Welcome

Setup and Deploy an Orchestrator

Plugin Development

Troubleshoot

Release Notes

Support

Community

Plugin Updates

11.09.2020

New Plugins

Cisco Umbrella Reporting - 1.0.0 - This plugin utilizes Cisco Umbrella to get the most complete view of the relationships and evolution of internet domains, IP addresses, and autonomous systems to pinpoint attackers infrastructures and predict future threats.

New Plugin Features

Okta - 3.5.0 - New action Update Blacklist Zones
Rapid7 InsightIDR - 1.3.0 - New action Get Query Results, Change default value in the size input parameter to 1000 in List Investigations action
PagerDuty - 2.1.0 - New action Get On Call
Microsoft Teams - 3.1.0 - New actions Add Group Owner and Add Member to Channel, Update to make words and first_word required values in the message custom type, Fix import error in New Message Received trigger
Datetime - 2.2.0 - New action Get Future Time

Updated Plugins

Rapid7 InsightVM - 4.7.1 - Update Get Asset Vulnerabilities with new input and output, Code refactor and bug fixes
Crowdstrike Falcon - 2.2.1 - Update connection and actions to use PluginExceptions and ConnectionExceptions
Recorded Future - 4.0.1 - Remove fields input in Lookup Domain, Lookup Hash, Lookup IP Address and Lookup URL actions - all fields will now be returned, Update to request headers to add plugin information, Improve connection error messaging
Trend Micro Apex - 4.0.0 - Change action title from "Add File to UDSO" to "Blacklist File", Change input name Notes to Description in Blacklist File action
Active Directory LDAP - 4.0.3 - Fix issue with connection documentation incorrectly stating a protocol prefix is required
Dig - 2.0.0 - Rename Dig plugin to DNS
Microsoft SCCM - 2.0.9 - Fix issue where SCCM cannot find Site

10.19.2020

New Plugin Features

Recorded Future - 3.1.1 - New trigger Get New Alerts, Fix issue where Lookup Alert was returning a generic object
Cisco Umbrella Investigate - 3.1.0 - New actions Passive DNS and Timeline
Zscaler - 1.2.0 - New action Get Sandbox Report for Hash

Updated Plugins

Rapid7 InsightVM - 4.6.0 - Update to Asset Search action to allow search result limiting and sorting, Update Get Asset Vulnerabilities with new output, Fix issue with RequestParams object set function
Microsoft Defender ATP - 4.5.1 - Add docs_url to plugin spec with link to plugin setup guide
Storage - 1.0.1 - New spec and help.md format for the Extension Library
Cisco ThreatGrid - 2.0.0 - Fix issue where Search for Sample by Domain would fail, Removed Search for Sample by ID, Update to Search for Sample Report by SHA256 to only return one output object
Cylance PROTECT - 1.5.1 - Bug fixes in Delete Asset, hostname whitelisting, and IP address inputs
Active Directory LDAP - 4.0.2 - Fix issue where some host names were being incorrectly parsed
Microsoft Teams - 2.3.1 - Added words to message output type. This allows for easier use of parameters in Teams trigger messages, Fix issue where the New Message Received trigger could crash on an HTML message
Microsoft InTune - 1.2.2 - Add docs_url to plugin spec with link to plugin setup guide

10.05.2020

New Plugin Features

Type Converter - 1.6.0 - New action Combine Arrays
Recorded Future - 2.2.0 - New actions Lookup Alert, Search URLs, Download URL Risk List and List URL Risk Rules, Update Recorded Future logo, Allow both upper and lowercase CVE in Lookup Vulnerability action
Crowdstrike Falcon - 2.2.0 - New actions Get Incident Info, Quarantine, New trigger Get New Incidents,Change output type in Get Detection Information action
ServiceNow - 4.1.0 - Add trigger Incident Created
Microsoft Office365 Email - 5.0.0 - Update Send Email action to allow multiple attachments and recipient

Updated Plugins

Microsoft SCCM - 2.0.8 - Mark Name output variable optional in Get Software Updates action
Domaintools Phisheye - 1.0.1 - Add 0 parameter to Days Back input in Domain List action to get current day results
Datetime - 2.1.1 - Update to latest plugin runtime with support for gevent worker class
Zscaler - 1.1.1 - Improve documentation around action inputs
Cisco ASA - 1.4.1 - Fix None check in actions Add Address to Group and Create Address Object
Rapid7 InsightVM - 4.4.3 - Update to error handling and documentation around console URL in connection
SentinelOne - 4.0.0 - Update ID input for Fetch Threats File action to a string
Zscaler - 1.1.2 - Support both domains and URL inputs in the Blacklist URL and Lookup URL actions Active Directory LDAP - 4.0.1 - Fix issue were logging of connection info did not display hostname correctly
Dig - 1.0.7 - Fix bug in safe_parse function, Fix bug when answers in function execute_command is str
Grep - 1.0.4 - Security fix for potential arbitrary code execution, Fix issue where Grep may not find file to run against
Darktrace - 2.0.0 - Fix input 0 for parameters DID, PBID, Min Score and PID in trigger Get Alerts, Create new custom type for trigger Get Alerts, Change type of input parameter Min Score to integer in trigger Get Alerts
VirusTotal - 6.0.4 - Fix issue in IP Address Report action where ASN output is sometimes a string
Microsoft Intune - 1.2.1 - Improve e-mail search in Search Devices action by performing an extended all device search for emailAddress and userPrincipalName when email is not found
Recorded Future - 3.0.0 - Add CPE, Analyst Notes, and Related Entities to Lookup Vulnerability action output, Add input fields to Search Domains, Search Hashes, Search IP Addresses, Search Vulnerabilities, Search Malware and Lookup Malware actions, Add riskRule and riskScore filter criteria to Search Domains, Search Hashes, Search IP Addresses and Search Vulnerabilities actions, Add list and firstSeen filter criteria to Search Malware action, Update description for list parameter in Download IP Addresses Risk List, Download Vulnerability Risk List, Download Domain Risk List and Download Hash Risk List actions

09.14.2020

New Plugins

Darktrace - 1.1.0 - Initial plugin, New trigger Pull Alerts. Automate the management of watched domains and alerting using the Darktrace plugin.
Zscaler - 1.1.0 - Initial plugin, New action Blacklist URL. Zscaler is a SaaS security platform that provides fast, secure connections between client applications, regardless of device, location, or network.

