Most Popular Plugins
When you start to build a workflow, you may be overwhelmed with the amount of plugins to choose from and their available actions. Below, we've listed popular plugins and their common uses to help you successfully automate your workflows.
JIRA, ServiceNow, and PagerDuty
These ticketing system plugins are highly valuable for Security Operations team. They track current tasks, hold specific task information, track metrics around tickets, and allow your security team to work alongside IT and help desks. These InsightConnect plugins automatically create and update tickets with information gathered directly from your tech stack, assign specific team members depending on the result of the alert content, move or monitor ticket status, and other options.
Gmail & Microsoft Exchange
These are popular email plugins which ingest various email alerts from other vendors and deliver them to the platform. Use these plugins to monitor your inbox, take action against phishing emails, and many other email based options.
Other Email Plugins
IMAP
For email providers that do not have direct plugins currently supported by InsightConnect, you can use the IMAP (Internet Message Access Protocol) as a generic way to connect to an email mailbox. You can use the IMAP plugin to monitor any given inbox for the arrive of a new message, take action against phishing emails, and many other email-based triggers. Check with your email provider to make sure that the IMAP protocol is enabled.
SMTP
This supports sending emails regardless of the email provider your account is associated with. Use this plugin to send a customized email alert with information collected from your InsightConnect workflow(s).
Integrations
Nexpose Enterprise
If you own Nexpose Enterprise, use this to integrate your two products. Run network scans for vulnerabilities and retrieve data from those vulnerabilities; parse information into a ticketing system to track the progress of patching found vulnerabilities, or directly integrate with patch management systems, along with various other actions.
REST
Use this to integrate with RESTful services. This will connect InsightConnect to any platforms that support a HTTP(s) REST interface.
User Security Control
Duo_Admin
Use this to access or change user information within Duo. This plugin works well with the InsightConnect provisioning/deprovisioning workflow when needed to control user access to any resource that requires two-factor authentication.
Duo_Auth
Use this to automatically authorize a request through the Duo application. Convenient for larger security teams in need of a more efficient access requests, this can temporarily disable a user account, reimage a machine, push a patch to a critical asset group, or various other actions.
Security Team Efficiency
ExtractIt
A commonly used utility plugin that is included with your InsightConnect instance. This provides the capability to parse sensitive information such as URLs, IP addresses, hashes, file paths, etc. This plugin eliminates the need to write regex to match these patterns and parse out the given data.
Base64
This is an encryption schema that regularly protects the integrity of your data. This plugin provides the capability to encrypt and decrypt data using this schema.
Dig
Use this plugin to perform DNS queries.
Data Enrichment and Ingestion
VirusTotal
This plugin can enrich data source by verifying if a found indicator is malicious, and if so, why. It is a popular threat intel source.
VirusTotal Free vs Private API
If you’re using the VirusTotal plugin, make sure your API key usage complies with VirusTotal’s Terms of Service. The VirusTotal API can only be used for commercial products or services if you use a paid version of VirusTotal, which grants you VirusTotal Private API features and usage.
VirusTotal rate-limits your use of the free API with our plugin. Using the free API for commercial use risks VirusTotal permanently banning your VirusTotal account or organization from their tools.
Despite this condition, InsightConnect’s VirusTotal plugin supports both the public and private API. Unless you are testing VirusTotal’s capabilities, we recommend using the private API and a paid VirusTotal account to avoid rate-limits impacting your InsightConnect workflows.
ElasticSearch
This is an open source resource that uses log information and gathers reports, graphs, etc. Use this as a main source to ingest information.
Splunk
Connects InsightConnect to the Splunk Log Management and SIEM product. You can use this plugin to configure alerts that InsightConnect can ingest as triggers. For example, if malware is detected on your network, use a Splunk alert to trigger a workflow, enrich the context of the alert, update the firewall rules, and the perform other remediation actions. You can also use the Splunk plugin to index and search data within Splunk as actions within your workflows.
WhoIs
Whois is an enrichment source that can look up information about an IP address or Domain. One piece of valuable functionality is the ability to perform geolocation on IP addresses and domains. Use this plugin to confirm a suspicious location login; for example, if you are location in the United States but your employee shows a login from China.
Other Helpful Plugins
Python Script
This is a helpful resource that allows you to write your own custom scripts to include within a process and achieve exactly what you want.
Timers
The timer plugin allows you to schedule the execution of a workflow by the hour, day, or week. You can also use the timer to assist with delaying steps, which can be useful in situations such as controlling the execution of other APIs.