Flows by IPs
SWC - Get Observation Details by ID	Secure Cloud Analytics - Get Observation Details by ID
SWC - Get Observations	Secure Cloud Analytics - Get Observations
SWC - Get Roles by IP Address	Secure Cloud Analytics - Get Roles by IP Address
SWC - List Domains in Watchlist	Secure Cloud Analytics - List Domains in Watchlist
SWC - Remove Domain from Watchlist	Secure Cloud Analytics - Remove Domain from Watchlist
TG v2 - Get Sample Analysis	Secure Malware Analytics - Get Sample Analysis
TG v2 - Get Sample Status	Secure Malware Analytics - Get Sample Status
TG v2 - Get Samples by File Hash	Secure Malware Analytics - Get Samples by File Hash
TG v2 - Submit File	Secure Malware Analytics - Submit File
TG v2 - Submit URL	Secure Malware Analytics - Submit URL
TG Query for sample status	Deprecated (use Secure Malware Analytics - Get Sample Status)
TG Submit URL	Deprecated (use Secure Malware Analytics - Submit URL)
TGFetchSampleAnalysis	Deprecated (use Secure Malware Analytics - Get Sample Analysis)
TGFetchThreatScoreAndIOCS	Deprecated (use Secure Malware Analytics - Get Sample Analysis)
TGGetDisposition	Deprecated
TGListDomainsForSample	Deprecated
TGListIPsForSample	Deprecated
TGListProcessesForSample	Deprecated
TGSearchFileHash	Deprecated (use Secure Malware Analytics - Get Samples by File Hash)
TGSearchSample	Deprecated
TGSearchSampleDispositionsForHash	Deprecated
Threat Response v2 - Create Casebook	Threat Response - Create Casebook
Threat Response v2 - Create Incident	Threat Response - Create Incident
Threat Response v2 - Create Relationship	Threat Response - Create Relationship
Threat Response v2 - Create Sighting	Threat Response - Create Sighting
Threat Response v2 - Deliberate Observable	Threat Response - Deliberate Observable
Threat Response v2 - Enrich Observable	Threat Response - Enrich Observable
Threat Response v2 - Generate Access Token	Threat Response - Generate Access Token
Threat Response v2 - Inspect for Observables	Threat Response - Inspect for Observables
Threat Response v2 - List Response Actions	Threat Response - List Response Actions
Threat Response v2 - Trigger Response Action	Threat Response - Trigger Response Action
Umbrella - Management V1 - Add Record to Destination List	Umbrella - Management - Add Record to Destination List
Umbrella - Management V1 - Get Destination List Entries	Umbrella - Management - Get Destination List Entries
Umbrella - Management V1 - Get Destination Lists	Umbrella - Management - Get Destination Lists
Umbrella - Management V1 - Get Organizations	Umbrella - Management - Get Organizations
Umbrella - Management V1 - Remove Destination from List	Umbrella - Management - Remove Record from Destination List
Umbrella - Reporting V1 - Get Security Activity Report	Umbrella - Reporting - Get Security Activity Report