New Plugin Features

Cisco Firepower Management Center - 1.2.0 - New actions Create Address Object, Delete Address Object, Check If Address in Group, Add Address to Group, Remove Address from Group
Crowdstrike Falcon - 1.6.0 - New actions Get Agent Details, Blacklist IOC
Rapid7 InsightVM - 4.4.0 - New actions Get Expiring Vulnerability Exceptions, Update Vulnerability Exception Expiration Date
Active Directory LDAP - 4.0.0 - New action Modify Object, Rename Modify Groups action to 'Add or Remove an Object from Group', Fix issue where non-ASCII characters were not being escaped
Cylance PROTECT - 1.5.0 - New action Delete Asset, Rework utility function
SentinelOne - 3.1.0 - Add new action Fetch Threats File
Microsoft Windows Defender ATP - 4.5.0 - Add new action Get Missing Software Updates

Updated Plugins

Dig - 1.0.6 - Upgrade to latest Python plugin runtime, Define cloud_ready in spec
Azure AD Admin - 2.2.3 - Fix issue where Get User Info occasionally fails with an SSL error in secondary call for user status
URL Screenshot - 1.0.1 - Change icon/extension image, update doc with example
Palo Alto Firewall - 6.0.3 - Fix issue where Set Network Object did not support IPv6, Add Input and Output examples
Microsoft SQL - 1.0.2 - Fix Query action to support insert and update
Microsoft Office 365 Email - 4.1.7 - Allow Move Email action to address folder by GUID, Improve error handling
Gmail - 6.0.3 - Fix parsing emails
Whois - 3.0.0 - Upgrade to latest Python plugin runtime, Define cloud_ready in spec, Add input registrar for manual server selection to Address Lookup action
Rapid7 InsightVM - 4.4.2 - Add improved error handling for List Inactive Assets action, Fix issue where Update Site Included Targets could throw exception

08.31.2020

New Plugins

Ivanti Service Manager - 1.0.0 - Initial plugin. Ivanti Service Manager is a flexible and complete cloud-optimized, easily scalable and adaptable ITSM solution used for managing and automating ITSM processes.
Screenshot URL - 1.0.0 - Initial Plugin, screenshot a URL from the Orchestrator.

New Plugin Features

Rapid7 InsightVM - 4.1.0 - New action Delete Asset
Datetime - 2.1.0 - New actions To UTC and To Localtime
Rapid7 Insight VM - 4.2.0 - New action List Inactive Assets
Cisco ASA - 1.4.0 - Add new action Create Address Object

Updated Plugins

SentinelOne - 3.0.0 - Update help.md for the Extension Library, Update title in action Blacklist by IOC Hash, Get Activities, Count Summary and Connect to Network
Base64 - 1.1.6 - Update to v4 Python plugin runtime
Rapid7 Insight Agent - 1.0.1 - Documentation update
Storage - 1.0.1 - New spec and help.md format for the Extension Library
Recorded Future - 2.0.0 - Add risk output to Lookup Vulnerability
Microsoft SCCM - 2.0.7 - Fix logger undefined error in action Get Software Updates
Unshorten - 1.0.5 - Update to v4 Python plugin runtime
Hashit - 2.0.4 - Update to v4 Python plugin runtime
String - 1.3.1 - Update to v4 Python plugin runtime
Rapid7 InsightVM - 4.2.1 - Fix to make Create Asset Group description required
Cisco Umbrella Investigate - 3.0.0 - Add action input and output examples to documentation, Set title in action input and output sections in schema, Update domain name in investigate.py, Improve error handling, Change action input names to lowercase in action Latest Malicious Domains by IP, DNS RR History for IP Address and Samples by Domain
Microsoft Windows Defender ATP - 4.4.1 - Add validation MD5 hash in Blacklist action, Set default value for Title, Expiration Time and Description input in action Blacklist
Microsoft Teams - 2.2.1 - Automatically extract UUIDs in the New Message Received trigger
Palo Alto Firewall - 6.0.1 - Improve error handling in pa_os_request.py
Splunk - 3.0.3 - Add search_timeframe input to Search action

08.17.2020

New Plugins

Cisco ASA - 1.2.0 - Initial plugin, New actions Remove Address from Group, Delete Address Object. Cisco Adaptive Security Appliances deliver enterprise-class firewall capabilities and the Cisco ASA plugin allows you to automate the management of network objects for ASA appliances.
SonicWall Capture Client - 1.0.0 - Initial plugin, SonicWall Capture Client is a unified client platform that delivers multiple endpoint protection capabilities, including next-generation malware protection and application vulnerability intelligence.
File Info - 1.0.0 - Initial plugin, return basic information about a file including its size and file type.

New Plugin Features

Microsoft Windows Defender ATP - 4.4.0 - New action Get Security Recommendations
Rapid7 InsightIDR - 1.2.0 - New Action Assign User to Investigation
JSON Edit - 1.1.0 - New action Add Key to Object
Type Converter - 1.6.0 - New action Combine Arrays
Cisco ASA - 1.3.0 - New action Add Address to Group
Sophos Central - 4.3.0 - New action Check Tamper Protection Status

Updated Plugins

SentinelOne - 2.1.0 - Add agent_active field to input in action Search Agents
SentinelOne - 2.1.1 - Upgrade trigger Get Threats to only return threats since trigger start
Rapid7 AttackerKB - 1.0.1 - API changed for AttackerKb, add new metadata output type for Get Vulnerability and Search Vulnerabilities actions
Proofpoint TAP - 1.0.7 - Update to use the insightconnect-python-3-38-slim-plugin:4Docker image, Update plugin.spec.yaml to include cloud_ready
Proofpoint URL Defense - 1.2.1 - Update to use the insightconnect-python-3-38-slim-plugin:4Docker image, Update plugin.spec.yaml to include cloud_ready
Team Cymru MHR - 1.1.1 - Fix socket error in API

08.03.2020

New Plugins

Rapid7 Insight Agent - 1.0.0 - Initial plugin. The Insight Agent collects live system information, easily centralizing and monitoring data on the Insight platform. Using the Insight Agent plugin from InsightConnect, you can quarantine, unquarantine and monitor potentially malicious IPs, addresses, hostnames, and devices across your organization. The agent is used by Rapid7 InsightIDR and InsightVM customers to monitor endpoints.

New Plugin Features

CylancePROTECT - 1.4.0 - New actions Search Agents, Update Agent Threat, Update Agent
Sophos Central - 4.2.0 - New actions Blacklist, Antivirus Scan, Get Agent Details, rewrite in Python 3
Microsoft Windows Defender ATP - 4.3.0 - New actions Find Machines with Installed Software, Blacklist, Get Machine Vulnerabilities

Updated Plugins

Jira - 6.0.2 - Fix in Comment Issue action where the Python module attributes were logged, Remove duplicate ConnectionTestException call from Connection Test
Threatcrowd - 3.0.0 - Update to use the insightconnect-python-3-38-plugin:4 Docker image, Improve error handling, Changed Exception to PluginException, Update actions to return appropriate JSON, Move test from actions to connection, Update plugin.spec.yaml to include cloud_ready, Use input and output constants, Add example input and output, Added "f" strings, Rename search_hash input in Hash Lookup action to hash
Microsoft Windows Defender ATP - 3.0.0 - Move connection functions to their own util class, Changed Exception to PluginException, Added error handling around "Action already in progress" state in Isolate Machine, Unisolate Machine, Stop and Quarantine File, and Run Antivirus Scan actions, Rename machine_id to machine in machine-related actions to support hostnames and IP addresses in addition to machine IDs
Microsoft Windows Defender ATP - 4.0.0 - Add custom type to output in action Get Machine Information
Threat Stack - 2.0.0 - Use ThreatStack API v2, Fix all actions, Type action outputs
SentinelOne - 2.0.0 - Upgrade trigger input Agent is Active to default true
Misp - 5.0.0 - New fields added to Search Events action for values, category and type_attribute
Jira - 6.0.3 - Add docs_url to plugin spec with link to plugin setup guide
Any.Run - 1.1.0 - Allow user agent input when using URL type in Run Analysis action
Microsoft Office 365 Email - 4.1.6 - Fix issue where some email addresses would not parse properly, Fix issue where a lot of requests could cause a "Max Retries Exceeded" exception
Microsoft Teams - 2.1.0 - Update Send Message and Send HTML Message actions to accept thread_id input to support threaded replies, Update New Message Received trigger to output team and channel names so they can be passed into subsequent steps
Team Cymru MHR - 1.1.0 - Update to v3 Python plugin architecture, Update to use the rapid7/insightconnect-python-3-38-slim-plugin:4 Docker image, Add found output variable to Lookup Hash and Lookup File actions as an easy way to indicate if malware was found
Basename - 1.0.2 - Update to use the insightconnect-python-3-38-slim-plugin:4Docker image, Update plugin.spec.yaml to include cloud_ready
Microsoft Office 365 ATP Safelinks - 1.1.2 - Update to use the insightconnect-python-3-38-slim-plugin:4Docker image, Update plugin.spec.yaml to include cloud_ready
Type Converter - 1.5.2 - Rewrite plugin in Python 3, Configure as Cloud Plugin
Microsoft Teams - 2.2.0 - Extract and return command security and network indicators in the New Message Received trigger
Gmail - 6.0.2 - Fix issue where all headers were not returned if headers were poorly formatted
Basename - 1.1.0 - Add missing title in action Basename, Use input and output constants, Add example input and output, Changed Exception to PluginException, Added "f" strings
JSON - 1.1.5 - Update status field to 'obsolete'

07.20.2020

New Plugins

Palo Alto MindMeld - 1.0.0 - Initial plugin, Palo Alto MineMeld is an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence.

New Plugin Features

McAfee ePO - 4.0.0 - New actions Get Policies, Wake Up, Rename Tag a System action to Assign Tags
CylancePROTECT - 1.2.0 - New actions Search Threats, Get Devices Affected by Threat, Quarantine
Ivanti Security Controls - 1.5.0 - New action Update Patch Group
Sonicwall - 1.3.0 - New action Remove Address from Group

Updated Plugins

McAfee ePO - 2.0.0 - Update to use the insightconnect-python-3-38-plugin:4 Docker image, Use input and output constants, Add example inputs, Changed Exception to PluginException, Added "f" strings, Move test from actions to connection, Update and rename System Information action to Search Agents
Fortinet Fortigate - 4.0.4 - Improve error messaging around HTTP 401 status codes to indicate that the InsightConnect orchestrator IP address not being in the trusted host list may be the cause
McAfee ePO - 5.0.0 - Update action Clear Tags, Update action Assign Tags
Carbon Black Cloud - 1.0.2 - Updated branding
Carbon Black Live Response - 1.0.3 - Updated extension title and logo
Fortinet Fortigate - 5.0.0 - Improve input handling to allow IPs, CIDRs, and subnet masks in actions, Fix output of Get Address Objects action to return usable data, Update Get Address Objects action to allow for additional search parameters
Cisco AMP for Endpoints - 3.0.0 - Update action Get Computers, Fix pagination bug in action Get Computers
Datetime - 2.0.6 - Update to v4 Python plugin runtime
CSV - 1.1.6 - Update to v4 Python plugin runtime
Base64 - 1.1.6 - Update to v4 Python plugin runtime
HTML - 1.2.2 - Update to v4 Python plugin runtime

07.06.2020

New Plugins

CylancePROTECT - 1.0.0 - Initial plugin, New action Blacklist. The BlackBerry CylancePROTECT plugin allows you to automate response operations for CylancePROTECT and CylanceOPTICS.
SonicWall - 1.0.0 - Initial plugin, SonicWall next-generation firewalls (NGFW) provide the security, control and visibility you need to maintain an effective cybersecurity posture. Manage your firewalls and block malicious hosts through this plugin.
Zoom - 1.0.0 - Initial plugin, Zoom is a cloud platform for video and audio conferencing, chat, and webinars. The Zoom plugin allows you to add and remove users as part of of workflow, while also providing the ability to trigger workflows on new user sign-in and sign-out activity events.

New Plugin Features

SentinelOne - 1.4.0 - New actions Quarantine, Get Agent Details, Search Agents
Ivanti Security Controls - 1.4.0 New actions Get Patch Deployment Template ID, Start Patch Deployment

Updated Plugins

Okta - 3.4.2 - Fix issue where Monitor User Groups trigger would erroneously detect logins as an addition/removal of a group member
Whois - 2.0.2 - Fix issue where com.br style domains could crash the plugin
Mimecast - 4.1.1 - Fix bug where the connection test would sometimes pass even with invalid credentials
Bigfix -7.0.0 - Rebrand plugin, Fix issue with Fetch Relevant Fixtlets to remove duplicates from result set
OTRS - 5.0.1 - Update dependency to PyOTRS 0.9 for authorization bug PyOTRS issue 27
Okta - 3.4.3 - Fix issue where trigger did not return empty arrays when users were removed or added to group
Trend Micro Apex - 2.0.0 - Update action Execute Agent Action to Quarantine
Jira - 6.0.1 - Update documentation to include supported Jira products

06.01.2020

New Plugin Features

Trend Micro Apex - 1.1.0 - New actions Get Agent Status, Search Agents, List OpenIOC Files, Download the RCA CSV File, Upload OpenIOC File, Delete OpenIOC File, Download OpenIOC File, Get Investigation, Terminate Process, and Execute Agent Action
Ivanti Security Controls - 1.2.0 - New actions Get Patch Deployment, Get Patch Details and Search
Markdown - 3.1.0 - New action: Markdown to TXT
Fortinet Fortigate - 3.0.0 - New action Remove Address Object from Group
Rapid7 InsightVM - 3.6.0 - New action Get Asset Group Assets
Checkpoint NGFW - 2.0.0 - New actions Check if Address in Group, Remove Address Object from Group, Rename "Add Host" action to "Create Address Object" and add whitelist support, Move "Discard Sessions" input from individual actions to connection
SentinelOne - 1.3.0 - New action Blacklist

Updated Plugins

SSH - 4.0.0 - Upgrade the plugin runtime to komand/python-3-37-plugin, Change the SSH key credential type to credential_secret_key to skip PEM validation in the product UI
URLScan.io - 2.1.7 - Add missing outputs to Get Scan Results action
SentinelOne - 1.2.1 - Update to use the komand/python-3-37-slim-plugin Docker image to reduce plugin size
Fortinet Fortigate - Update Create Address Object action to accept a RFC1918 whitelist, Add enable_search functionality to Check if Address in Group action
Carbon Black Response - Pin to latest version of cbapi (1.6.2) to fix broken isolate() function
Checkpoint NGFW - 2.0.1 - Revise Create Address Object action output
Microsoft Teams - 2.0.4 - Add docs_url to plugin spec with link to plugin setup guide, Fix issue where a message that only had an image in it could break the 'New Message Received' trigger
Microsoft Exchange - 6.1.1 - Add docs_url to plugin spec with link to plugin setup guide
Microsoft Office365 Email - 4.1.4 - Fix instance where headers could use the wrong variable names in output
Microsoft SCCM - 2.0.6 - Add docs_url to plugin spec with link to plugin setup guide
SentinelOne - 1.2.2 - Update error message in Connection
Okta - 3.4.1 - Fix issue where Monitor User Groups trigger would continually detect the same new group addition

05.18.2020

New Plugin Features

Fortinet Fortigate - 1.1.0 - New Action Check if IP is in Address Group
Trend Micro Deep Discovery - 2.2.0 - Add new action Search Computers to receive a list and details of computers matching the search criteria
Microsoft Exchange - 6.1.0 - New action Send Email, Fix bug where impersonation could fail
Palo Alto Firewall - 5.1.1 - New actions Add Address Object to Group, Get Policy, Check if Address in Group, Remove Address Object from Group, Update to Check if Address in Group to match input of Remove Address Object from Group, Change plugin title to "Palo Alto Firewall" from "Palo Alto PAN-OS" and update remaining references, Fix issue where IPv6 address were not supported
Ivanti Security Controls - 1.1.0 - New actions Start Patch Scan, Get Patch Scan Status and Get Scanned Machine Details

Updated Plugins

Markdown - 3.0.0 - Update Markdown to HTML and Markdown to PDF action titles and descriptions
Proofpoint TAP - 1.0.6 - Added optional output fields threat_id and message_id, Parsing out GUID of the message into the output type
SSH - 3.0.1 - Updated Input username to string type, Update connection username from credential_secret_key to string, Fixed issue obtaining username in connection
McAfee ePO - 1.0.2 - Fix issue with wrong type in action System Information
Rapid7 InsightVM - 4.0.1 - Add the option to limit a scan to specific hosts

04.27.2020

New Plugins

Any.Run - 1.0.0 - Initial plugin. Any.Run is a cloud-based malware analysis service. Automate analyzing suspicious and malicious activities using this plugin.
Ivanti Security Controls - 1.0.0 - Initial plugin. Ivanti Security Controls is a unified IT management platform used for managing and protecting through Patch Management, Application Control, and Asset Inventory functionality.

New Plugin Features

Azure AD Admin - 2.2.0 - New actions Add User to Groups By IDs, Revoke Sign-In Sessions
Google Docs - 1.1.0 - New action Append Line, Add example inputs
Trend Micro Deep Security - 2.1.0 - New actions Get Details and List to receive assigned IPS rules from computers and policies

Updated Plugins

Gmail - 6.0.0 - Add example inputs, Update titles for style in inputs for Send Email action
Urlscan.io - 2.1.6 - Add default input
Microsoft Teams - 2.0.2 - Fix issue where unexpected HTML messages would not trigger
Azure AD Admin - 2.1.1 - Update incorrect title of user_type to User Type, Return group_id in Add User to Groups By IDs action's error message to improve debugging
Mimecast - 4.1.0 - Update Get TTP URL Logs action to use pagination
Advanced Regex - 1.0.3 - Update to make replace string non-required
Get URL - 2.0.0 - Use input and output constants, Add example inputs, Changed Exception to PluginException, Added "f" strings, Move test from actions to connection, Change in return file key to bytes, Add new input User Agent to Get File action and Poll URL trigger
Microsoft Exchange - 6.0.0 - Improved logging, update to Exchangelib 3.1.1, fix delete attachments action, improved help and troubleshooting

04.06.2020

New Plugins

AttackerKB - 1.0.0 - Initial plugin
DomainTools PhishEye - 1.0.0 - Initial plugin

New Plugin Features

Check Point - 1.2.0 - New action Install Policy
Azure AD Admin - 2.0.0 - New action Update User Info

Updated Plugins

Proofpoint URL Defense - 1.2.0 - Update to URL Decode to add decoded as an output variable
ZenDesk - 2.0.0 - Remove unwanted input fields, add comment field in action Update Ticket, Fix enum fields issue with Create Ticket actio
Microsoft Teams - 2.0.1 - Update to Get Teams action to support more than 20 teams
Check Point SandBlast - 1.0.2 - Fix branding
Foremost 1.0.2 - Use input and output constants, Change docker image from komand/python-3-plugin:2 to komand/python-3-37-plugin:3 to reduce plugin image size, Use input and output constants, Added "f" strings, Changed Exception to PluginException, Change "/tmp" to tempfile.gettempdir()
AbuseIPDB - 5.0.3 - Add example inputs
Palo Alto Wildfire - 1.1.2 - Fix bug where output doesn't match schema in Get Verdict action, Add improved error messaging in Submit URL action, Add example input
Base64 - 1.1.4 - Add example inputs
Whois - 2.0.1 - Add example inputs, Fix capitalization in the title of the last_updated output, Update to v4 Python plugin runtime
oe Sandbox - Add example inputs
VirusTotal - 6.0.2 - Add example inputs
Checkpoint NGFW - 1.3.0 - Update to add install options to Install Policy
Rapid7 VulnDB - 2.0.3 - Update to v4 Python plugin runtime, Add example inputs
Unshorten.me - 1.0.4 - Add example inputs
Urlscan.io - 2.1.5 - Add example inputs
Dig - 1.0.5 - Update to v4 Python plugin runtime
Rapid7 InsightAppSec - 1.0.2 - Update to v4 Python plugin runtime, Add example inputs
VMRay - 5.0.1 - Add example inputs
IPStack - 2.0.0 - Add example inputs, Updated Docker version, Connection input updated to secretKey
VirusTotal - 6.0.3 - Update example inputs for style convention, Add example output for Domain Report
VirusTotal Yara - 1.1.2 - Add example inputs
CheckDMARC - 2.1.3 - Add example inputs
Cymru Malware Hash - 1.0.4 - Add example inputs
ServiceNow - 4.0.0 - Return number output on Create Incident action
Microsoft ATP Safe Links - 1.1.1 - Fix issue where decoded output wasn't returned
Mimecast - 4.0.1 - Add example inputs
Jira - 5.0.0 - Fix user enumeration in Find Users, Add example input, Update titles of Attachment Filename input in Attach Issue action and Poll Timeout input in New Issue trigger to match style
Recorded Future -1.5.5 - dd example inputs, Fix schema bug where criticality output was improperly defined as an integer in List Domain Risk Rules, List Hash Risk Rules, List IP Addresses Risk Rules and List Vulnerability Risk Rules actions, Fix NoneType has no len(), Fix enums in search hashes

03.23.2020

New Plugins

Fortinet Fortigate - 1.0.0 - Initial plugin
Trend Micro Apex - 1.0.0 - Initial Plugin

New Plugin Features

Git - 1.1.1 - New action Get File
Checkpoint NGFW - 1.1.0 - New action Add Host to Network Group
Okta - 3.4.0 - New trigger Monitor User Groups
Checkpoint NGFW - 1.1.0 - New action Add Host to Network Group
Math - 1.2.0 - New action Max

Updated Plugins

Rapid7 VulnDB - 2.0.1 - Add identifier field to the Search Database action
Rapid7 VulnDB - 2.0.2 - Implement workaround for VulnDB API bug in Get Content action where the severity datatype response differs based on the action input
ExtractIt - 2.0.0 - URL Extractor action no longer falsely identifies email addresses
EML - 1.1.3 - * 1.1.3 - Use input and output constants, Remove unused variables, Improved variable name readability, Updated Exception to PluginException
ChaosReader - 1.0.4 - Fix set options to exclude, Upgrade code to new version of chaos reader
Checkdmark - 2.1.2 - Changed description in action check_domains_alternate_nameservers, Fix typo in word nameservers to name_servers, Changed email addresses to user@example.com
VirusTotal - 6.0.1 - Add response code to Lookup Hash action
Hashit - 2.0.3 - Change docker image from komand/python-pypy3-plugin:2 to komand/python-3-37-slim-plugin:3 to reduce plugin image size, Use input and output constants, Remove test from actions
CEF - 2.0.0 - Changed ValueError to PluginException, Use input and output constants, Added "f" strings, Move test from action to connection, Change docker image from komand/python-pypy3-plugin:2 to komand/python-3-37-slim-plugin:3
Proofpoint URL Defense - 1.1.0 - Update to URL Decode action to add support for v3 links
Microsoft Teams - 2.0.0 - Fix issue where send message would not work if there were too many teams, Removed regex capability for team and channel inputs which will speed up Send Message and Send HTML Message actions
CrowdStrike Falcon - 1.4.4 - Fix for filter input in Search for Devices action causing a crash, Add example inputs for connection
Jenkins - 1.1.2 - Update connection test Microsoft ATP Safe Links** - 1.1.0 - Fixed issue where embedded URLs returned blank string
AbuseIPDB - 5.0.2 - Changed descriptions, Removed duplicated code, Use output constants, Added "f" strings
Dig - 1.0.4 - Add example inputs

03.09.2020

New Plugins

CheckPoint NGFW - 1.0.0 - Initial plugin

Updated Plugins

Microsoft O365 ATP Safelinks - 1.0.3 - Fixes issue where certain non-safe links returned a blank string
AWS SQS - 1.0.2 (Same version, help revision) - Update to better explain how message attributes work
Palo Alto Pan OS - 1.5.6 - * 1.5.6 - Fix issue where edit action was causing an error with certain input
Rapid7 VulnDB - 2.0.0 - Utilize VulnDB API
Joe Sandbox - 1.0.2 - Fix misspelling in error message, Remove generic “automation” keyword
Orchestrator Ping - 1.1.6 - Port to Python

02.17.2020

New Plugins

Trend Micro Deep Security - 1.0.0 - Trend Micro Deep Security is an endpoint protection software with multiple modules such as Anti-Virus, Intrusion Prevention (Virtual Patching), Integrity Monitoring and more.

New Plugin Features

Rapid7 InsightVM - 3.6.0 - New Actions Get Asset, Group Assets
Office 365 Admin - 1.4.0 - New action Lookup User By Email
Okta - 3.3.0 - New actions Get Factors and Send Push
Microsoft Exchange - 3.3.0 - New action Lookup User by Email
Microsoft Office365 Email - 4.1.0 Added folder modified trigger, Added capability to explicitly specify folder GUID in the New Message Received trigger folder name field which allows any folder to be monitored

Updated Plugins

Tenable IO - 1.0.2 - Additional help.md edits for Hub
TCP Dump - 1.1.0 - Updated spec and help.md format for the Hub, spec description changes
Shattered - 1.0.2 - Fix issue in spec description
Red Canary - 2.1.6 - Vendored dependencies
BigFix - 6.0.0 bug fix with fetch relevant fixlets
Sophos Central - 2.0.0 - Update type for Invalidated to date
IMAP - 2.1.5 - Update Dockerfile dependencies
UUID - 2.0.0 - Add missing action's title in spec file
VirusTotal - 6.0.0 - Update spec file titles and descriptions for AcronymValidator to pass
CSV - 1.1.5 - Reduced docker image size
Dig - 1.0.3 - Reduced docker image size
Splunk - 3.0.2 - Fix issue with typos in help.md and plugin description=

01.20.2020

New Plugin Features

Cisco Amp for Endpoints - 1.1.0 - New action Get Activity
Microsoft Teams - 1.3.0 - New action Send Message by GUID
Office 365 Admin - 1.4.0 - New action Lookup User By Email
Anomali Threatstream - 3.1.0 - Add new actions Submit File, Submit URL and Get Sandbox Report

Updated Plugins

Proofpoint TAP - 1.0.5 - Added “threat details url” value in Threat section of output
Active Directory LDAP - 3.2.8 - Fix issue were adding objects to containers might fail
Dirname - 1.0.3 - Update to use the komand/python-3-37-slim-plugin:3 Docker image, Changed description in action output, Changed Exception to PluginException, Use output constants
Abuseipdb - 5.0.2 - 5.0.2 - Changed descriptions, Removed duplicated code, Use output constants, Added "f" strings
Threatq - 1.0.2 - Fix issue with dependency
URL Scan - 2.1.4 - Use input and output constants, Added "f" strings
Shattered - 1.1.3 - Update help documentation and plugin spec tags
Whois - 1.0.7 - Upgrade komand/python-whois version to 0.4.2, Update whois.conf to support .in domains
Trello - 3.0.0 - Update spec titles and descriptions for AcronymValidator to pass
Open DXL 1.1.3 - Update help documentation and plugin spec tags
IPIntel - Obsolete

11.25.2019

New Plugin Features

Mimecast - 3.1.0 - New actions Delete Managed URL and Delete Group Member
Rapid7 InsightVM - 3.5.0 - New Actions Get Vulnerability Details, Create Vulnerability Exception Submission, Delete Vulnerability Exception, Review Vulnerability Exception, New Trigger New Vulnerability Exception Activity
Microsoft Teams - 1.2.0 - New actions Add Member to Team, Remove Member from Team, Create Teams Enabled Group, Delete Team, Add Channel to Team, and Remove Channel from Team
SentinelOne - 1.2.0 New actions activities_list, activities_types, agents_abort_scan, agents_connect, agents_decommission, agents_disconnect, agents_fetch_logs, agents_initiate, agents_processes, agents_reload, agents_restart, agents_shutdown, agents_summary, agents_uninstall, apps_by_agent_ids, name_available

Updated Plugins

SSH - 1.0.2 - Fixed issue where Run was excluded
Ping - 1.0.2 - Bug fix to correct regex's search pattern
Active Directory LDAP - 3.2.6 - Update help to document supported Windows Server versions
HTML - 1.2.0 - Update to add the Remove Scripts option to Text
Microsoft Teams - 1.2.1 - Fix issue where New Message Received trigger could receive an unauthorized error after sustained use
Microsoft Teams - 1.2.2 - Fix issue where regular expressions would only match at the beginning of a string
SSH - 2.0.0 - Update Run action output to return 3 output fields i.e. stderr, stdout, and all_output
Rapid7 InsightVM - 3.5.2 - Fix bug in New Vulnerability Exception Activity

10.28.2019

New Plugins

Pushover - 1.0.0 - Pushover is a simple push notification service that integrates easily into web apps like IFTTT, network monitors like Nagios, shell scripts, servers, and anything else that needs to send alerts to your Android, iPhone, iPad, and Desktop. The Pushover plugin allows you to send Pushover notifications.
Microsoft Teams - 1.0.0 - The Microsoft Teams plugin allows you to send and trigger workflows on new messages. The plugin will also allow for teams management with the ability to add and remove teams, channels, and users. This plugin uses the Microsoft Teams API to interact with Microsoft Teams.
AWS Workspaces - 1.0.0 - This plugin utilizes AWS WorkSpaces to create workspaces. Amazon WorkSpaces is a fully managed desktop computing service in the cloud that allows its customers to provide cloud-based desktops to their end-users. Can be utilized for bring your own device policies and product testing.
Advanced Regex - 1.0.0 - The Advanced Regex plugin is used to extract or manipulate targeted text using regular expressions operations on a string using Python specific regex.

New Plugin Features

Microsoft Teams - 1.1.0 - New trigger New Message Received, New action Send HTML Message
BMC Remedy ITSM - 1.6.0 - New action Assign Incident
Anomali ThreatStream - 3.0.0 - New action Get Observables, Rename action Add Approval Indicator to Import Observable, Add connection test
Office365 Admin - 1.2.0 - New actions Get Subscribed SKUs and Assign License

Updated Plugins

Cisco Umbrella Investigate - 1.0.2 - Added change allowing categorization to work with a Tier1 API key by utilizing the single domain API endpoint instead of the bulk API endpoint when a single-element array of domains is passed in
Microsoft Teams - 1.0.1 - Fix issue where improper exception could be raised
Microsoft Office365 Admin - 1.2.1 - Fix issue where Input was undefined in Add and Delete User actions, Add office location to add user action
Active Directory LDAP - 3.2.5 - Clean connection test output

10.14.2019

New Plugins

Jamf - 1.0.0 - Jamf Pro is a comprehensive management system for Apple macOS computers and iOS devices. This plugin uses the Jamf Pro API to get and manage user and device information.

New Plugin Features

Jamf - 1.1.0 - New action to get user location details by device ID
ServiceNow - 3.1.0 - New action Get Incident Comments and Work Notes

Updated Plugins

Microsoft Office365 Email - 4.0.1 - Fix issue where Email would break up URLs with quoted-printable characters
Google Web Risk - 2.0.0 - New inputs for lookup action
Palo Alto Wildfire - 1.1.0 - Fixed issue where unsupported file types failed, Update to add supported_file to filedata type
Google Safe Browsing - 2.0.0 - Obsolete
Google Web Risk - 2.0.0 - New inputs for lookup action
Cisco Umbrella Investigate - 1.0.1 - Add connection test, Fix where connection was returning "Wrong api_key" on valid keys, Run plugin as least privileged user, Update to use the komand/python-3-slim-plugin Docker image to reduce plugin size
Cisco ThreatGrid - 1.2.1 - Bug fix for action Get Sample Analysis
Mimecast - 3.0.0 - Add URL in Get TTP URL Logs action to filter output, Update connection settings to the proper authentication supported by the Mimecast API

09.23.2019

New Plugins

Storage - 1.0.0 - Initial plugin
Azure AD Admi - 1.0.0 - Performs administrative tasks in Azure AD
Google Web Risk - 1.0.0 - Checks URLs against the Google Web Risk service. Use the InsightConnect plugin to automatically evaluate suspicious URLs and take action when you find them.

New Plugin Features

Type Converter - 1.5.0 - New action Array to String
Azure AD Admin - 1.3.0 - New actions Force User to Change Password, Create User
Microsoft Office365 Email Security - 2.2.0 - New action Message Trace

Updated Plugins

Splunk - 3.0.0 - Remove Komand-specific Alert trigger, Fix invalid output properties, Numerous typographical fixes, Improve error handling, Smaller plugin size due to slim SDK migration, New connection test code ()
Recorded Future - 1.5.2 - Fix issue where timestamp for evidenceDetails was set to integer, timestamp is now expected as datetime from RecordedFuture
Jira - 3.2.1 - Update Get Issue, Find Issues and New Issue action to support a Get Attachments option
AbuseIPDB - 5.0.0 - Mark certain outputs as optional as they are not always returned by the AbuseIPDB service, Clean output of null values

09.09.2019

New Plugin Features

AbuseIPDB - 4.0.0 - Update to APIv2, new action Get Blacklist
HTML - 1.1.0 - New action Text

Updated Plugins

Microsoft Office365 Email Security - 2.1.0 - Add user email address array to Search action
VirusTotal - 5.0.0 - Remove infinite retry capability from connection due to job deadlocking that it caused, Update connection test to no longer use retries, Add VirusTotal API key notice to plugin documentation
Microsoft Office365 Email - 4.0.1 - Fix issue where Email would break up URLs with quoted-printable characters
Powershell - 2.1.0 - Add functionality to allow CredSSP connections
Jira - 3.1.2 - Update Create Issue action to remove newlines from summaries
Box - 2.2.1 - Fix issue where a misleading error message could be given in the log
Microsoft ATP SafeLinks - 1.0.1 - Fixed issue where non-safelinks returned a blank string
Proofpoint TAP - 1.0.3 - Fixed issue where headers were occasionally parsed improperly
Recorded Future - 1.5.1 - Fix issue where parameter timestamp in evidenceDetails was set as a string in Lookup IP Address action, timestamp is now an integer
AbuseIPDB - 4.0.1 - Transform null value of various output properties of Check IP action to false or empty string

08.26.2019

New Plugins

Kintone - 1.0.1 - Custom workflows and data management for businesses and non-profits in one place
Chardet - 1.0.0 - Python-compatible character encoding detector

Updated Plugins

Microsoft Office365 Email Security - 1.0.1 - fixes and improvements
VirusTotal - 4.0.1 - fixes and improvements
SMTP - 2.0.3 - fixes and improvements
Microsoft Office365 Email - 3.0.0 - fixes and improvements
Recorded Future - 1.4.1 - new action added, fixes and improvements
Mimecast - 2.5.0 - new action added
Github - 2.1.0 - 3 new actions added
Rapid7 InsightIDR - 1.1.0 - new action added
HaveIBeenPwned - 4.0.1 - fixes and improvements
Palo Alto PAN-OS - 1.5.3 - fixes and improvements

07.29.2019

New Plugins

Microsoft Office365 Email Security - 1.0.0 - A collection of utilities related to Office 365 email security tasks

Updated Plugins

Rapid7 InsightVM - 3.4.0 - new trigger added, 6 new actions added, fixes and improvements
ServiceNow - 3.0.0 - 4 new actions added, fixes and improvements
VirusTotal - 4.0.0 - fixes and improvements
Amazon Web Services - 3.1.0 - new action added, fixes and improvements
Cisco ThreatGrid - 1.2.0 - 2 new actions added
Microsoft Office365 Email - 3.0.0 - fixes and improvements
Recorded Future - 1.1.0 - fixes and improvements

07.02.2019

New Plugins

Rapid7 InsightIDR - 1.0.0 - Rapid7 InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster
Cisco ThreatGrid - 1.0.0 - Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware

Updated Plugins

PagerDuty - 2.0.0 - fixes and improvements
HaveIBeenPwned - 3.0.1 - fixes and improvements
Microsoft Office365 Email - 2.3.0 - new trigger added, 6 new actions added, fixes and improvements
Sed - 2.0.1 - fixes and improvements
ExtractIt - 1.1.6 - fixes and improvements
Red Canary - 2.1.4 - fixes and improvements
Box - 2.1.0 - 2 new actions added
Okta - 3.2.0 - new action added
Viper - 2.0.0 - fixes and improvements
Rapid7 InsightVM - 3.3.0 - 5 new actions added, 1 new trigger added
ServiceNow - 3.0.0 - 4 new actions added, fixes and improvements
VirusTotal - 4.0.0 - fixes and improvements

6.03.2019

New Plugins

OpenPhish - 1.0.0 - https://market.komand.com/plugins/rapid7/openphish/1.0.0
CheckDMarc - 2.0.0 - A Python module and command line parser for SPF and DMARC records

Updated Plugins

Microsoft Office 365 Email - 2.0.3 - fixes and improvements
Box - 2.0.3 - fixes and improvements
Red Canary - 2.1.2 - fixes and improvements
Carbon Black Protection - 2.1.0 - new action added, fixes and improvements
Gmail - 5.1.3 - new action added, fixes and improvements
HaveIBeenPwned - 3.0.0 - fixes and improvements
ExtractIt - 1.1.4 - fixes and improvements
Jira - 3.1.0 - new action added
Mimecast - 2.4.0 - new action added
LastPass Enterprise - 1.0.1 - fixes and improvements
Github - 2.0.1- fixes and improvements
IBM BigFix - 5.0.0 - fixes and improvements
URLScan - 2.1.1 - fixes and improvements
Cuckoo Sandbox - 1.0.1 - fixes and improvements

4.26.2019

New Plugins

CrowdStrike Falcon - 1.4.0 - A complete cloud-native framework to protect endpoints
FireEye HX - 1.0.0 - FireEye HX is an integrated endpoint solution that detects, prevents and responds effectively to known malware and threats traditional anti-virus endpoint security products miss

Updated Plugins

Mimecast - 2.3.0 - 2 new actions added
Microsoft Exchange - 5.1.0 - new action added

03.28.2019

New Plugins

SentinelOne - 1.1.0 - SentinelOne is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint
Datadog - 1.0.0 - Datadog is a monitoring service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform
Joe Sandbox - 1.0.0 - Joe Sandbox Cloud executes files and URLs fully automated
Proofpoint TAP - 1.0.2 - A plugin for Proofpoint Targeted Attack Protection (TAP)
Hippocampe - 1.0.0 - Hippocampe is a threat feed aggregator, which creates a threat feed memory and allows queries through a REST API or from a Web UI
SMB - 1.0.0 - Server Message Block (SMB) is used for interacting with files on an SMB server

Updated Plugins

IBM BigFix - 3.1.0 - new action added
Cisco ISE - 2.2.0 - new action added
Google Sheets - 1.1.1 - new action added
Python 3 Script - 2.0.0 - added ability to install third-party Python libraries
OTRS - 4.0.0 - performance fixes
TheHive - 2.0.3 - performance fixes

02.19.2019

New Plugins

** Microsoft Office 365 Email** - 1.2.0 - Microsoft Office 365 email actions and triggers. This supersedes the previous Microsoft Office 365 plugin.
Rapid7 InsightAppSec - 1.0.0 - Application security testing for the modern web
Microsoft Office 365 ATP Safe Links - 1.0.0 - Helps protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents
Salesforce - 1.0.0 - Salesforce is a CRM solution that brings together all customer information in a single, integrated platform that enables building a customer-centred business from marketing right through to sales, customer service and business analysis
NASA - 1.0.0 - Triggers and actions related to NASAs open API

Updated Plugins

Duo Admin API - 3.2.0 - new action added
Rapid7 InsightVM - 3.2.0 - 7 new actions added
Cisco ISE - 2.2.0 - new action added
Kolide 2.0.0 - 3 new actions added
Type Converter - 1.4.0 - new action added

01.10.2019

New Plugins

Rapid7 tCell - 1.0.0- Rapid7 tCell is a Next-Gen Cloud Web Application Firewall that enables web applications to defend themselves by combining in-app instrumentation and analytics in the cloud
Cortex v2 - 1.0.0- Cortex is an open source and free software for analyzing observables
String Operations - 1.0.0 - Provides common programmatic string operations

Updated Plugins

Microsoft SCCM - 1.1.13 - new actions added

Did this page help you?

Release Notes

InsightConnect release notes

Support

Contact the Rapid7 Support team